Personal Data Processing
Personal Data Processing
Personal Data Processing Security Regulations for Participation in the Technology Conference
“Deep Tech Atelier”
I. General Provisions
The Regulations prescribe the procedure by which the Investment and Development Agency of Latvia (hereinafter – LIAA) ensures the processing, security, and protection of data of moderators, experts, mentors, and Participants (hereinafter all together – Participants) of the technology conference “Deep Tech Atelier”, (hereinafter referred to as the Event). To ensure the conduct of the Event, LIAA may engage a Processor who processes personal data on behalf of LIAA in accordance with these regulations.
The terms used in the Regulations:
1.1. Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.2. Processor – a natural or legal person which processes personal data on behalf of LIAA in accordance with these Regulations. Within the event LIAA processor is Brella, Ltd. (reg. No. FI27650767) – providing the registration site and event platform for the Participants https://next.brella.io/join/deeptechatelier2023/tickets;
1.3. Participant – the person who has registered for participation in the Event, filling in the Application form;
1.4. Controller – Investment and Development Agency of Latvia;
1.5. Personal data – the Participant’s name, surname, telephone number, e-mail address, other information provided in the registration form (education, specialisation), as well as photo and video recording material that allows identification of a Person;
1.6. Third party – a natural or legal person, public person, agency, or body that is not a data subject.
The purpose of these Regulations is to provide the Participant with complete information on the purposes and legal basis of the processing of their personal data.
II. Purpose of Personal Data Processing
Personal data is collected and further processed to ensure LIAA the fulfilment of the task referred to in Clause 4.5 of Cabinet Regulation No. 857 of 11 December 2012 “Regulations of the Investment and Development Agency of Latvia,” as well as to ensure the Participant’s participation in the Event.
The purpose of processing personal data is to:
2.1. Ensure participation in the Event (name, surname, e-mail address, telephone);
2.2. ensure the exchange of organisational and operational information of the Event (name, surname, e-mail, telephone);
2.3. for creating and improving the content of the Event (confirmation of the Participant’s urge to get involved in the masterclasses organised within the Event (Ignition Event), the Participant’s: specialisation, occupation, education; communication languages, opinion about the Event; the Participant’s inquiries about the process of the Event etc);
2.4. provide the publicity of the Event, promotion and informing the public (the Participant’s Linkedin or other social network profile name, , the information sources the Participant used regarding the Event, photographic and video recording during the Event etc.).
III. Registration of Personal Data at the Event
The Participant registers for the Event on the application registration site provided by LIAA, https://next.brella.io/join/deeptechatelier2023/tickets, where the Participant enters the personal data and is introduced to the regulation; the Participant shall not enter data of other persons unless it has been directly provided for in this regulation.
Upon registering for the event the Participant shall provide the following personal data: name, surname, e-mail address, the Participant’s: specialisation, occupation, education; communication languages, opinion about the Event; the Participant’s inquiries about the process of the Event, link to the Participant’ssocial network profile if required, the information sources the Participant used regarding the Event.
IV. Time Limits for the Collection, Storage, and Deletion of Personal Data
4.1. The collection of personal data is carried out by the registration deadline of the Event.
4.2. Personal data shall only be stored and processed to the extent and for the time period necessary for the fulfilment of the purposes specified in these Regulations:
4.2.1. the personal data indicated in clause III. of this Regulation – until 31 December 2033;
4.2.2. video – until the end of the live video broadcast, if such is provided during the Event;
4.2.3. photo and video capture materials (photographs and fragments of video) for justifying the funds used for the event creation. – until 31 December 2033 (creating an archive of the Controller’s events or informing the public about the course of the Event);
4.3. Name, surname, e-mail address of the Participant – individually, to provide information to the Participant about other events organised by LIAA.
4.4. Upon individual request the Controller may transfer the Participant’s personal data (name, surname) to the Central Finance and Contracting Agency for supervisory purposes.
V. Participant’s Statement for Personal Data Processing
5.1. The Participants submitting the personal data confirm they have read the security Regulations for the processing of personal data, and also agreed to the processing of their personal data, observing the scope, purpose, and term specified in these Regulations.
5.2. Without providing the personal data upon the registration form, LIAA cannot provide the Participant’s participation in the Event.
5.3. If the Participant withdraws their consent to the processing of personal data, the Controller and the Processor shall delete all submitted personal data, except for in cases where it is not possible to delete personal data for technical reasons or it requires a disproportionate effort (e.g., in the case of already printed materials, published photographs or audiovisual material).
