1.1.    As one of the largest technological innovation leaders in Latvia, we, Latvijas Mobilais Telefons SIA, (hereinafter – “LMT” and/or “we”), are constantly providing new services that meet modern standards. LMT takes great care not only of the convenience and functionality of our services, but also of the protection of privacy. In our everyday work, we invest resources and take care to ensure that personal data are protected.

1.2.    The purpose of this Policy is to inform and explain how LMT protects and cares for the personal data at the disposal thereof, namely, to help to understand how and for what purposes the data are processed and also to inform about the rights and obligations of data subjects.

1.3.    When processing personal data, LMT complies with the laws and regulations in force in the Republic of Latvia, the binding instructions and regulations issued by the responsible authorities, and also keeps track of best practice developments.

1.4.    This Privacy Policy applies to any data subject, i.e. an identified or identifiable natural person whose personal data are processed by LMT, including it applies to customers and potential customers, their representatives, users of services, cooperation partners and their representatives, interested parties and visitors. For matters relating to the employment relationship, we have developed separate binding information that can be consulted at relevant stages.

1.5.    This Privacy Policy does not apply to data processing measures carried out by other economic operators, including when visiting their websites or using their services via LMT network. In such cases, we recommend reading the personal data protection guarantees provided by the respective economic operators.

1.6.    During the collection of personal data, we may separately provide additional information about the processing of personal data, for example, in connection with a specific service.

1.7.    This Privacy Policy has been created to be as simple as possible; however, we would like to draw attention to the following definitions:

1.7.1.    Personal data: any information relating to an identified or identifiable natural person.

1.7.2.    Anonymised data: information that can no longer be attributed to a natural person as all elements identifying the relevant person have been removed from the dataset.

1.7.3.    Profiling: any form of automated processing of personal data, namely, use of personal data in an aggregated or individualised form, for the purpose of evaluating certain personal aspects relating to a natural person.

1.7.4.    Services: any services or goods offered by LMT online, remotely, or onsite.

2.1.    Information that we obtain about a person depends on the content of a transaction, including the service requested or received. We also process information obtained within the framework of any form of cooperation, for example, from a customer or cooperation partner. 

2.2.    We can obtain personal data in several ways, for example:

2.2.1.    A data subject has provided his or her personal data to LMT himself or herself, namely, the data subject or his or her authorised representative has contacted or cooperated with LMT, for example, by requesting a transaction, by signing a contract, by using LMT service, by signing up for newsletters, by requesting information or submitting a specific question or request, by visiting LMT Customer Centres, by contacting us via LMT information channels, including LMT site My LMT, social networks, by participating in events or activities organised or supported by LMT, by participating in contests, lotteries, or surveys.

2.2.2.    Data are generated using LMT services or network, for example, by making calls, sending e-mails, or visiting or using the websites and apps of LMT. For example, the use of electronic communications services generates traffic data and location data (also known as electronic communications metadata), and we process such data in accordance with the applicable laws and regulations. 

2.2.3.    Data that we have generated based on the data subject’s personal data, for example, conclusions about possible interests or service usage habits that we have analysed for the purpose of service offers.

2.2.4.    LMT may also obtain data from other sources, for example, other service providers or cooperation partners, institutions, or publicly available registers, such as credit institutions, credit information bureaus, debt history databases, the Enterprise Register of the Republic of Latvia, authentication service providers. In addition, LMT may obtain data from customers or cooperation partners about authorised persons or contact persons performing a specific task.

2.2.5.    When visiting the website of LMT, cookies may be used and we provide information about cookies at the time of visiting the website. For more information about cookies, see Clause 9 of this Policy.

2.2.6.    Provision of personal data to LMT is optional; however, if you choose not to provide such data to us, we may be unable to provide our services to you.

Categories of personal data may vary depending on the service used or the nature of cooperation. Generally, we categorise personal data as follows:

3.1.    Basic personal data. This category of personal data includes data that do not correspond to other types of data, for example:

Personal identification data (for example, first name, last name, personal identity number, personal identification document number, expiration date). 

Contact details (for example, e-mail address, residential address, contact phone number, contact person). 

Customer data (for example, customer number, service segment, group).  

Representation data (for example, representation data of legal entities, data of authorised persons, authorisation data).

