LexSilent Legal Services
Remote legal services for businesses and individuals throughout Latvia.
PRIVACY POLICY
Effective as of: [date]
1. CONTROLLER
The controller of personal data processing is:
LEXSILENT SIA, Reg. No. 40203725626, registered address: Pasta iela 38-22, Jelgava, LV-3001, email: info@lexsilent.lv (hereinafter – the Controller).
2. PURPOSE OF PERSONAL DATA PROCESSING
2.1. Personal data are processed for the following purposes:
- Provision of legal services (contract review, legal analysis, preparation of documents, consultations, etc.);
- Pre-contractual communication and assessment of requests;
- Conclusion and performance of an agreement on the provision of legal services;
- Issuance of invoices and accounting;
- Fulfillment of obligations set out in laws and regulations;
- Ensuring the security of information systems and data.
2.2. The services are not intended for persons under the age of 18 (eighteen). If the Controller determines that personal data have been received from a minor without the consent of a legal representative, such data shall be deleted.
3. CATEGORIES OF PERSONAL DATA PROCESSED
Depending on the specific type of service and the need to ensure the provision of legal services, the following categories of data may be processed:
3.1. Data provided by the client:
- First name and surname (for identification);
- Citizenship (for identification);
- Personal identification number (if necessary for identification or compliance with legal requirements);
- Date and place of birth, if no personal identification number is available (if necessary for identification in a specific legal situation);
- Contact information – email, phone number (for communication);
- Client status: natural person / legal entity (for determining consumer status);
- Contracts, other documents, and their content (for the provision of the service);
- Description of the legal situation (for the provision of the service);
- Other information necessary for the provision of a specific legal service.
3.2. Technical data:
- IP address (to ensure system security);
- Access time (to ensure system security);
- System log files (log files) (to ensure system security).
4. SPECIAL CATEGORIES OF DATA
4.1. In the course of providing legal services, special categories of personal data may be processed where necessary for the provision of a specific service.
4.2. The processing of such data shall be carried out in accordance with Article 9 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – GDPR):
- Article 9(2)(a) GDPR – where the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
- Article 9(2)(b) GDPR – where processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the Controller or of the data subject in the field of employment, social security and social protection law;
- Article 9(2)(f) GDPR – for the establishment, exercise or defence of legal claims,
as well as in other cases provided for in the applicable laws and regulations.
5. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Personal data are processed on the basis of:
- Article 6(1)(a) GDPR – where the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- Article 6(1)(b) GDPR – for the conclusion and performance of a contract with the data subject;
- Article 6(1)(c) GDPR – for compliance with a legal obligation to which the Controller is subject;
- Article 6(1)(f) GDPR – for the purposes of providing legal services, protecting the Controller’s rights, ensuring information security, and managing professional risks. Legitimate interests are assessed by ensuring a balance between the fundamental rights and interests of the data subject.
6. DATA RECIPIENTS AND PROCESSORS
6.1. Personal data may be transferred to the following data processors and other service providers:
- Hostinger International Ltd. (Cyprus) – website hosting and email services. More information: https://www.hostinger.com/legal/privacy-policy;
- Microsoft Ireland Operations Limited (Ireland) – document storage (OneDrive). More information: https://www.microsoft.com/en-us/privacy/privacystatement;
- Atlassian Pty Ltd (Australia) – processing of service requests (Jira Service Management). More information: https://www.atlassian.com/legal/privacy-policy#privacy-policy-overview;
- Google Ireland Limited (Ireland) – email communication and document exchange (Gmail and Google Workspace services). More information: https://policies.google.com/privacy?hl=eng;
- OpenAI Ireland Limited (Ireland) – use of artificial intelligence tools (ChatGPT Business) for the analysis and preparation of legal documents. More information: https://openai.com/policies/privacy-policy/;
- Outsourced accounting service providers on the basis of separate agreements;
- External legal service providers or subcontractors, on the basis of separate agreements, where necessary for the performance of a specific service.
6.2. Data processing agreements are concluded with data processors in accordance with Article 28 GDPR, or other security mechanisms compliant with GDPR requirements are applied. Data processors may use sub-processors in accordance with their publicly available lists.
7. INTERNATIONAL DATA TRANSFERS
In certain cases, personal data may be transferred outside the European Economic Area, ensuring the use of standard contractual clauses approved by the European Commission or other safeguards compliant with GDPR requirements.
8. DATA RETENTION PERIOD
8.1. Personal data are stored as follows:
- Legal service documentation – for up to 10 (ten) years after completion of the service, taking into account limitation periods for legal claims and professional liability risks;
- Accounting, employment, and personnel documents – in accordance with the mandatory retention periods established by applicable laws and regulations;
- Uncompleted requests – for up to 12 (twelve) months from the date of the last communication.
8.2. After the expiry of the relevant retention period, personal data shall be irreversibly deleted or anonymised, unless applicable laws and regulations require their storage for a longer period.
9. CONFIDENTIALITY AND PROFESSIONAL SECRECY
9.1. All information provided by the client for the purpose of receiving legal services, including personal data and documents, is considered confidential.
9.2. The Controller complies with the principles of professional confidentiality and professional secrecy and ensures that access to personal data and other confidential information is granted only to authorised persons who require it for the performance of their work or contractual duties.
9.3. Information shall not be disclosed to third parties, except where necessary for the provision of the service, required by laws and regulations, or disclosed with the client’s consent.
10. DATA SECURITY
10.1. The Controller implements appropriate technical and organisational security measures, taking into account the nature, scope and context of personal data processing, as well as the risks associated with such processing.
10.2. Security measures include, inter alia:
- access restrictions and access rights control;
- encrypted data transmission and the use of secure connections;
- the use of reliable cloud services and infrastructure solutions;
- internal security and access control mechanisms.
11. RIGHTS OF THE DATA SUBJECT
11.1. The data subject has the right to:
- request access to his or her personal data;
- request rectification of personal data;
- request erasure of personal data;
- request restriction of processing;
- object to the processing of personal data;
- receive his or her personal data in a structured, commonly used, and machine-readable format (data portability);
- withdraw the given consent at any time, where the processing of personal data is based on consent.
11.2. Requests regarding the exercise of rights may be submitted by the data subject by sending an email to: info@lexsilent.lv.
11.3. The Controller shall provide a response within 1 (one) month from the date of receipt of the request. Where necessary, this period may be extended by an additional 2 (two) months, informing the data subject accordingly.
11.4. The Controller has the right to request additional information to verify the identity of the data subject.
11.5. If the data subject considers that the processing of personal data violates applicable laws and regulations, he or she has the right to lodge a complaint with the Data State Inspectorate (www.dvi.gov.lv).
11.6. The Controller does not carry out automated decision-making or profiling.
12. AMENDMENTS TO THE PRIVACY POLICY
12.1. The Controller reserves the right to amend or supplement this Privacy Policy where necessary due to changes in legal requirements or organisational or technical changes in personal data processing.
12.2. The current version of the Privacy Policy is available on the website.
12.3. In the event of significant amendments, data subjects shall be informed in an appropriate manner before such amendments enter into force.
Privacy Policy | Legal Services Terms and Conditions | Cookie Policy | Right Of Withdrawal | Withdrawal Form
Contact email: info@lexsilent.lv
LEXSILENT SIA, Reģ. Nr. 40203725626
In certain cases, cooperation partners with appropriate professional qualifications may be involved in the provision of legal services.
This website does not use analytics or marketing cookies.