Privacy Policy

The purpose and data controller

The purpose of the Privacy Policy is to provide an individual – Data Subject, with information about the purpose, scope, protection, and processing period of personal data during data acquisition and processing by the Data Subject.

The data controller is the Institute of Food Safety, Animal Health and Environment “BIOR” (hereinafter referred to as “BIOR”), registration No.: 90009235333, legal address: Lejupes iela 3, Riga, LV-1076.

Contact information for BIOR related to personal data processing inquiries is: datuaizsardziba@bior.lv or bior@bior.lv.

Purpose of personal data processing

The necessity to collect and process personal data by BIOR arises from conducting scientific activities, fulfilling state administrative tasks as prescribed by regulatory acts, fulfilling client orders, and ensuring BIOR’s economic operations, including:

• Sample acceptance, testing;
• Organizing aquaculture consultations;
• Gathering fishing statistics data, fisheries resource research, collecting fishing, biological, and economic information data;
• Accounting records;
• Inventory records;
• Organizing seminars and other activities;
• Other purposes of personal data processing when a person uses or has expressed a desire to use BIOR services or is otherwise associated with services provided by BIOR.

Categories of personal data

BIOR processes categories of personal data listed in the BIOR Data Processing Register (DC-RI-P-37).

The BIOR Data Processing Register contains information about Data Subjects, categories, purposes of processing, legal basis for processing, sources of personal data, recipients of personal data, and storage periods.

Personal data are collected from both the Data Subject and external sources. Categories of personal data that BIOR primarily, but not exclusively, collects and processes include:

• Identification data, such as name, surname, personal code, date of birth, age, client number;
• Contact information, such as address, phone number, email address;
• Professional data, such as education, position, workplace;
• Special categories of personal data, such as diagnosis code, medical history number, hospitalization date, testing sample;
• Data related to the testing of submitted samples, such as name and description, sample collection location, measurable indicator, method used, laboratory test results;
• Data obtained and/or generated in fulfilling regulatory tasks;
• Payment and financial data, such as bank account number, contract amounts;
• Data obtained through video surveillance, describing external appearance, clothing, gait, movement directions;
• Image of visitors to BIOR, participants in organized public events;
• Information system and website data, such as IP address, cookies (web browsing data), which are data about visiting the website www.bior.lv, such as date, time, and volume of internet browsing, location at the time of browsing;
• Other previously unmentioned personal data, depending on the type of service provided and the information provided by the Data Subject that BIOR processes.

Legal basis for personal data processing

BIOR processes personal data only when there is a legal basis to do so. The main legal bases for processing personal data include:

• Ensuring BIOR’s functions, fulfilling obligations laid down in regulatory acts. Under this legal basis, BIOR does not have discretion regarding specified duties;
• Execution of a contract or performance of an action at the request of the Data Subject before entering into a contract;
• The Data Subject has given consent for the processing of their personal data for one or more specific purposes;
• To protect the vital interests of the Data Subject or other natural persons, i.e., life and health.

Cookies

To improve the quality of content, user convenience, and adaptation to user needs on the website www.bior.lv, BIOR uses cookies, which are notified to the Data Subject upon the first visit to the BIOR website. By using the site, the Data Subject agrees to the use of cookies and confirms having read the Cookie Policy and explanations on the website’s purposes for using cookies. For more information on cookie use, please refer to the “Cookie Policy” section on the BIOR website.

Photography and filming at BIOR events

BIOR organizes various public events (seminars, lectures, etc.) during which photography and filming take place. Information about the events organized by BIOR can be found on the BIOR website and social networks. Photography and filming in public places may occur without special notice. By being present at the event venue, the Data Subject acknowledges being informed and has no objection to being included in audio-visual materials created about the event. Information about photography or filming at events is posted on event posters and at event locations.

If group or team photos are taken, BIOR may publish such photos without seeking the Data Subject’s consent, considering that the image does not specifically identify an individual but rather the entire group.

BIOR is entitled to publish images submitted by the Data Subject if they do not show any other individuals.

BIOR may provide photos or video recordings from BIOR-organized public events to third parties to reflect BIOR’s activities to a wider audience.