Communication data (for example, information about contacting LMT, submission, application, survey information, data of audio recordings made during customer service, visual information shared with LMT during a remote conversation, such as an image and/or video provided by the customer).

Consent data (for example, information on consents given, consent withdrawals). 

Service data (for example, connection number, SIM card data, information about the services provided, service authorisation data, service application data, service withdrawal data, service usage limits, service administration message data).

Device technical data (for example, IMEI, device model, device series).

Billing data (for example, billing information, payment information, invoice delivery information).

Credit history and debt recovery data (for example, credit history data, debt data, debt recovery data).

Personal visual data (for example, video surveillance data, video recording data, a photo). 

Transaction data (for example, information about the concluded contracts, transactions, applications).

3.2.    Children's data. This category includes data about minors. We process children’s data only in certain circumstances, for example, when it is related to the provision of certain transactions, including to a parent or the relevant legal representative, and also in cases where it is necessary and permitted in accordance with laws and regulations. For example, we can grant a service discount if the customer has a child, in which case, we can process the child’s personal identity number, date of birth, and age. If such data processing is carried out, LMT pays particular attention to ensure that the processing is appropriate.

3.3.    Traffic data (electronic communications metadata). Data processed in order to transmit information over an electronic communications network or to prepare invoices and record payments, except for the content of the transmitted information, and which allows the identification of a specific natural person as a data subject. The traffic data category includes, for example, information about communication parties, connection number, connection time, information about the terminal equipment, the amount of transmitted data, the technology used. Such data reflect your activities when you use electronic communications services and the network. For example, a number A communicates with a number B at a certain time. We process such data only for the purposes laid down or permitted by laws and regulations.

3.4.    Location data (electronic communications metadata). Data processed in an electronic communications network or processed using electronic communications services, and which indicate the location of the terminal equipment of electronic communications services, including the location of the terminal equipment (for example, the territory of the base station), the address of the connection point. Location data indicating the location of the terminal equipment in the base station cell do not provide information about the exact location of the end-user at a specific geographical point. This category also includes location data intended, for example, for the provision of additional services. We process such data only for the purposes laid down or permitted by laws and regulations.

3.5.    Systems access and usage data. Data that are used and generated in connection with registration, authentication, and login of services, service channels, and systems, such as My LMT, LMT e-shop, or are generated when visiting the websites of LMT, and which characterise the use of services. For example, this category includes various access parameters, such as passwords, codes, login transactions, and system usage data, for example, Internet Protocol address, audit logs, etc.

3.6.    Other data that describe the use of services, including personal data collected by cookies or similar technologies, in connection with visiting the website and using LMT services. For more information about cookies, see Clause 9 of this Policy.

4.1.    LMT processes personal data to provide services, ensure effective customer service, cooperation, organisation of events and other social and business activities related to LMT operations. 

4.2.    For security reasons, to avoid repeated identification, we prefer the processing of anonymised data. However, due to the nature of the provided service, cooperation, or event, quite often we need to process the personal data of an identifiable person. 

4.3.    LMT performs automated processing of personal data. This allows for quicker handling of enquiries or requests, for example, by informing the person individually about the range of services available to him or her and how to tailor them to his or her specific interests and needs. In addition to the above, automated processing of data allows to provide an answer quickly, which would otherwise require manual handling and considerably more time.

4.4.    In providing services related to a credit limit (for example, when choosing a service, a device is given), increasing credit risk (for example, making relevant changes during the term of an existing contract), or providing financial support, it is important to evaluate credit information. It provides an opportunity to take care of a person's ability to fulfil his or her obligations and ensure adequate financial management.

4.5.    When assessing a person's creditworthiness for the purpose of the provision of certain services, for example, when a chosen service includes the receiving of an equipment or down payment rules for the equipment or in case the customer has requested the extension of the payment date, individual automated data processing may be carried out to verify the ability of a data subject to meet his or her payment obligations. LMT may request information from external third-party databases (including credit data and debt history databases). If LMT has doubts about the ability of a data subject to meet his or her payment obligations, certain services may be refused fully or partially. However, the person concerned may always submit information to LMT in a different way to justify the person’s ability to fulfil the obligations arising from the selected transaction.

4.6.    We make automated individual decisions only if the data subject has given his or her consent thereto or there are contractual grounds (transaction provision). In certain cases, we may do that on another legal basis, if permitted by the relevant laws and regulations. 