VI. Audio and Audiovisual Recording
6.1. The Participant, confirming that they have read the Regulations of personal data processing, confirms that the Participant is informed that they may be photographed and filmed during the Event.
6.2. The Controller is entitled to use the material created as a result of the photographic records in whole or in part for providing any kind of information about the course of the Event. The Participant is informed that the Controller will exercise these rights freely at its own discretion, including the right to transfer these rights to third parties. The Participant has the right to request information from the Controller about third parties to whom the right to use the material created as a result of video and photo recording has been transferred.
6.3. The Participant may only object to the actions set out in this section and request that they be stopped if the person in the particular video or photograph is directly identifiable and it is technically possible for the Controller to delete and/or not to use the particular photograph.
VII. Rights of the Participant
Rights of the Participant:
7.1. to request the Controller to provide information about a person at any time as defined in the General Data Protection Regulation Article 5.3;
7.2. to access the relevant data and receive the information specified in Article 6.2. of the General Data Protection Regulation by contacting the LIAA;
7.3. to request the Controller to rectify, erase, or restrict the processing of their personal data, or the right to object to such processing in accordance with Articles 6.3., 8.1. and 9.2. of the General Data Protection Regulation.
7.4. In case of claims against data processing, Participant shall have the right to lodge a complaint with the Data state inspection. Address: Elijas street 17, Riga, Latvija, LV-1050, e-mail: firstname.lastname@example.org.
VIII. Duties of the LIAA When Processing Personal Data
8.1. Within the framework of personal data processing, the LIAA provides:
8.1.1. information to the Participant in accordance with Article 13 of the General Data Protection Regulation;
8.1.2. carrying out technical and organisational measures for the security and protection of personal data;
8.1.3. upon the receipt of an appropriate request from the Participant, to rectify or delete the personal data provided by the Participant.
8.2. The Controller undertakes to notify the Participant without delay of a personal data breach, in the case if a personal data breach could pose a high risk to the rights and freedoms of a natural person.
IX. Communication and Procedures for Exercising the Participant’s Rights
9.1. The Participant can exercise their rights, including the right to object or ask questions to the Controller by contacting via e-mail: email@example.com.
9.2. If the personal data information provided by the person changes, the person is entitled to request to rectify (correct) their personal data by contacting us, writing to the e-mail: firstname.lastname@example.org.
X. The Processor that Processes Personal Data on Behalf of the LIAA
10.1. The Processor shall process the personal data of the Participant in accordance with the purpose of the processing specified in these Regulations, and:
10.1.1. will not collect, use, and disclose personal data of the Participant, unless the regulatory enactments provide for this, or it is necessary for the protection of rights and interests provided for in the regulatory enactments;
10.1.2. shall ensure the corresponding technical and organisational measures when performing data processing, in order to provide data protection;
10.1.3. shall ensure that the persons who are authorised to process data have undertaken to comply with confidentiality requirements;
10.1.4. shall ensure the inaccessibility of data to third persons and will immediately inform the Controller about cases where unauthorised or third parties had access to personal data;
10.1.5. shall ensure that any natural person who acts on behalf of the Processor and has access to personal data does not process the data without the instructions of the Processor.
10.2. In the course of the administrative organisation of the Event, the Processor may, if necessary, involve other Processors (design of application registration forms, manufacturers of identification cards, photographers, etc.) by concluding agreements with them, which will include a provision on compliance with these Regulations.
10.3. If the Processor engages other processors who process personal data in the administrative organisation of the event, the Processor may transfer the following amount of personal data to them: name, surname. The Processor shall give the Controller access to the personal data transferred to another processor.
10.4. If another processor is involved, the Processor will ensure that this other processor is required to comply with these Regulations.
XI. Processing Security Requirements
11.1. Taking into account the state of the art, the cost of implementation, and the nature, scale, context, and purposes of the processing, as well as risks of different probability and severity to the Participant’s rights and freedoms, the Controller and Processor shall take appropriate technical and organisational measures to ensure an appropriate level of security.
11.2. The Controller and the Processor shall implement the mandatory technical protection of personal data by physical and logical means of protection, ensuring:
11.2.1. protection against a threat to personal data by physical action;
11.2..2. protection implemented by means of software, passwords, encoding, encryption, and other logical means of protection.
11.3. When processing personal data, the Controller and the Processor shall ensure:
11.3.1. access of authorised persons to the technical resources that are used for personal data processing and protection (including to personal data);
11.3.2. that media containing personal data are processed by persons authorised for this;
11.3.3. that the resources used in the processing of personal data are transferred by duly authorised persons.
 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) is available at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN