SIA “Centrus Real Land” Privacy Policy

This document provides information about the processing of personal data in our company and what data the company may process (hereinafter – the Privacy Policy). If you require more detailed information or have any questions after reviewing this Privacy Policy, please contact us.

1. Identity and contact details of the data controller

Controller name: SIA “Centrus Real Land”, single registration No. 40103794373

Registered address of the Controller: Blaumaņa iela 20, Rīga, LV-1011

Telephone for data processing matters: +371 29176201

E-mail for data processing matters: [email protected]

Controller’s website: www.centrus.lv

When processing personal data, the Controller complies with the laws and regulations in force in the Republic of Latvia, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter – GDPR), the Personal Data Processing Law, as well as other legal acts in the field of privacy and personal data processing.

2. Types of personal data we collect, how we obtain your personal data, and why we have it

We process your personal data for one or more of the purposes set out below:

2.1. Preparation, conclusion, and performance of an employment contract

2.1.1. Purpose/objective of this data processing is the preparation and conclusion of an employment contract, including a power of attorney agreement, and the data processing is necessary to commence employment, as well as for payroll, tax, and social security accounting throughout the performance of the employment contract.

2.1.2. Categories of data processed.
Within this processing we will process the following personal data about you: personal identifiers (name, surname, personal identity number, date of birth); contact details (residential address, telephone number, e-mail address); bank account number (for salary transfers); information on dependants (if the employee provides it for tax relief purposes).

During the employment relationship, on the basis of voluntarily provided consent, an employee may also provide the Controller with other personal data for one or more specific purposes, for example for health insurance purposes and/or other purposes, where personal data are processed only on the basis of the employee’s prior consent.

2.1.3. Legal bases under the GDPR on which we will process your personal data:

• Contractual necessity. GDPR Article 6(1)(b).

• Data subject’s consent. GDPR Article 6(1)(a).

• Legal obligation. GDPR Article 6(1)(c); the Labour Law, the Law “On Personal Income Tax”, and requirements of other special laws.

2.1.4. Source of data. Information provided by the data subjects.

2.1.5. Recipients or categories of recipients of the data: State Revenue Service; processors engaged by the Controller, e.g., accounting and legal service providers and other processors engaged by the Controller; as well as other recipients provided for in special laws.

2.1.6. Personal data are not transferred outside the European Union or the EEA.

2.1.7. Retention period. Accounting documentation – in accordance with the requirements of the Law “On Accounting”, the requirements of the Archives Law and other legal acts, or the following criteria are used to determine the retention period of personal data: for as long as, in accordance with external laws and regulations, the data subject or the Controller may exercise their legitimate interests (for example, handling claims, protection of rights, dispute resolution, bringing actions in court, or observing limitation periods, etc.); for as long as the Controller has a legal obligation to retain the data. Once the criteria specified in this section no longer apply, your personal data are deleted or destroyed, or transferred to the state archive for storage in accordance with legal requirements.

2.2. Employees’ contact information

2.2.1. Purpose/objective of this processing is contact information of employees, including members of the Management Board of the Controller, for external communication (employees’ communication with clients/client representatives by e-mail, by telephone), and the data processing is necessary to ensure the economic activity of the company and convenient communication with existing or potential clients and cooperation partners.

2.2.2. Categories of data processed. Within this processing we will process the following personal data: employee identifiers (name, surname) and contact information (telephone number, e-mail address), position.

2.2.3. Legal basis under the GDPR on which we will process your data:

• Legitimate interests. GDPR Article 6(1)(f).

2.2.4. Source of data. Information in the Controller’s possession obtained from you as the data subject.

2.2.5. Recipients or categories of recipients of the data: clients, cooperation partners, processors engaged by the Controller (e.g., accounting and legal service providers and other processors engaged by the Controller), website visitors at www.centrus.lv, or other recipients provided for in special laws.

2.2.6. Personal data are not transferred outside the European Union or the EEA.

2.2.7. Retention period. We will store your personal data for the entire duration of the employment relationship unless the Labour Law and other legal acts stipulate a longer retention period for such data, or the following criteria are used to determine the retention period of personal data: for as long as, in accordance with external laws and regulations, the data subject or the Controller may exercise their legitimate interests (for example, handling claims, protection of rights, dispute resolution, bringing actions in court, or observing limitation periods, etc.); for as long as the Controller has a legal obligation to retain the data. Once the criteria specified in this section no longer apply, your personal data are deleted or destroyed, or transferred to the state archive for storage in accordance with legal requirements.

2.3. Processing of data provided by clients and cooperation partners

2.3.1. Purpose/objective of this processing is the contact information provided by the Controller’s natural and legal person clients (potential buyers, tenants, lessees), cooperation partners, or their representatives about themselves, their representatives, and employees, for example, information about contact persons in a service or cooperation agreement, information about authorised persons, etc. This processing is necessary for the conclusion of contracts and the provision of the company’s economic activity.

2.3.2. Categories of data processed. Within this processing we will process all personal data submitted to us, for example, the data subject’s identifiers (name, surname, personal identity number), contact information (telephone number, e-mail), position held, settlement information (bank account number), and other information submitted to us.