4.7.    LMT also carries out profiling. In order to better understand person’s needs and develop services that meet person's expectations and interests, LMT may take into consideration, for example, previous cooperation, including duration, value, and content of transactions, payments made by the person, information about the expectations and needs, etc. This allows to address each situation individually, including considering whether there is long-term cooperation between the person and LMT, and it is necessary to reach a compromise to resolve an unusual matter. Profiling used for the purposes of direct marketing allows us to make the most suitable offers. However, we respect each data subject's right to request discontinuation of such processing of personal data by withdrawing his or her consent or to object to processing of personal data for the above purpose when it is done on the basis of the legitimate interest.

4.8.    Profiling is carried out in compliance with statutory requirements. The legal basis for such data processing may be a consent given by a natural person or in some cases the legitimate interest of LMT, or another legal basis provided for in laws and regulations. 

4.9.    Any data subject may request LMT to review automated individual decisions, including decisions based on profiling. The data subject also has the right to request to review such automated individual decision and to involve LMT experts in the said review, when the decision refusing access to service is made due to insufficient creditworthiness. Thus, if there is any information that may change such decision and is not available to LMT, we ask the person to provide such information to us by visiting any LMT Customer Centre or by contacting us via any of LMT information channels. 

4.10.    In order to facilitate the development of services or perform other assessments, LMT compiles statistical data.

4.11.    LMT aggregates statistical data about terminal equipment flows in the electronic communications network to provide mobility analytics services. In order to obtain these statistics, LMT processes anonymised data, including electronic communications network traffic data, location data (also known as electronic communications metadata, signalling data), and service data anonymised in accordance with the requirements of the Electronic Communications Law and other laws and regulations. LMT ensures the use of modern and verified anonymisation methods, maintains a high level of protection and a responsible approach to the processing of such data by applying a range of technical and organisational measures to protect data security, to prevent unjustified processing thereof, and also to ensure and preserve the anonymity of data. If you do not wish to contribute to creation of statistics, you may object to the processing of your personal data before data anonymisation via LMT communication channels specified on the mobility data analytics service site. For more information on the mobility data service, recipients of mobility data analytics, analytics retention periods, and the right to object, please visit the website of LMT.

LMT processes personal data only for specific and legitimate purposes and only if that is necessary for the fulfilment of the purpose. We basically process personal data according to four legal bases, including contract performance, legitimate interests, statutory legal obligation, and consent. In certain cases, we may perform processing also on another legal basis.

5.1.    Processing purposes based on the legal basis of contract performance.

5.1.1.    Provision of services and performance of contracts. We process basic personal data, such as personal identification data, customer data, contact data, service data, and traffic data, to ensure the provision of electronic communications services and to transmit information over the electronic communications network, for example, when making a call, transmitting a text message or e-mail to the recipient. We also process information related to the provision of electronic communications services, including the domain name system queries requested by the customer and domain name system responses, in order to warn the customer about any potential dangers associated with a website. We process basic personal data, such as personal identification data, contact data, and service data, also when providing services other than electronic communications services. The purpose of providing services also includes the processing of basic personal data for managing the customer’s contractual relationship, identifying the customer, authorised person, or representative, processing and delivering orders, communicating with the customer in connection with the provision of the service and the performance of the contract, for example, by sending an informational message to the customer via a text message or e-mail, making a service call, or printing a message on the invoice, etc., in each case selecting the most suitable form of communication. If the customer is a legal entity, the processing of personal data of the customer's representatives, authorised persons, and contact persons in connection with the provision of the service and performance of the contract is based on legitimate interest.

5.1.2.    Entry into contracts or amendments thereto. We process basic personal data, such as personal identification data, customer data, contact data, representation data, where applicable, service data, communication data, and system usage and access data upon request of the data subject before entering into the contract, amending or terminating the contractual relationship, and also upon examining the related submissions, applications and answering the related questions. The purpose also applies to new applications for an existing or new transaction, including services, for example, on LMT e-shop, at LMT Customer Centres, in any form of application. 

5.1.3.    Quality control of services and customer surveys. We process basic personal data, such as personal identification data, contact data, service data, communication data, to perform various actions in order to ensure the quality of the service in accordance with the terms of the valid contract, to find out the opinion about the quality of the service, for example, by making a service call, etc.

