Privacy Policy

The purpose of this Privacy Policy is to provide information to a natural person (data subject) about the purpose, scope, and protection of personal data processing carried out by Enerz, processing the personal data of the data subject.

This Privacy Policy regarding personal data protection is based on the European Parliament and Council Regulation (EU) No. 2016/679 of April 27, 2016.

1. Information about the controller

Enerz provides customized solutions designed to reduce energy costs and CO2 emissions.

2. Contact information for inquiries regarding personal data protection

If you have any questions regarding this Privacy Policy or the processing of your personal data, you can contact us by phone at +371 27070062 or by email at info@enerz.lv.

3. General description of the personal data processing carried out by us

Personal data may be collected from the client, from the client’s use of services, and from external sources such as public and private registers or third parties. The categories of personal data that we mainly (but not exclusively) collect and process include:

• Identification and research data, such as name, surname, personal code.
• Contact information, such as email address, phone number.
• Communication data, collected when the client contacts us by phone, visual and/or audio recordings, emails, messages, and other means of communication such as social media, data obtained when the client visits our website or contacts us through other channels, device data used.

This Privacy Policy describes how we process the personal data of our clients, client representatives/contact persons, business partners, website visitors, and other individuals whose data may come into our possession within the scope of our commercial activities.

We assume that before using our website or becoming our client, you have read this Privacy Policy and accepted its terms. We reserve the right to amend and update this Privacy Policy as necessary.

The goal of this Privacy Policy is to provide you with a general overview of the personal data processing activities and purposes we carry out. However, please note that additional information regarding the processing of your personal data may be provided in other documents (e.g., service contracts, cooperation agreements).

Please be informed that the personal data processing provisions in this Privacy Policy apply only to the processing of personal data of natural persons.

We acknowledge that personal data is your property and value, and we will process it in accordance with confidentiality requirements and ensure the security of your personal data in our possession.

4. For what purposes do we process your personal data and what is the legal basis for processing?

We will process your personal data only for predefined legitimate purposes, including:

4.1. To initiate and provide services, as well as to fulfill and ensure obligations under the contract.

For this purpose, we need to identify you, ensure the correct calculation of payments based on the reports you provide, facilitate the payment process, communicate with you regarding service provision and/or contract execution, and in certain cases, also ensure the collection of unpaid payments.

For this purpose and the sub-purposes mentioned, we may need at least the following personal data: the client’s name, surname, personal code, address (postal address), bank account number, phone number, and email address.

The main legal grounds for achieving this purpose are:

• a) The conclusion and performance of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation);
• b) Fulfillment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation);
• c) Legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation), for example, identifying you as a client and/or business partner contact person, ensuring communication with you.

4.2. To fulfill regulatory requirements for customer identification, research, and service provision, or other legal obligations.

For this purpose, we need to comply with the requirements of the “Natural Resources Tax” law, the “Accounting” law, the “Taxation and Duties” law, the “Archive Law,” and other legal requirements.

For this purpose, we may need to process the following personal data: the client’s, client representative’s, or contact person’s name, surname, personal code, address, phone number, and email address.

The main legal grounds for achieving this purpose are:

• a) Fulfillment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

4.3. To ensure marketing activities

For this purpose, we may send you commercial notifications, publish materials from our organized public events.

For this purpose, we may need at least the following personal data: the client’s, client, and/or business partner’s contact person’s name, surname, phone number, and email address.

The main legal grounds for achieving this purpose are:

• a) Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation);
• b) Conclusion and performance of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation);
• c) Legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation), for example, ensuring communication.

You have the right to opt out of receiving our marketing messages. You can do this by: (a) following the opt-out instructions in the respective marketing message; (b) contacting us by email: ilgonis.lagis@enerz.lv.

Please note that even if you opt out of marketing messages, you may still receive administrative messages, such as notifications about unsubmitted reports, unpaid invoices, information about the electronic reporting system, changes to the cooperation agreement, changes to regulations that govern the fulfillment of obligations under the cooperation agreement, information about the termination of the contract.

4.4. To ensure the legitimate interests of third parties

In case of legal necessity, we may need to disclose your information to supervisory authorities, such as the State Revenue Service, bailiffs, and other government institutions, exchange information within the company group, or exercise the rights granted by law to protect our legitimate interests.

For this purpose, we may need to process at least the following personal data: the client’s, client, and/or business partner’s contact person’s name, surname, personal code, address, phone number, and email address.

The main legal grounds for achieving this purpose are:

• a) Legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation), such as requests from government agencies for contractor data or debt collection.

4.5. To ensure the proper provision of services

For this purpose, we need to maintain and improve our technical systems and IT infrastructure, using technical and organizational solutions that may also involve your personal data (e.g., using cookies) to ensure the proper provision of services.

Third-party systems used to ensure proper service provision:

• Google Inc. tools, such as Google Analytics. More information about these tools and their privacy policy can be found on the following websites: Google Analytics Privacy and Google Analytics Terms.

The main legal grounds for achieving this purpose are:

• a) Legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation).

5. Who may have access to your personal data?

We take measures to process your personal data in accordance with applicable laws and ensure that third parties without the appropriate legal basis do not have access to your personal data.