Video surveillance

To ensure and promote BIOR’s security, reduce public order and security risks, prevent and detect criminal offenses related to property protection and the vital interests of individuals, including life and health protection, BIOR conducts video surveillance on its premises and public spaces.

Warning signs are installed before video surveillance zones on BIOR premises or premises.

Access to video surveillance records is restricted to responsible BIOR personnel for specific personal data processing purposes or to verify the operation of the video surveillance system.

BIOR does not create backup copies of video recordings and does not disclose data to third parties except as required by regulatory acts. Video recordings are stored for no longer than the period prescribed by regulatory acts, i.e., video recordings made by BIOR are stored for no more than 21 days in chronological order, and recordings are automatically deleted.

Recipients of personal data

BIOR may disclose personal data to ensure the performance of concluded contracts, provided that the contracting party has confirmed compliance with data protection requirements under regulatory acts.

BIOR may disclose personal data to third parties only when necessary to fulfill obligations laid down in regulatory acts or when permitted by laws concerning the protection of personal data.

Personal data may be provided to sample clients, payers, or sample owners if they are not the same person, and the sample client has indicated all persons as recipients of the testing report.

Acquisition of personal data

BIOR may obtain data and information about personal data from other state information systems and institutions, such as fishing logs submitted by the State Environmental Service. BIOR cooperates only with institutions and organizations capable of guaranteeing compliance with regulatory requirements for the proper storage and protection of personal data.

Personal data may be obtained from sample clients if they are not the same person, and the sample client has indicated the Data Subject as the payer for the testing report or as the sample owner.

Transfer of personal data to third countries

Personal data are processed within the European Union and the European Economic Area (hereinafter referred to as EU/EEA).

Personal data may be transferred outside the EU/EEA only if BIOR has a legal basis for doing so. BIOR transfers information only if the receiving party can ensure an adequate level of protection for personal data and compliance with data processing requirements. Before this, BIOR will take all necessary steps to inform the Data Subject of the need to transmit such information.

Storage period

BIOR stores personal data only for as long as necessary to fulfill its functions, such as as long as the Data Subject uses BIOR services or until the Data Subject withdraws consent, if personal data were processed based on it. In specific cases, the storage period is determined by regulatory acts. The duration of data storage is determined by the purpose for which the data were collected.

Guarantees of personal data security

BIOR ensures, continuously reviews, and enhances protective measures to protect personal data from unauthorized access, accidental loss, disclosure, or destruction. To ensure this, BIOR employs modern technologies and adheres to technical and organizational requirements.

BIOR processes personal data lawfully, in good faith, and in a transparent manner towards the Data Subject.

BIOR collects personal data only for specific, clear, and legitimate purposes and does not further process them in a manner incompatible with those purposes.

BIOR employees processing personal data ensure confidentiality of such information. The obligation of confidentiality regarding personal data of individuals is valid indefinitely, including after termination of employment relationships.

Data Subject rights during the personal data processing period

According to data protection regulations, the Data Subject has the right to influence data processing by contacting BIOR’s data protection specialist via email: datuaizsardziba@bior.lv. The Data Subject has the right to:

• Obtain information about whether BIOR has processed any personal information of the Data Subject;
• Access processed personal information, obtain a free copy thereof (except in cases of multiple or excessive requests), and unless otherwise provided by applicable data protection legislation, including information about:
  • The purpose of data processing;
  • Relevant categories of personal data being processed;
  • Recipients or categories of recipients of personal data, especially those located outside the EU/EEA;
  • The intended period of data storage;
• Request data correction. The Data Subject has the right to correct data if they are inaccurate or incomplete. BIOR is obliged to respond within one month, or provide an explanation why BIOR may not be able to correct the data;
• Request data deletion (right to be forgotten). The Data Subject has the right to request deletion of personal data or cessation of its processing. BIOR may refuse to delete personal data if such processing is necessary for BIOR to fulfill regulatory obligations. In such cases, BIOR is obliged to provide an explanation why the data cannot be deleted;
• Request restriction of Data Subject’s data processing. In some cases, the Data Subject has the right to request restriction of data processing, for example, when the Data Subject disputes the accuracy of personal data or when the data processing is no longer necessary but is needed