“Latvian FinTech Forum 2022” Personal data processing security regulations
- General provisions
- These personal data processing security regulations (hereinafter – the Regulations) determine the procedure by which Controllers: Investment and Development Agency of Latvia (hereinafter – LIAA); and the Financial and Capital Market Commission (hereinafter – FCMC); ensures data processing, safety and protection of the “Latvian FinTech Forum 2022” programme, which will take place on 13 September 2022 at 2 Skolas Street, Riga, in the premises of “Digital Art House”, (hereinafter – the Event), participants and visitors. In order for LIAA and FCMC to ensure the course of the event, LIAA and FCMC have attracted Processors.
- Regulations are drawn up in Latvian and English. In the case of contradictions or ambiguities, the version of the Regulations in Latvian shall prevail.
- The terms used in the Regulations:
- Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Processor – a natural or legal person which processes personal data on behalf of LIAA and FCMC in accordance with these Regulations. As part of the event, LIAA Processors are:
- 5.2.1.SIA “Digital Holding” (Reg. No. 50103531861), which processes personal data for the registration of Participants, organisation and management of the Event;
- 5.2.2.SIA “Digital Art House” (Reg. No. 40203089974), which ensures the storage and transmission of self-promotional video materials sent by the Participants at the Event venue;
- 5.2.3.SIA “F/64 Photo Agency” (Reg. No. 40003892184), which will process the images of the Participants (i.e., take photos at the venue);
- 5.2.4.SIA “Filmu darbnīca” (Reg. No. 40103560515), which will process personal data, filming and interviewing the Participants.
- Personal data – the Participant’s name, surname, telephone number, e-mail address, other information provided in the registration form (education, specialisation etc.), as well as photo and video recording material through the use of which the Person can be identified;
- Participant – the person who has registered for participation in the Event, filling in the Application form;
- Visitor – a natural person who attends the Event;
- Third party – a natural or legal person, public person, agency, or body that is not a data subject.
- The purpose of these Regulations is to provide the Participant with complete information on the purposes and legal basis of the processing of their personal data.
II. Purpose of processing personal data
- The purpose of processing personal data is to:
- Register the Participant’s participation and ensure participation in the event (processed personal data: name, surname, e-mail address, name of the represented legal entity, represented country);
- Ensure the exchange of organisational and operational information of the Event for the Participants (processed personal data: name, surname, e-mail);
- Storage and broadcast of the Participant’s self-promotion in the venue of the Event (processed personal data: name, surname, picture, voice recording, name of the represented legal entity, other personal data included in the self-promotional material);
- Ensure publicity, promotion and public information of the Event, photo recording and filming during the Event, as well as before the Event for the purposes of advertising the Event (processed personal data: name, surname, image, voice recording, name of the represented legal entity);
- Provision of information to other Participants by presenting a QR code, thereby providing Participants with the opportunity to contact and facilitating the exchange of contact information (i.e., for the purposes of establishing contacts (networking)), if the Participant has chosen to use such an option, (processed personal data: name, surname, position held, e-mail address, phone number, name of the represented legal entity, LinkedIn profile link).
III. Personal data for registration at the Event
- For the event, the Participant registers on the application registration website provided by LIAA (https://www.fintechforum2022.com) (hereinafter – the “Website”), in which the Participant enters his/her personal data, confirming familiarisation with the Regulations. It is prohibited for the Participant to enter personal data of other persons, unless expressly provided for in these Regulations.
- When registering for the Event, the Participant provides the following personal data: [specify: name, surname, e-mail address, name of the represented legal entity, country.]
- Upon arrival at the event, the Participant will be identified by the first and last name. An entry card will be issued to the Participant.
- LIAA and/or FCMC reserves the right to restrict or deny access to the Event to any person.
IV. Time limits for the collection, storage, and deletion of personal data
- Within the framework of https://www.fintechforum2022.com the collection and further processing of personal data is carried out from the moment of registration of the Participants until the end of the Event.
- Personal data shall only be stored and processed to the extent and for the time period necessary for the fulfilment of the purposes specified in these Regulations:
- 13.1.the personal data indicated in Paragraph 7.1 of these Regulations – until 31 December 2033;
- 13.2.the personal data indicated in Paragraph 7.2, 7.3 and 7.5 of these Regulations – 30 days after the Event;
- 13.3.photo recording and video recording materials (Paragraph 7.4) – permanently (LIAA and FCMC for each separately to ensure the archiving of events);
- 13.4.Name, surname, e-mail address of the Participant – LIAA stores individually, to provide information to the Participant about other events organised by LIAA;
- 13.5.Name surname, e-mail address of the Participant: FCMC stores for 12 months after the Event, in order to provide information to the Participant about other events organised by FCMC.
- Upon individual request LIAA may transfer the Participant’s personal data (name, surname) to the Central Finance and Contracting Agency for supervisory purposes.
V. Consent of the Participant for the processing of personal data
- The Participant submitting the personal data confirms they have read the security Regulations, and also agreed to the processing of their personal data, observing the scope, purpose, and term specified in the Regulations.
- Without processing the personal data of the Participant, LIAA and FCMC cannot provide the Participant’s participation in the Event.