5.1.4.    Resolution of the reported issues. We process basic personal data, such as personal identification data, customer data, contact data, service data, communication data, within the framework of mutual communication between the data subject and LMT, including for the purpose of resolving service incidents, examining applications, submissions, claims, or any question submitted by a person (including by mail, e-mail, etc.) within the framework of an existing contractual relationship or a requested transaction. If the issue concerns the quality of LMT electronic communications service, LMT may also process traffic data as part of this purpose.  

5.1.5.    Payment management. We process basic personal data, including personal identification data, customer data, billing data, service data, and, where appropriate, traffic data to ensure payment for services, including to prepare and issue invoices and to process payments. 

5.1.6.    Credit risk assessment. In order to establish a contractual relationship or review a transaction application, it may be necessary to take a decision related to credit risk assessment, which may include automated decision-making. We process basic personal data, including personal identification data, billing data, credit history data, service data, established credit limits, credit information, and credit rating information, including receiving it from external credit information sources, including before concluding a transaction and during its execution, for credit risk assessment, including performing automated personal data processing, including profiling, and automated individual decision-making.

In certain cases, the processing of personal data from third-party debt history databases of the customer or the customer’s representative, such as an authorised person or official, is based on consent. For more information, see Clause 4 of this Policy and the website of LMT.

5.2.    Processing purposes based on the legal basis of legitimate interest.

5.2.1.    Debt recovery. LMT has a legitimate interest in defending its rights and interests and ensuring the fulfilment of obligations by recovering the debt. Based on this legitimate interest, LMT performs activities related to debt recovery, including receiving, storing, and processing basic personal data necessary for debt recovery, such as personal identification data, contact data, service data, billing data, credit history and debt recovery data, and also may provide and post information about the debt and the person in the debt history databases and credit information bureau databases registered in accordance with the procedures laid down in laws and regulations, and also save and transfer to third parties the information submitted and sent to us, including personal data and information related to the transaction, in order to ensure execution of the transaction, and also in cases where the person has not properly fulfilled the terms of the transaction.

5.2.2.    Fraud prevention. We process basic personal data, such as personal identification data, contact data, and service data, to analyse transaction patterns and information about signs of potential fraud in order to detect or prevent fraud related to the use of our services, for example, if someone attempts to use or uses the services for free in cases where a fee is applicable to the service. 

5.2.3.    Security of the economic operator’s infrastructure, services, information, employees, customers, and visitors, prevention of illegal or other threats, promotion of detection of criminal offences at the facilities and in the territory adjacent thereto, including in the network and information systems. We process basic personal data, such as personal identification data, personal visual data, contact data, communication data, system access and usage data, for the performance of measures that are carried out with physical and logical means of protection, including for the performance of video surveillance, the provision of pass system, and for the performance of other technical and organisational measures to ensure protection against threats caused by physical exposure and protection which is implemented by means of logical protection.

5.2.4.    Organisational management of the economic operator (including record keeping, processes, services, information systems, records of persons, ensuring succession of the economic operator, realisation of public relations and social responsibility). We process basic personal data, such as personal identification data, contact data, communication data, transaction data, for the purpose of ensuring integrated management of the company in accordance with national and internationally recognised principles of corporate governance, while also ensuring traceability, control, improvement of internal processes and risk management. 

5.2.5.    Statistics and analytics of processes, services, information systems, and network data to identify correlations and trends for development and improvement. We process basic personal data at the disposal of LMT, such as service data, billing data, consent data, credit history and debt data, system usage data, in order to collect statistics and perform analysis, for example, to evaluate the results of service sales, in order to develop and improve services, processes, systems, and networks and to determine the company's goals and development directions. 

5.2.6.    Offer management. We process personal data in order to provide useful information about services, including within the framework of direct marketing, including related profiling that does not have a significant impact on the person, for example, to provide information about significant news regarding customer service, customer centre service news, including working hours or address changes, to promote awareness of LMT news and services.  

5.2.7.    Provision of customer service within the ‘life cycle’, including improving satisfaction and loyalty. We process basic personal data, including service data and contact data, to improve cooperation, promote loyalty, and maintain satisfaction, for example, we conduct surveys, loyalty calls, service calls, or communication with a person in another service channel with the aim of improving the experience, clarifying wishes and needs, identifying persons satisfaction or inform about services. 

