Privacy Policy

This translation is for informational purposes only. See the official version of the document in Latvian.

 

1. 1. General information

LLC BioEx, unified registration number: 40203396165, legal address: Kalēju iela 51, Jūrmala, LV-2008, office address: Malduguņu iela 4, Mārupe, Mārupes Municipality, LV-2167, telephone: +371 2 969 463, email: bioex@bioex.lv (hereinafter referred to as BioEx), is a company maintaining and managing a biomass trading platform, ensuring the transparency of transactions and exchange of information among participants of the biomass market in Latvia. 

The aim of this privacy policy (hereinafter – Privacy Policy) is to provide information on the purpose, legal basis, volume and term of personal data processing and the possibilities of exercising the rights of a data subject.

BioEx reserves the rights to amend the personal data processing policy, publishing its current personal data processing policy on its website https://bioex.lv.

Regarding specific purposes of personal data processing, for the sake of transparency, a personal data processing policy can be published separately.

BioEx shall process the personal data of natural persons pursuant to provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as the Regulation); provisions and good practice guidelines stipulated in the laws and regulations of the European Union and the Republic of Latvia, complying with confidentiality requirements and taking care of the security of the personal data at our disposal.

In its operations BioEx shall:

 

• • use proportional and appropriate physical, technical and administrative procedures, security means and measures to protect the personal data information gathered and processed by BioEx. The security measures are constantly improved in accordance with stipulated requirements;

• • take measures to train and inform its employees on personal data protection matters to minimize the probability of possible security incidents;

• • implement internal procedures that can reduce the probability of possible security incidents and their consequences;

• • transfer data to third parties in compliance with the applicable regulatory framework.

BioEx undertakes to ensure the correctness of personal data and relies on data subjects and other third parties who transfer personal data that the completeness and correctness of the transferred personal data will be ensured.

In order for the client to always have up-to-date information on the processing of the client’s personal data, BioEx, in accordance with the requirements of laws and regulations, shall ensure regular review and renewal of the Privacy Policy, therefore we invite you to familiarize yourself with the current version of the Privacy Policy on the BioEx website https://bioex.lv from time to time.

 

2. 2. Personal data processing controller

The persona data processing controller is

LLC BioEx, Unified registration number: 40203396165

Legal address: Malduguņu iela 4, Mārupe, Mārupes Municipality, LV-2167

Telephone: +371 2 9269 463.

Email for communication on personal data processing matters: gdpr@bioex.lv.

 

3. 3. Scope of application of the Privacy Policy

The privacy policy shall be applied to ensure the protection of privacy and personal data in relation to data subjects (hereinafter referred to as Customers):

 

• • natural persons who have used, are using or have expressed the wish to use the services provided by BioEx;

• • who have cooperated, are cooperating or have expressed the wish to cooperate with BioEx in any way (including to participate in the BioEx staff recruitment process);

• • contact persons, representatives, participants, beneficial owners, etc. of legal persons – BioEx customers, cooperation partners or potential cooperation partners;

• • visitors of BioEx website https://bioex.lv; https://platform.bioex.lv, as well as other websites and mobile applications maintained by BioEx.

The Privacy Policy shall be applicable to data processing irrespective of the form or environment in which the Client provides personal data (for example, in person, by mail, in paper form, by telephone, digitally, on the BioEx website).

 

4. 4. Purposes and legal basis for personal data processing, categories of processed data
      (see Section 12 for additional information).