2.3.3. Legal bases under the GDPR on which we will process your data:

• Performance of a contract and necessity to conclude a contract. GDPR Article 6(1)(b). Data processing is necessary to perform a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract (preparation, conclusion, and performance of a reservation, preliminary agreement, purchase, lease, or tenancy agreement).

• Compliance with a legal obligation. GDPR Article 6(1)(c) – the necessity of data processing to comply with legal obligations applicable to the Controller (for example, accounting, calculation and payment of taxes in accordance with the Law “On Personal Income Tax” and requirements of other special laws).

• Data subject’s consent. GDPR Article 6(1)(a). Where data are processed that are not mandatory for performance of a contract or compliance with legal acts, e.g., the data subject’s consent to receive marketing materials or offers.

• In certain cases, we also have legitimate interests to process your data to ensure our economic activity and protect our lawful interests, for example, in cases of delayed payments, protection of rights, or protection of our or clients’ property. GDPR Article 6(1)(f).

2.3.4. Source of data. We have obtained your personal data from you as our client or cooperation partner.

2.3.5. Recipients or categories of recipients of the data: State Revenue Service; processors engaged by the Controller, such as accounting and legal service providers, real estate sales agents, and other processors engaged by the Controller; or other recipients provided for in special laws.

2.3.6. Personal data are not transferred outside the European Union or the EEA.

2.3.7. Retention period. We will store your personal data for the following period: in accordance with the 10-year limitation period set by the Civil Law, or the following criteria are used to determine the retention period of personal data: for as long as, in accordance with external laws and regulations, the data subject or the Controller may exercise their legitimate interests (for example, handling claims, protection of rights, dispute resolution, bringing actions in court, or observing limitation periods, etc.); for as long as the Controller has a legal obligation to retain the data. Once the criteria specified in this section no longer apply, your personal data are deleted or destroyed, or transferred to the state archive for storage in accordance with legal requirements.

If the sole legal basis for processing your personal data was consent, then after the withdrawal of consent your personal data processing will be terminated without undue delay, unless there are other legal bases for their further processing and storage.

3. Your rights regarding personal data protection

• Right of access — When exercising your right of access, you must indicate the specific period and the data you wish to obtain from us. You have the right to request information about which of your data we hold, why we process them, how we obtained them and to whom we have disclosed them, how long they will be stored, and to receive a copy of your data. The request can be fulfilled faster if the time period is as short as possible and your request for information about your data is formulated as precisely as possible. It will help us to respond if we know the purpose for which you wish to access the data.

• Right to rectification — If you need to specify or correct your personal data that we hold, you must clearly indicate which data need to be corrected and what the current information is. If the data were not obtained from you, please attach justification as to why the information to be corrected should be considered inaccurate, to facilitate a faster and more appropriate accuracy assessment.

• Right to erasure — To enable us to erase your data, you must specify exactly which personal data need to be deleted and attach justification for this request. Please note that in all cases it may not be possible to delete data.

• Right to restriction of processing — If you are not sure whether we are processing the data appropriately, you may ask us to restrict the processing of specific data. A request for restriction of processing must indicate why, in your view, this processing should be restricted.

• Right to object to processing — In certain cases you may have the right to object to processing on grounds relating to your particular situation. In such a request, it is important to refer to your individual circumstances which are the reason for your objection.

If you wish to submit a request to exercise your rights, please contact us in writing by e-mail: [email protected], sending your request signed with a qualified electronic signature that includes a timestamp, or in writing to the registered address: Blaumaņa iela 20, Rīga, LV-1011.

We will review your request without undue delay and provide a response on the fulfilment or non-fulfilment of the request no later than one month from the date of its receipt. If fulfilling the request takes longer, we have the right to extend its fulfilment by two months, but in any case you will be informed of this within one month.

We have the right not to fulfil your request if:

• it is not formulated clearly;

• we are unable to identify you;

• we have already responded to such a request;

• the scope of the requested information is disproportionate;

• the request is unfounded (not related to our company; no explanation is provided as to why the request should be fulfilled);

• laws and regulations stipulate that we are not entitled to provide such information to you or that we have an obligation to retain certain data about you.

4. Submitting complaints

If you have any questions or uncertainties about how we process your personal data, please contact us by telephone +371 29176201 or by e-mail: [email protected]. If you still wish to submit a written complaint to us, you may send it by post to the Controller’s registered address: SIA “Centrus Real Land”, Blaumaņa iela 20, Rīga, LV-1011, or send it signed with a qualified electronic signature including a timestamp to the e-mail address: [email protected].

If, after contacting us, you still believe that we have processed your data improperly, you have the right to submit a complaint to the data protection supervisory authority regarding our data processing:

Data State Inspectorate (Datu valsts inspekcija)
Elijas iela 17, Rīga, LV-1050
[email protected]
https://www.dvi.gov.lv
+371 67223131

This Privacy Policy is prepared in Latvian with a translation into English. The Controller is entitled to amend the Privacy Policy by publishing the current version of the Privacy Policy on the website: www.centrus.lv.

Privacy Policy version as of 11 August 2025.