5.2.8.    Conducting video surveillance and video recording, including with audio recording. We conduct video surveillance and video recordings, including audio recordings, to monitor the order in the premises and territory subject to video surveillance, including LMT Customer Centres, to prevent or detect criminal offences and other incidents related to the safety of persons and property protection, to perform service quality control, including the handling of related customer complaints, and also to protect LMT rights and interests in the event of potential investigation or legal proceedings. Within the scope of this purpose, we process basic personal data, such as personal visual information, data related to video surveillance and video recordings, such as time and place of visit, communication data. 

5.2.9.    Making audio recordings of telephone conversations during customer service. We make audio recordings of telephone conversations during customer service calls in order to control the quality of customer services and confirm the questions submitted during the conversation, to ensure the protection of our rights and interests, by keeping evidence of the question, submission, or application raised in the conversation, and also to ensure its appropriate processing or execution. For this purpose, we process basic personal data, such as personal identification data, customer contact data, communication data, data related to audio recording, such as conversation time.

5.2.10.    Processing of personal data for internal administrative purposes within the LMT Group. We process basic personal data for internal administrative purposes of group companies, for example, to prevent conflicts of interest and prevent illegal transactions.

5.2.11.    Anonymised traffic, location, service data analytics. We anonymise electronic communications network metadata, i.e. certain traffic data, location data (also known as signalling data), and service data, including the time and date of the IMSI signalling event, serving base station ID, type of electronic communications service, and obtain aggregated statistical data about terminal equipment flows in the electronic communications network for the purpose of providing innovative, high added value analytics for specific LMT customer categories (national and local authorities, enterprises). Such services are essential for data-driven decision-making in a wide range of areas (for example, improving traffic and tourism infrastructure, analysing tourism and measuring the return on investment of different national and local governments, investors, planning and developing mobility and public services, sustainable use of resources). For more information, see Clause 4 of this Policy and the website of LMT.

5.3.    Processing purposes based on a legal obligation as a legal basis.

5.3.1.    Enforcement of binding laws and regulations. We process personal data in order to fulfil the obligations laid down in the Electronic Communications Law and other laws and regulations for such purposes as, for example, accounting, financial and tax management, electronic communications network management and security, quality assurance of electronic communications, prevention of fraud, including using numbering, fulfilment of requests from competent authorities, provision of information intended for end-users and examination of end-users' questions, storage of data to be retained and provision thereof to competent authorities, execution of the laws and regulations governing the field of sanctions, investigation and prevention of personal data protection violations, and also in order to fulfil other obligations stipulated in laws and regulations.

5.4.    Processing purposes based on consent as a legal basis.

5.4.1.    Management of the offers of the economic operator and third parties (cooperation partners). We process personal data in order to provide customers and other persons who have given consent to direct marketing messages, such as information about offers, campaigns, news or other events, and to perform data selection for the preparation of personalised offers in accordance with the purpose of the given consent, including by processing traffic data or location data, if envisaged by the purpose of consent. If an event is held in cooperation with a third party, we may transfer personal data to that party if the customer or another person has given his or her consent. For example, a message may be sent to a customer or another person who has given consent by e-mail or another channel, in each case evaluating the most appropriate form of communication. 

In order to send the customer e-mail offers for services or products that are similar to the services or products already used by the customer, we may base the processing of personal data on the legitimate interests of conducting direct marketing, unless the customer has previously opted out of receiving such offers. 

5.4.2.    We also process personal data for other purposes for which you have given your consent. Before receiving consent, we inform you about the purposes of personal data processing and the right to withdraw consent. For more information on the right to withdraw consent, see Clause 10.1.4.

6.1.    In order to protect the interests of natural persons, we continuously develop our security processes and measures. Such security measures include the protection of personnel, information and technical resources, IT infrastructure, internal and public networks, and also LMT facilities. As part of these measures, we ensure an appropriate level of information protection to prevent unauthorised access to personal data and ensure the integrity of personal data. Among them, we can implement appropriate measures that increase the security level of services, for example, by introducing additional service availability and authentication requirements.