Purposes for personal data processing	Legal basis for personal data processing	Categories of processed personal data
For website maintenance and improvement of usage	Please familiarize yourself with Section 11 of this Privacy Policy	Please familiarize yourself with Section 11 of this Privacy Policy
For the assessment of applications in the staff recruitment process	•  consent (subparagraph a) of paragraph 1 of Article 6 of the Regulation) – regarding the fact of the submission of CV and retaining CV for future recruitment processes; •    conclusion of an agreement with the data subject (subparagraph b) of paragraph 1 of Article 6 of the Regulation) – regarding the processing of the data of applicants for whom a decision has been made to conclude an employment agreement; •    Compliance with a legal obligation (subparagraph c) of paragraph 1 of Article 6 of the Regulation) – in certain cases, for certain types of data, if regulatory acts stipulate mandatory requirements for a specific position; •  Legitimate interests of  BioEx (subparagraph f) of paragraph 1 of Article 6 of the Regulation) – regarding the provision of evidence in case of possible claims, as well as regarding the amount of information requested.	Name, surname and contacts of the applicant (email, telephone number), the applicant’s education and previous work experience, persons who can provide references and their contacts, references on the applicant, as well as other information that might be essential for the particular position and relevant to the applicant’s identification.
Receiving information about BioEx news Participation of customer surveys	Customer consent (subparagraph a) of paragraph 1 of Article 6 of the Regulation)	Customer identification data: name Customer contacts: telephone number and/or email address
Organizing document circulation	Ensuring the legitimate interests of BioEx (subparagraph f) of paragraph 1 of Article 6 of the Regulation)	The set of personal data shall depend on the content of the document (the author of the document shall be responsible for the content of the documents submitted to BioEx, including the amount of personal data contained therein, while BioEx shall be responsible for the content of documents prepared by BioEx.
Customer identification, implementation of “Know your customer” requirements, Customer verification, risk analysis, Conclusion and execution of a contract	•  consent (subparagraph a) of paragraph 1 of Article 6 of the Regulation) – regarding the submission of data; •    conclusion of a contract with the data subject or related legal person thereof (subparagraph b) of paragraph 1 of Article 6 of the Regulation); •    compliance with a legal obligation (subparagraph c) of paragraph 1 of Article 6 of the Regulation) – in certain cases for certain types of data if laws and regulations stipulate mandatory requirements (Sanctions Law; Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing); •    Legitimate interests of BioEx (subparagraph f) of paragraph 1 of Article 6 of the Regulation) – regarding the provision of evidence in case of possible claims, as well as regarding the amount of information requested.	Name, surname, email, telephone number, relations with the legal person (participant, beneficial owner, position), data of a personal identification document (passport, ID card), information about the legal person’s

 

5. 5. Ways of obtaining customer data, obligation to provide data

BioEx collects Customer data in several ways:

 

• • directly from the Customer;

• • from third parties (for example, the Customer’s employer indicates as a contact person for the execution of the contract).

The Customer is not obliged to provide their personal data to BioEx. However, if the Customer chooses not to provide their personal data to BioEx, there is a high probability that BioEx will be unable to provide to the Customer the requested services.

 

6. 6. Duration of personal data retention

BioEx shall retain and process the Customer’s personal data for as long as at least one of the following criteria exists:

 

• • there is a legal obligation to store data for a certain period of time in accordance with laws and regulations;

• • it is necessary to exercise the legitimate interests of the Controller;

• • it is necessary to fulfil contractual obligations;

• • there is a valid Customer consent for the processing of specific personal data and there is no other legal basis for further processing of the data (the Customer has the right to withdraw the consent at any time by sending a notification to email address gdpr@bioex.lv);

• • as long as BioEx or the Customer can exercise their legitimate interests in accordance with effective laws and regulations (for example, submit objections or bring and conduct a lawsuit);

• • for a period of time determined by the internal regulations of BioEx (including the period of time determined by the Privacy Policy, cookies policy).

Upon occurrence of conditions where there is no longer a legal basis for the retention of the personal data, the personal data of the Customer shall be erased or destroyed.

 

7. 7. Updating of personal data

BioEx shall ensure the correctness of personal data, their timely updating, correction or deletion if the personal data of the Customer are incomplete or incorrect. The aforementioned actions shall be carried out in accordance with the purpose of personal data processing and in compliance with the provisions of laws and regulations.

BioEx trusts that the Customer and third parties provide correct information and accurate personal data, incl., BioEx expects that after the personal data that have been provided to BioEx have become outdated or have changed, the personal data will be updated provided that it is consistent with the purpose of personal data processing and the provisions of laws and regulations.

 

8. 8. Transferring of personal data

BioEx transfers the personal data of the Customer to:

 

• • cooperation partners (processers or individual controllers) involved in the provision of services to BioEx. If necessary, BioEx, as the Controller, can attract a natural or legal person, a public institution, an agency or other entity (hereinafter referred to as Processer) who processes personal data on behalf of BioEx and who has appropriate know-how and skills necessary to provide specific services, and if necessary, transfer the personal data of the Customer to the Processer. Legal relations between BioEx as the Controller and the Processer shall always be regulated with a written contract. The Processer, pursuant to the provisions of laws and regulations and the contract concluded with BioEx, is required to carry out a set of measures to ensure an adequate protection of the privacy and personal data of the Customer. Cooperation partners of BioEx shall only process personal data in accordance with instructions from BioEx and shall not use them for other purposes.

