Terms of Use of the WorkingDay Website

1. Introduction

“WorkingDay Latvia” SIA, reg. No. 40003793545, with its address at Terbatas Street 53-10, Riga, LV-1011 (hereinafter referred to as the "Controller"), processes personal data obtained from data subjects—users of the website www.workingday.lv (hereinafter referred to as the "Website"). The Controller is committed to protecting the privacy and personal data of users and adheres to users' rights to lawful data processing in accordance with applicable laws, including the European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals regarding personal data processing and the free movement of such data (the "Regulation") and other relevant legal acts in the fields of privacy and data processing. In light of this, the Controller has developed this privacy policy to provide the User with the information required by the Regulation. This privacy policy applies to data processing regardless of the format and/or medium through which the User provides personal data (e.g., on the Website, in paper form, or by phone). The Controller reserves the right to amend these terms at any time. It is the responsibility of the Website visitor to independently check the Website content to stay informed of any changes to these terms.

2. Identity and Contact Information of the Controller

The Controller is “WorkingDay Latvia” SIA, reg. No. 40003793545, address: Terbatas Street 53-10, Riga, LV-1011. Website: www.workingday.lv, email: birojs@workingday.lv, phone: +371 67803366.

3. Contact Information for the Data Protection Officer

The Controller’s Data Protection Officer is Lauris Klagišs (lauris.klagiss@gmail.com, phone +371 29470425).

4. Purposes of Processing and Legal Basis

If the User submits their personal data to the Controller—such as name, surname, personal identification number, email or postal address, phone number, personal messages, etc.—via Website contact forms, email, or other mail, the Controller retains and uses this information for recruitment purposes in various recruitment contests. Potential employees may withdraw their consent to data processing in writing. The legal basis for data processing is Article 6(1)(a) of the Regulation, which states that processing is lawful if the data subject has given consent for their personal data to be processed for one or more specific purposes.

5. Categories of Personal Data

Categories of personal data include name, surname, personal identification number, email or postal address, IP address, phone number, letters, and CV content. Users are prohibited from entering sensitive (special category) personal data into the Controller’s database. The Controller is not obliged to verify whether a user has entered such data.

6. Categories of Data Recipients

Data may be disclosed to the Controller’s clients (potential employers) and to those employees of the Controller who require it to perform their direct duties to fulfil or conclude a relevant service agreement. In obtaining and using personal data, the Controller partially relies on the services of external service providers who strictly adhere to the Controller’s instructions under contract and whom the Controller continuously monitors both before and during the provision of services.

7. Categories of Data Subjects

Categories of data subjects include job seekers.

8. Transfer of Data Outside Latvia

Data received will not be transferred outside Latvia, the European Union, or the European Economic Area without the consent of the data subject, nor will it be transferred to any international organization.

9. Data Retention Period

Unless otherwise specified in the data protection instructions, the Controller deletes personal data no later than three months after the original reason for data retention is no longer valid, except in cases where legal obligations require the data to be retained (e.g., for accounting or legal purposes). In any case, personal data (CVs) are not retained for more than 20 years from receipt.

10. Access to Personal Data for Data Subjects

Data subjects have the right to access their personal data within one month of submitting a relevant request. Users may submit a request to exercise their rights in writing in person at the Controller’s legal address (with proof of identity) or via email with a secure electronic signature. Upon receiving the User's request to exercise their rights, the Controller will verify the User’s identity, evaluate the request, and execute it in accordance with legal regulations. Users have the right to receive information provided by law regarding their data processing, to request access to their personal data, and to request that the Controller supplement, correct, or delete it, restrict processing, or object to processing, as long as these rights do not conflict with the purpose of data processing (concluding or fulfilling agreements). The data subject does not have the right to access information that is prohibited by law from being disclosed in matters of national security, defense, public safety, criminal law, or to ensure the state’s financial interests in tax matters or financial market supervision and macroeconomic analysis.