6.2.    We protect personal data by using modern technologies, taking into account the risks posed by processing for natural persons, and also the technical and organisational measures available to us, including closed premises and denial of access to unauthorised persons, use of firewall programs, data encryption when transmitting data (SSL encryption), intrusion detection and prevention programs, anonymisation methods aligned with best practices, and audits. Regular trainings are organised for our employees concerning information security and personal data protection matters.

7.1.    Exchange of personal data may be needed in some cases, when there is a specific purpose, for example, LMT may need to provide personal data to the following categories of data recipients:

7.1.1.    LMT Group companies. We provide personal data if it is necessary for the purposes of personal data processing defined in this Policy. Security of personal data is a priority for LMT Group companies and, therefore, when providing personal data, we take great care to ensure that the data processing takes place according to the statutory requirements. 

7.1.2.    Cooperation partners. Economic operators with whom the companies of LMT Group have entered into cooperation agreements and established mutual obligations (for example, for device insurance). Likewise, for the provision of services (including other electronic communications operators, including if the customer has chosen to keep the number, onsite and remote sales personnel, device set-up personnel, device repair, etc.), for the provision of delivery (including printing of invoices, delivery of parcels and contracts, etc., including couriers, postal service providers, etc.), for the verification of personal identification or authentication (providers of authentication services, including internet banks, providers of secure electronic identification means), for service quality control (including survey takers, etc.), for security and protection (cooperation partners who provide support for the safety and protection of LMT Group employees, customers, visitors, facilities and infrastructure, and also for the prevention of fraudulent, illegal actions or other threats and infringements to the interests of LMT Group, including security, legal assistance providers, etc.), and for ensuring management (cooperation partners for managing and ensuring the organisational, financial management, and accounting processes of LMT Group, including auditors, event organisers, etc.), within the scope of the authorisation issued to the authorised person.

When using his or her LMT connection number in the countries of the European Union, the European Economic Area, or foreign countries, the LMT customer visits the networks of other electronic communications operators and uses the services provided by them. In such a case, electronic communications operators have the right to process and receive from LMT personal data that is objectively necessary for the provision of services.

In cases where LMT transfers personal data to another electronic communications operator, personal data processing takes place in accordance with the terms of the contract and privacy policy of the relevant electronic communications service operator. If necessary, we recommend that you contact the relevant operator of electronic communications services for more information.  

7.1.3.    Debt recovery institutions / companies. Including debt recovery companies, credit information bureaus and credit rating companies, bailiffs, administrators and other persons in the debt recovery process.

7.1.4.    Supervisory authorities. For example, market surveillance authorities, law enforcement authorities, including for the protection of LMT legal rights, for example, to file a claim, and the rescue services in accordance with laws and regulations. 

7.1.5.    Third parties. For example, natural or legal persons, public authorities, agencies, or structures other than data subjects or processors.

7.2.    In addition to the above, there may be cases when we transfer personal data to another person due to the transfer, merger, acquisition of companies, sale of LMT assets, transfer of service provision to another economic operator, etc. 

7.3.    We also process anonymised data that are not attributed to a specific natural person and do not allow to identify a data subject. These data may be used for other purposes and transferred to other persons. 

7.4.    LMT ensures the confidentiality of personal data by implementing security measures in accordance with laws and regulations.

7.5.    LMT processes personal data within the framework of the European Union and the European Economic Area; however, in certain cases, LMT may transfer them for processing in third countries. In such cases, the transfer of personal data may take place based on certain legal basis, only for specific and necessary purposes (for example, if it is necessary for the provision of a service and to ensure the performance of a contract) and by taking appropriate measures to ensure an adequate level of protection of natural persons. For example, the third country where the partner is located provides a sufficient level of protection in accordance with the decision of the EU Commission, the partner has provided adequate guarantees with binding corporate rules, corresponding standard data protection clauses or other approved regulations, codes of conduct, certification mechanisms or in other cases. The data subject can receive more detailed information about the transfer of personal data to third countries by contacting LMT.

8.1.    We store personal data only as long as required to achieve a specific purpose, or as long as required by laws and regulations.