• • persons specified in external laws and regulations (law enforcement authorities, court or other state or municipal institutions) to fulfil a legal obligation. Personal data shall be transferred upon receipt of a written request or upon the occurrence of a legal situation specified in laws and regulations and when a legal basis for such personal data processing is established. Personal data are transferred in the manner and to the extent provided for by the relevant law or regulation.

• • third parties in cases specified in laws and regulations for the protection of legitimate interests pursued by BioEx (for example, court).

In its day-to-day operations, BioEx shall implement measures aimed at minimizing the volume of personal data processed by its employees, ensuring that the employees only have access to those Customer data they need to perform their job duties.

BioEx shall ensure that the personal data at its disposal are provided only to the Customer. Data shall be provided to third parties, incl. those related to the Customer, only in cases where an unambiguous written consent has been received from the Customer or in instances specified by laws and regulations where such transfer is permitted.

BioEx shall not transfer personal data if the identity of the Customer cannot be ascertained or there are suspicions that the identity indicated by the Customer does not correspond to the real identity.

In cases when e-mail communication is used for sending data, BioEx shall ensure that such activity is perform only after consent has been received from the Customer, in writing or orally (with an employee making notes) stating the e-mail address to which the information should be sent. Upon using e-mail communication or other direct data transmission solutions, incl. self-service information system platforms, BioEx applies measures for protection of the respective data, using methods of data access protection or encrypting.

BioEx shall not transfer data outside the European Union and the European Economic Area unless it is stated otherwise in the present Privacy Policy.

If BioEx cooperation partners – Processers who have been given Customer’s data, perform data processing outside the European Union and the European Economic Area, BioEx shall make sure that the respective service providers follow the same requirements as stated by the Regulation and other European Union and the Republic of Latvia rules and regulations and good practice guidelines in relation to the data security and technical requirements.

 

9. 9. Customer’s rights in relation to personal data processing performed by BioEx

BioEx, within the framework of application of legislation regulating privacy and personal data protection, shall ensure the Customer the following rights, based on Customer’s written application:

 

• • Access to Customer’s personal data. The Customer has the rights to receive a confirmation from BioEx about whether the Customer’s data are or are not being processed, and, if they are being processed, to access the data or receive the following information about these data: purposes of data processing; personal data categories; personal data recipients; the duration for storage of personal data or criteria according to which this duration is determined.

• • Correction of personal data. The Customer has the rights to demand correction of the personal data if the Customer detects that the information BioEx stores about the Customer is incorrect or incomplete.

• • Deletion of personal data. The Customer has the rights to demand deletion of the personal data if at least one of the following conditions is in force:

 

• • the data are no longer necessary for the purposes they were collected or processed otherwise;

• • the Customer withdraws the consent for data processing, and there is no other legal reason for processing of these data;

• • the data processing has been based on following legitimate interests of BioEx or a third person, but there is no other more important legitimate reason for this data processing;

• • the Customer objects to data processing for the needs of direct marketing;

• • the data had been processed illegally;

• • in order to fulfil legal obligation, stipulated for BioEx in the legislation.

 

• • Restrictions on personal data processing. The Customer has the rights to ask to restrict processing of the Customer’s data at the disposal of BioEx.

• • Objections to personal data processing. The Customer has the rights to object to Customer data processing based on BioEx legitimate interests.

• • Data portability – the Customer has the rights to receive or hand over the personal data to another data controller (so called “data portability”). These rights include only the data you have submitted to BioEx based on your consent or a contract, and in case data processing is carried out by automated means.

The Customer’s application should be submitted in writing, signed with a personal signature, or on an electronic document, signed with a secure electronic signature.

BioEx shall reply to the application without ungrounded delay and following the terms stipulated by the rules and regulations, if there are such, but not later than in a month since the application has been received. BioEx has the rights to extend the term for providing the reply for two months, informing on the reason of the extension, considering the volume of the application.

The reply to the application shall be provided, if possible, in the way desired by the Customer.

The Customer should submit the application in person, or by mail or via courier service to BioEx legal address Malduguņu iela 4, Mārupe, Mārupes Municipality, LV-2167, or electronically, signed with a secure electronic signature, to e-mail address: gdpr@bioex.lv.

If the Customer finds it difficult to submit the application in writing, the Customer has the rights to express the application orally in person at BioEx legal address: Malduguņu iela 4, Mārupe, Mārupes Municipality, LV-2167, making an appointed prior to the visit by telephone +371 2 9269 463, where BioEx responsible employee shall put it in writing, and the Customer, upon getting familiar and confirming the compliance of the documents, signs it.