Your personal data may be accessed by:

• Our employees or directly authorized persons who need it to perform their job duties.
• Personal data processors, according to the services they provide, and only to the necessary extent, such as auditors, financial management, and legal consultants, database developers/technical maintainers, other individuals involved in the provision of services by the controller.
• Government and municipal authorities in cases defined by law, such as law enforcement agencies, municipalities, tax authorities, sworn bailiffs.
• Third parties, carefully assessing whether there is an appropriate legal basis for such data transfer, such as debt collectors, courts, out-of-court dispute resolution bodies, bankruptcy or insolvency administrators, third parties maintaining registers (e.g., population register, debtor registers).

6. Which data processors do we choose for personal data processing?

We take measures to ensure the processing, protection, and transfer of your personal data to data processors in accordance with applicable laws. We carefully choose data processors and evaluate the necessity and scope of the data transfer. The transfer of data to processors is carried out following the confidentiality and secure processing requirements for personal data.

We cooperate with the following categories of personal data processors:

• Auditors, financial management, and legal consultants;
• IT infrastructure, database technical maintainer;
• Other individuals involved in the provision of our services.

Data processors may change from time to time. Any changes will be reflected in this document.

7. Do we transfer your personal data outside the European Union (EU) or the European Economic Area (EEA)?

We do not transfer data to countries outside the European Union or the European Economic Area.

8. How long do we keep your personal data?

Your personal data is stored for as long as necessary for the respective personal data processing purposes, and in accordance with applicable legal requirements (e.g., laws on accounting, statutes of limitations, civil law, etc.). In determining the duration of personal data retention, we take into account the applicable regulatory requirements, the aspects of fulfilling contractual obligations, your instructions (e.g., in the case of consent), and our legitimate interests. If your personal data is no longer required for the specified purposes, we will delete or destroy it.

Below, we indicate the most common retention periods for personal data:

• a) Personal data required for the performance of a contract: Until the conclusion of the contract or the termination of the contract, or for a longer period if required by other legal acts.
• b) Personal data related to accounting: For 10 years.
• c) Personal data regarding commercial communication (marketing): Until the withdrawal of consent.

9. What are your rights as a data subject regarding the processing of your personal data?

Personal Data Update

If there are changes to the personal data you have provided us, such as changes in your personal code, contact address, phone number, or email, we ask that you contact us and provide us with the updated information so that we can achieve the respective data processing purposes.

Your Right to Access and Correct Your Personal Data

In accordance with the General Data Protection Regulation (GDPR), you have the right to access your personal data held by us, request its correction, deletion, restriction of processing, object to its processing, as well as the right to data portability in cases and procedures set out in the GDPR. You also have the right to verify the compliance of data processing with the legal requirements, in cases where the data controller is legally prohibited from providing information to the data subject, and if the data subject has submitted a relevant request, the State Data Inspectorate (DVI) can be contacted (Article 29 of the GDPR). We respect your rights to access and control your personal data, and upon receiving your request, we will respond within the time limits set by the regulations (usually no later than one month unless there is a special request that requires more time to prepare a response). We will correct or delete your personal data if necessary.

You can obtain information about the personal data we hold about you or exercise other data subject rights in the following ways:

a) By submitting a request to our email address: info@enerz.lv, it is recommended to sign it with a secure electronic signature.

Upon receiving your request, we will assess its content and your identification possibilities. Depending on the situation, we may ask you to verify your identity to ensure the security of your data and ensure it is disclosed to the appropriate person.

Withdrawal of Consent

If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. After withdrawing your consent, we will no longer process your personal data for the relevant purpose. However, please note that the withdrawal of consent will not affect the legality of the processing that has taken place before the consent withdrawal, nor will it affect processing based on other legal grounds, such as the fulfillment of legal obligations, contractual necessity, legitimate interests, or other lawful bases for data processing provided for in applicable law.

10. Where can you submit a complaint related to personal data processing?

If you have any questions or concerns regarding the processing of your personal data, we encourage you to first contact us.

If you believe that we have not been able to resolve the issue and that we are violating your rights regarding personal data protection, you have the right to submit a complaint to the State Data Inspectorate. You can find sample applications and related information on the State Data Inspectorate’s website (www.dvi.gov.lv).

11. Why do you need to provide us with your personal data?

Primarily, we collect your information to fulfill contractual obligations, comply with our legal duties, and pursue our legitimate interests. In these cases, the collection of certain information is necessary to achieve the intended purpose, and failure to provide such information may jeopardize the initiation of a business relationship or contract execution. If the data is not strictly necessary but may help improve our services or offer you more favorable contractual terms or offers, we will indicate that providing the data is voluntary during the data collection process.

Additionally, we would like to inform you about the main legal requirements regarding personal data processing:

The Accounting Law requires that certain personal data be provided in business transaction documents (contracts) when the participant is a natural person: name, surname, personal code (if assigned), address provided by the person, or, if not provided, the address of the declared place of residence.

12. How do we obtain your personal data?

We may obtain your personal data in one of the following ways:

• During the process of entering into a contract, by obtaining data directly from you;
• If a contract is concluded with a third party who has listed you as a contact person;
• From you if you submit requests, emails, or call us;
• From our website www.enerz.lv using cookies;
• In certain cases, from third-party databases, for example, when verifying your right to represent a company (e.g., firms.lv).

13. Are your personal data used for automated decision-making?

We do not use your personal data for automated decision-making.