8.2.    For example, the customer's personal data are stored during the contractual relationship or as long as required for the provision of the service. Even after the end of the contractual relationship, personal data are stored until complete fulfilment of all obligations of the parties, until fulfilment of the accounting requirements or other statutory requirements, and also during the period until the customer or LMT can implement the protection of their legal interests in accordance with the procedures specified in laws and regulations (including to submit objections and complaints or raise legal action until the statute of limitations has expired). The retention time of individual data sets may also be shorter.

8.3.    If personal data are stored on the basis of consent, such data are stored until withdrawal of consent, unless another legal basis for its storage is applicable.

8.4.    Several laws and regulations impose a legal obligation on us to store personal data for a certain period of time. For example, the storage period for service invoices is 5 years, as determined by the Accounting Law. The storage period of the data to be saved is 18 months in accordance with the requirements of the Electronic Communications Law.

8.5.    In order to protect LMT legitimate interests in the event of a civil claim, LMT may store personal data for up to 10 years after termination of the contract. In case of legal proceedings or investigation, in order to protect the legitimate interests of LMT, personal data may be stored by LMT until the end of the legal proceedings or investigation.

8.6.    Data obtained as a result of video surveillance (with or without audio recording) required to achieve a specific purpose and to protect the legitimate interests of LMT, depending on the object where video surveillance takes place, are stored for up to 3 months.

8.7.    Audio recordings of the telephone conversation, which are necessary to achieve a specific purpose and to protect the legitimate interests of LMT, are stored for up to 3 months.

8.8.    At the end of the storage period (on expiry), the customer's personal data is permanently deleted if it is stored electronically, or destroyed if it is stored in paper form, or anonymised.

8.9.    Restrictions do not apply directly to the storage of anonymised data, but we also store them only to the necessary extent and duration.

9.1.    Similar to other websites, the website of LMT may also use cookies and similar technologies. 

9.2.    Cookies make it possible to adapt the website of LMT to the needs and convenience of the visitor (including based on statistical data collected in an aggregated form, without directly identifying the user of the end device). Also, cookies allow to individually address the visitor of the website of LMT, provided that the visitor has given his or her optional consent. Find out more about cookies in the LMT Cookies Policy available on the website of LMT at https://www.lmt.lv.

9.3.    Unless otherwise provided by laws and regulations, a person has the right to refuse further processing of his or her data at any time, but in this case, especially if the said data is technically essential, there is a possibility that we will not be able to provide this service to the same extent as before.

10.1.    A data subject has the following rights:

10.1.1.    The right to familiarise himself or herself with the information stored about him or her by LMT, insofar as it does not contradict laws and regulations and does not unjustifiably interfere with the rights of other persons. Such information can be received through any channel supported by LMT that allows identification of a person, including, for example, visiting LMT Customer Centres and also contacting LMT on the site My LMT to the extent offered therein.

10.1.2.    The right to request access to own personal data, obtain rectification or, if necessary, supplementing, or erasure (right to be forgotten); to restrict the processing of personal data or to object to such processing in the cases provided for in laws and regulations; and also the right to data portability. Please note that in case of rectification, erasure, restriction, termination, or portability, services / processes can be partially or fully suspended, and it can be irreversible. When choosing to receive information about oneself remotely, such as by mail, e-mail, other addressee, etc., the requester is responsible for the security of the chosen method of receipt and for the conduct of persons acting on behalf of the requester.

10.1.3.    The right to request a copy of the personal data being processed, if it does not adversely affect the rights and freedoms of other persons. Please note that LMT has the right to ask for a reasonable fee, which is based on administrative costs, for all additional copies of such personal data requested by the data subject.

10.1.4.    The right to withdraw any previous consent at any time in an easy manner. Giving or withdrawing consent is a person’s free choice and does not impose any additional obligations. However, if a person decides to withdraw any previous consent, it should be considered that the processing of personal data related to the respective consent will be suspended and the previous functionality may not be fully available. For example, the unsubscribing from newsletters means that news or other information on offers will no longer be sent to the person. It is important to remember that such withdrawal does not affect the lawfulness of data processing based on consent before its withdrawal. 

There are several ways to withdraw consent. Consent can be revoked on LMT site My LMT, where information about the given consents, withdrawal, and further management options is available. There is also the possibility of withdrawing the given consent in the app where it was provided (for example, LMT Viedtelevīzija app).  Additional information on withdrawal of consent is also provided on the website of LMT. The option to refuse further offers is also provided when an offer is sent through the relevant communication channel. If consent is given in relation to a particular service, it may be possible to withdraw consent on the website or app of the particular service. 