 

10. 10. Personal data protection

BioEx shall take care of nondisclosure and security of the Customer’s personal data, using modern technologies, considering the present privacy risks and the appropriate organizational, financial and technical resources available to BioEx, including ensuring physical and environment security of the Customer’s personal data; restricting access rights to the Customer’s personal data (only BioEx authorized employees who need it for performing their duties have access to the Customer’s personal data); by performing transmission of the Customer’s personal data in an encrypted way; by ensuring protection of the computer network and personal devices; by making copies of the data; by implementing internal control procedures which help to reduce the probability of security incidents; by ensuring personnel training and information about personal data processing and implementing other protection measures, thus, ensuring protection of the Customer’s personal data against illegal access, use or disclosure.

Processers who are entrusted by BioEx with processing Customer’s personal data, before launching cooperation, are being assessed and informed about the set of measures they have to apply in order to ensure the Customer personal data processing, confidentiality and protections in accordance with the requirements of the rules and regulations. The processers ensure the Customer’s personal data processing and protection in accordance with the requirements of the rules and regulations and cooperation agreement signed with BioEx.

BioEx is constantly improving and updating its technical solutions, based on the recent trends and opportunities offered in the sector and based on the identified risks.

 

11. 11. Cookies policy

Internet website https://bioex.lv (hereinafter – website) belongs and is supported by BioEx.

The present section – Cookies Policy – describes how BioEx undertakes to respect your privacy in relation to using cookies on its website.

The website uses cookies in order to ensure better user experience. While using the website and clicking “accept” button on the pop-up window, you agree with use of cookies. You may withdraw your consent at any time, deleting the cookies saved on your browser or using the “cookies settings” button on the lower part of the website, clicking on this button, you will open the initial menu window.

BioEx invites to get acquainted with the Cookies Policy and periodically revise it in order to learn the latest information about the processes of personal data processing performed by BioEx.

11.1. What are cookies and how does BioEx use them:

Cookies are small pieces of text that are sent to your computer or mobile device during your visit of the website and that the website stores on your computer or mobile device when you open the website. During your next visit of the website, the cookies are sent back to the place of origin or another website that recognizes the cookies. Cookies operate as a memory of the respective website, helping it to remember your computer or mobile device during the next time of visit, including your settings or improving the convenience for you as a user.

The main goal of cookies is to recognize the device you are using to access the website, thus, ensuring the website contents adapted for every website visitor (for example, the language you have selected, the font size, etc.), as well as to provide anonymous statistical data to BioEx, that allow to improve operations of the website. The website places also third-party cookies that collect information about you on different devices and marketing channels.

11.2. What kinds of cookies does BioEx use:

BioEx uses the following kinds of cookies: session and persistent cookies, as well as the first-party and third-party cookies

First-party cookies are cookies set by the website you are visiting. These cookies can be read only by the website itself. Besides, the website may use external services that also set their own cookies that are called third-party cookies. The third party cannot access information BioEx is collecting using its own cookies.

Persistent cookies are cookies that are stored on your computer and when you close the browser are not automatically deleted as opposed to session cookies, that are deleted when you close the browser.

BioEx is using three kinds of first-party cookies in order to:

preserve settings of visitors;

ensure functioning of BioEx website;

collect analytical data (visitors’ statistics).

Visitors’ settings. These cookies are set by BioEx and they can be read only by BioEx. These cookies remember whether you agreed with the website’s cookies policy (or rejected it):

Name	Service	Purpose	Way and duration of storing cookies
CookieConsent	BioEx platform	To confirm consent of the user with the use of cookies	First-party cookies that are stored until the consent is withdrawn
Cookieyes-consent	Website	To confirm consent of the user with use of cookies	First-party cookies that are stored until the consent is withdrawn

Essential (technical) cookies are cookies without which BioEx website may not function and ensure its services and possibilities, therefore you may not reject using them.

Name	Service	Purpose	Way and duration of storing cookies
accessToken	BioEx platform	To identify user on the application due to security reasons	First-party cookies stored until the end of the session
refreshToken	BioEx platform	To extend the user’s session	First-party cookies stored until the end of the session
langId	BioEx platform	To remember the language settings by the user	First-party cookies stored until the end of the session

Analytical cookies.BioEx uses analytical cookies only for internal analytics in order to improve the services for BioEx users.

Analytical cookies help to assess how the user (as an anonymous user) uses the BioEx website (the collected data do not identify you personally).