- If the Participant withdraws their consent to the processing of personal data, then all submitted personal data of the Participant shall be deleted, except for in cases where it is not possible to delete personal data for technical reasons or it requires a disproportionate effort (e.g., in the case of already printed materials, published photographs or audiovisual material).
VI. Photographic and video recording
- By registering for the Event, the Participant agrees that the Participant may be photographed and filmed during the Event.
- LIAA and FCMC are each separately entitled to use the material created as a result of the photographic and video records in whole or in part for providing any kind of information about the course of the Event. The Participant is informed that LIAA and FCMC will each separately exercise these rights freely at their own discretion, including the right to transfer these rights to third parties. The Participant has the right to request information from LIAA and FCMC about third parties to whom the right to use the material created as a result of photo and video recording has been transferred.
- The Participant may only object to the actions set out in this section and request that they be stopped if the Participant in the particular video or photograph is directly identifiable and it is technically possible for LIAA and FCMC to delete the specific Participant and/or not to use the particular photograph or video recording.
VII. Rights of the Participant
- Rights of the Participant:
- 21.1.Request information from LIAA and FCMC at any time regarding the Participant, as defined in Article 13 of the Regulation;
- 21.2.Access the relevant data and receive the information specified in Article 15 of the Regulation by contacting LIAA and/or FCMC;
- 21.3.Request LIAA and/or FCMC to rectify, erase, or restrict the processing of personal data of the Participant, or the right to object to such processing in accordance with Articles 17 and 21 of the Regulation.
VIII. Duties of the Controller when processing personal data
- Within the framework of personal data processing, LIAA and FCMC provides:
- 22.1.information to the Participant in accordance with Article 13 of the Regulation;
- 22.2.carrying out of technical and organisational measures for the security and protection of personal data;
- 22.3.upon the receipt of an appropriate request from the Participant, rectification or deletion of the personal data provided by the Participant.
- LIAA and FCMC undertakes to notify the Participant without delay of a personal data breach, in the case if a personal data breach could pose a high risk to the rights and freedoms of a natural person.
- LIAA and FCMC may respect the data subject’s rights to the extent that it is technically possible. Controllers, for example LIAA, cannot correct or delete personal data that has been made public and whose correction or deletion LIAA cannot technically provide.
- LIAA and FCMC have the right to correct these Regulations at any time.
IX. Communication and procedures for exercising the Participant’s rights
- Participant subject can exercise his/her rights, including the right to object or ask LIAA/FCMC questions, by writing to LIAA, Pērses iela 2, Riga, LV-1442 or e-mail: [email protected]. By writing to FCMC, Kungu iela 1, Riga, LV-1050 or e-mail: [email protected].
- If the personal data information provided by the Participant changes, the Participant has the right to request the altering (correction) of his/her personal data by contacting LIAA.
X. Duties and responsibilities of the Processor
- In the course of the administrative organisation of the Event, LIAA may, if necessary, involve other processors (manufacturers of identification cards, website maintainers, photographers, videographers etc.) by concluding agreements with them, which will include a provision on compliance with these Regulations.
- LIAA and FCMC shall process the personal data of the Participant in accordance with the goals specified in these Regulations, and:
- 29.1.Will not collect, use, and disclose personal data of the Participant, unless the regulatory enactments provide for this or it is necessary for the protection of rights and interests provided for in the regulatory enactments;
- 29.2.When performing data processing, implement the corresponding technical and organisational measures, in order to provide data protection;
- 29.3.It shall ensure that the persons who are authorised to process data have undertaken to comply with the confidentiality requirements;
- 29.4.Shall ensure the inaccessibility of data to third persons and will immediately provide information about cases where unauthorised or third parties had access to personal data;
- 29.5.Shall ensure that any natural person who acts on behalf of the Processor and has access to personal data does not process the data without the instructions of the Processor.
- If LIAA and/or FCMC involve other processors in the organisation of the Event, which process personal data, then LIAA and FCMC may transfer them such personal data that LIAA and/or FCMC has obtained and processed as part of the Event in accordance with the Rules. The Processor shall give LIAA and FCMC access to the personal data transferred to another processor.
- In the course of the organisation of the Event, the Processor may, if necessary, involve other Processors (design of application registration forms, manufacturers of identification cards, photographers, etc.) by concluding agreements with them, which will include a provision on compliance with these Regulations.
- If another processor is involved, LIAA and FCMC will ensure that this other processor is required to comply with these Regulations.
XI. Processing security requirements
- Taking into account the state of the art, the cost of implementation, and the nature, scale, context, and purposes of the processing, as well as risks of different probability and severity to the Participant’s rights and freedoms, the Controller and Processor shall take appropriate technical and organisational measures to ensure an appropriate level of security.
- The Controller and the Processor shall implement the mandatory technical protection of personal data by physical and logical means of protection, ensuring:
- 34.1.protection against a threat to personal data by physical action;
- 34.2.protection implemented by means of software, passwords, encoding, encryption, and other logical means of protection.
- When processing personal data, the Controller and the Processor shall ensure:
- 35.1.access of authorised persons to the technical resources that are used for personal data processing and protection (including to personal data);
- 35.2.that media containing personal data are processed by persons authorised for this;
- 35.3.that the resources used in the processing of personal data are transferred by duly authorised persons.