In order to withdraw consent or ask related questions, you can contact us at any time by calling the phone number specified in this Policy, visiting any LMT Customer Centre, or contacting us through any other communication channel using the contact information below. 

10.1.5.    The right to object at any time and free of charge to the processing of personal data for direct marketing purposes, including profiling, to the extent such processing is related to direct marketing, regardless of whether this is initial or further processing.

10.1.6.    The right to contact LMT and market supervisory authorities about data processing issues. If assistance is required to obtain further information about this Privacy Policy, aspects of data processing, or the applicable laws and regulations regarding data protection, please contact LMT so that we can carefully examine the issue and provide a response. In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate (data protection supervisory authority of Latvia).

10.2.    Requests from data subjects in relation to the aforementioned rights are examined free of charge. Examination of a request may be refused, or a reasonable fee may be charged, if the request is manifestly unfounded or excessive, and also in other cases provided for by laws and regulations. A request may be submitted at any LMT Customer Centre or remotely, providing the possibility to identify oneself as a specific data subject and to verify the nature and the ground of the submitted request. 

10.3.    A data subject has the following obligations:

10.3.1.    The obligation to provide LMT with information about changes in the provided data within a reasonable period. It is important to LMT that the information at the disposal thereof is accurate and up to date.

10.3.2.    The obligation to provide additional information, if necessary. During communication or cooperation, we may request additional information to verify that we communicate or cooperate with a particular natural person. This is needed to protect the personal data of the relevant natural person and other persons for ensuring that the said person is the data subject and that any information disclosed during such communication and/or cooperation is made available only to this specific person and does not interfere with the rights of other persons. For example, when a person wishes to find out information about himself or herself by sending a request to LMT. In this case it is important for LMT to make sure that this particular person has signed and submitted the request. Accordingly, we may request to provide additional identifying information. However, if the person has not provided additional information and/or LMT has any doubts about the identity of the requester, in order to protect personal data (not to disclose data to any third parties) we may stop the examination of the request until we are sure that this is the person who requested the mentioned information.

10.3.3.    The obligation to read this Privacy Policy before cooperation and to provide it to any person associated with the data subject and whose interests may be consequently affected by the processing of personal data of the data subject. This Privacy Policy is an integral part of the services provided by LMT. LMT expects that the data provided to LMT does not adversely affect the interests of other persons. In cases where, under appropriate terms and conditions, a person can access or share his or her services with another person, the person is responsible for informing such other person about the processing of data during such processes and the obligations arising therefrom. In cases where data directly relate to another person (in the event of a change of data subject), the person has the obligation to inform us without delay. Until the full identification of the persons, the data are attributed to the relevant natural person as the data subject.

Considering our continuous improvement and development measures, this Privacy Policy may occasionally be revised and updated. Therefore, we encourage data subjects to regularly review the latest version of the Privacy Policy. It is available via LMT communication channels, including at LMT Customer Centres and on the website of LMT available at www.lmt.lv. In case of significant changes, information may be provided via additional channels, for example, on the self-service portal.

12.1.    In case of any questions or concerns regarding this Privacy Policy or the processing of personal data, please contact LMT using the contact information below or contacting LMT Data Protection Officer.

12.2.    “Latvijas Mobilais Telefons” SIA, Ropazu 6, Riga, LV-1039 

12.3.    LMT 24-hour toll-free Infoline: 8076 8076

12.4.    LMT 24-hour Infoline for calls from abroad: +371 2931 9911 
(free of charge from the EEA+ countries) 

12.5.    E-mail: [email protected]

12.6.    Fax: 6777 3707

12.7.    Text messages to LMT Contact Centre: 8076 8076

12.8.    Data Protection Officer: [email protected]  

12.9.    If this Privacy Policy is translated into other languages, in case of divergence, the Latvian text prevails.

13.1. LMT ensures the fulfillment of data processing and protection requirements in accordance with the highest standards of law, and in case of any objection, LMT will take all appropriate actions to find a solution. However, if this fails in the opinion of the data subject, the data subject has the right to contact the Data State Inspectorate at Elijas street 17, Riga, LV-1050. More information and contact details are available on the website: www.dvi.gov.lv.