These data are not shared with third parties and are not used for any other purposes.

You may freely reject these cookies – on the cookies bar on the pop-up window when visiting the website for the first time.

Name	Purpose	Duration of storage
_ga_3SXB04XWQ5	To follow users’ activities on the website, using third-party service provider (Google) for improvement or our service	Third-party cookies that are stored until the consent is withdrawn
_ga	To follow users’ activities on the website, using third-party service provider (Google) for improvement or our service	Third-party cookies that are stored until the consent is withdrawn
pll_language	To remember the language settings by the user	Third-party cookies that are stored until the consent is withdrawn

The website uses Google Inc software Google Analytics that uses cookies stored on your computer, allowing to analyse how you are using the respective internet website. The information created by these cookies about how you are using the internet website is sent to Google server in the US and stored there. Your IP address, using IP masking, is shortened in the territory of the European Union and the European Economic Area and only in exceptional cases can be handed over for processing to Google servers located in the US. Google Inc uses this information in order to assess how you use the respective internet website in order to prepare a report to supporters of the internet websites about activities on the respective websites and provide other services related with the internet website and use of internet. Google Inc in no way relates the received IP address with any other information at the disposal of Google Inc. If necessary, Google Inc may share the information with third party if it is stipulated by the law or the third party is performing data processing as commissioned by Google Inc. In order to receive additional information about cookies, please visit www.allaboutcookies.org.

11.3. Your consent with creation of cookies and rejection of the use of cookies:

You are not offered an opportunity to reject use of technical or essential cookies as without them use of the website will be disrupted or will not be possible. The legal purpose of use of technical or essential cookies is the legitimate interests of BioEx as the controller – to ensure uninterrupted operations of the website.

The legal basis of use of other cookies is your consent that is given by marking acceptance in the respective dialogue window. The consent confirms that you have familiarized yourself with the information about cookies, the purpose of their use and the legal basis. Cookies can be disabled on the same cookies window in which they were confirmed, unticking the respective dialogue window.

When visiting our website for the first time, you will be offered on a pop-up window:

 

• • an option to accept use of cookies (“Accept all”);

• • an option to select what type of cookies you want to disable on your device (“Change”);

• • an option to use only technical or essential cookies (“Reject all”).

If you click on the option “Accept all”, it means that you have accepted all cookies on the website and you confirm that you have got acquainted with the information about the cookies, the purpose of their use and cases when information is shared with third parties.

By choosing option “Change”, you have an opportunity to disable some or all cookies, except for the essential cookies. All cookies that are not defined as mandatory (“essential” cookies) can be used only with your prior consent. You may express your consent by placing a mark on the form for each type of cookies you consent.

By choosing option “Reject all”, only the essential cookies will be used. Such an option is not considered as your consent with use of the “essential” cookies, but confirms your rejection to use other cookies. In relation to the “essential” cookies, your consent is not required because these cookies ensure full and uninterrupted depiction of the contents of the website.

Deletion of cookies from the website. All cookies that have already been set on your device, can be deleted, deleting the browsing history from your browser. Thus, all cookies from all websites you have visited will be liquidated. However, remember that thus you may also lose some stored information (for example, settings on a website).

Control of website cookies. You can check and control cookies and privacy protection settings on your browser. You can change cookies settings or delete them in the settings of the internet browser.

Please find attached links to information resources on management of cookies on the most popular browsers:

 

• • Firefox 

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

 

• • Chrome 

https://support.google.com/chrome/answer/95647?hl=en

 

• • Safari 

https://support.apple.com/lv-lv/guide/safari/sfri11471/mac

 

• • Opera 

https://help.opera.com/en/latest/web-preferences/

 

• • Edge 

https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy

 

• • Explorer 

https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer[VV4]

More information on how to control use of cookies on the browser on your device can be found on website: http://aboutcookies.org.

Disabling cookies. Cookies can be disabled on the same cookies window on which they were accepted, unticking the consent box on the respective dialogue window.

In order to disable cookies and/or change your choice (consent), please, use the menu button “Cookies settings” on the lower part of the website, by clicking on it, the initial information and settings window will open.

By choosing (clicking on the button) “Change”, a list of cookies will open. Please, make your choice (consent):

 

• • by clicking a box of the respective kind of cookies you consent to if the cookies had not been selected earlier, or

• • by clicking on an earlier choice in order to untick the box if the cookies had been selected earlier.

11.4. Updates of cookies policy

Technically updates of the website may happen from time to time, and as a result BioEx may introduce updates and additions to the Cookies Policy. BioEx has unilateral rights to introduce such updates or additions.

 

12. 12. The data collected on the website and data processing
        (Policy for additional information).

Type of data	Purpose (goal)	How do we obtain data	Where are the data stored	Duration of data storage	How are the data protected
Data about legal person
Company’s e-mail address	To generate agreements among customers after concluding each order during the whole period while using the platform	Registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Company’s name	To identify the user and perform due diligence on the customer	Registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Company’s registration number	To identify the user and perform due diligence on the customer	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Company’s VAT payer’s number	To identify the user and perform due diligence on the customer	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Bank account IBAN	To generate agreements among customers after concluding each order during the whole period while using the platform	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Name of bank	To generate agreements among customers after concluding each order during the whole period while using the platform	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
BIC	To generate agreements among customers after concluding each order during the whole period while using the platform	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Name of recipient	To generate agreements among customers after concluding each order during the whole period while using the platform	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Company’s e-mail address for accounts	To generate agreements among customers after concluding each order during the whole period while using the platform	Registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Information about the platform user (person)
Name	To identify the user and perform due diligence on the customer	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Surname	To identify the user and perform due diligence on the customer	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
E-mail	To communicate with the user	Registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Phone number	To communicate with the user	Registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Customer’s position in the company	To identify the user and perform due diligence on the customer	Registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Information about the signatory of the agreement (optional)
Name	To identify the user and perform due diligence on the customer	Using registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Surname	To identify the user and perform due diligence on the customer	Using registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
E-mail	To communicate with the user	Using registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Phone number	To communicate with the user	Using registration form on the platform	Data base	Until withdrawal of the consent or for 3 years after the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel
Customer’s position in the company	To identify the user and perform due diligence on the customer	Using registration form on the platform	Data base	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Documents
Passport or ID card (for the platform user);	To identify the user and perform due diligence on the customer	Using registration form on the platform	Protected system files storage	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Grounds of representation (authorization, the company’s Bylaws) (for the platform user);	To identify the user and perform due diligence on the customer	Using registration form on the platform	Protected system files storage	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Passport or ID Card (for signatory of the agreement);	To identify the user and perform due diligence on the customer	Using registration form on the platform	Protected system files storage	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Grounds of representation (authorization, the company’s Bylaws) (for the signatory of the agreement);	To identify the user and perform due diligence on the customer	Using registration form on the platform	Protected system files storage	For 5 years after the cooperation term expires (Section 37 of Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing)	Encrypted data base with secure access, using encrypted communication channel
Others
IP address	To identify the user for security reasons	Automatically during connection of the browser	Data base and journals	Until withdrawal of the consent or until the cooperation term expires	Encrypted data base with secure access, using encrypted communication channel. Journals with secure access.
Authentication access cookies (accessToken)	To identify the user for security reasons	Automatically after successful authentication of the user on the browser	On the browser and authentication data base	Until the end of the session	Encrypted data base with secure access, using encrypted communication channel
Authentication refresh cookies(refreshToken)	To extend the user’s session	Automatically after successful authentication of the user on the browser	On the browser and authentication data base	Until the end of the session	Encrypted data base with secure access, using encrypted communication channel
Trace cookies	To trace users’ activities on the website, using third-party service provides in order to improve our services	Automatically after the user’s visit of the website	Customer’s browser	Until the end of the session	Protection of personal browser settings
Cookies consent	To confirm the user’s consent with the use of cookies	Automatically after the user accepts use of cookies on the website	Customer’s browser	Until withdrawal of the consent	Protection of personal browser settings

 

13. 13. Additional information and submission of complaints about data processing.

On matters related with Customer personal data processing (including sharing references, raising objections about processes of personal data processing, making submissions), as well if you believe that BioEx has violated your rights to personal data protection while processing your data, please contact BioEx:

SIA “BioEx”

Unified registration number: 40203396165

Legal address: Malduguņu iela 4, Mārupe, Mārupes Municipality, LV-2167

Telephone: +371 2 9269 463.

E-mail address for personal data processing matters: gdpr@bioex.lv.

In case you are not satisfied with the reply, you have the rights to submit a complaint with the Data State Inspectorate (address: Elijas iela 17, Rīga, LV-1050; e-mail: pasts@dvi.gov.lv; telephone: +371 6 7223 131).

Privacy policy has been last updated on December 1, 2022