Personal data that we process
Price pools and procurements below the contract price threshold for public procurements shall be organised on the Electronic Procurement System of Latvenergo AS (hereinafter – LEIS), while procurements above the contract price threshold for public procurements shall be organised on the Electronic Procurement System of the State Digital Development Agency (hereinafter – SDDA) and LEIS. E-orders shall be placed via the Electronic Procurement System of SDDA.

Various activities that involve the processing of personal data are carried out when organising price pools and procurements, as well as when placing E-orders. Depending on the specific activity of the purchase process, the following personal data may be processed:

• Authentication information;
• Identifying information (name, surname, personal identification number);
• Information on the represented company (title and registration number of the employer) (if applicable);
• Position (if applicable);
• Information contained in communication materials (for instance, in correspondence);
• Contact details (correspondence address, mobile phone, phone, e-mail address);
• Payment information (credit institution and details of the credit institution, current account number);
• Information related to participation in price pools, procurements and E-orders, including professional eligibility, experience and education data (work experience, education, qualifications, additional education and courses, information on language skills);
• Information on whether the exclusion criteria set out in the laws and regulations are applicable to the bidder;
• Resident or non-resident;
• Information on the date of contract termination;
• Description and percentage of works to be delivered;
• Information included in the offer;
• Unstructured data enclosed in the annexes.

The legal (judicial) grounds for processing
When organising procurements and placing E-orders in the Electronic Procurement System of the SDDA, we will process your personal data on the basis of Article 6(1)(c) of the Regulation, i.e., the Public Procurement Law, the Law On the Procurement of Public Service Providers, Cabinet Regulation No. 816, adopted on 20 December 2022, “Regulations on Electronic Public Procurements”.

When organising price pools, simplified procurement and procurement procedures on LEIS, we will process your personal data on the basis of Article 6(1)(f) of the Regulation – for the purposes of the legitimate interests pursued by us “To organise and ensure procurement, including price pools, and related activities below the threshold value of the public procurement contract price and to ensure the procurement procedure on LEIS”.

Who will receive your personal data?
Personal data will be processed by the authorised employees of the Controller in accordance with the scope specified in their job responsibilities, in compliance with the requirements of personal data protection and other regulatory acts, as well as the personal data processing requirements specified in the Controller’s internal regulations.

Personal data may be transferred to:

• Outsourcing service providers (processors) of the Controller, who are authorised to perform certain data processing activities on behalf of and under the supervision of the Controller;
• A company of Latvenergo Group, if the procurement is also carried out in the interests of a Latvenergo Group company;
• Audit and audit service providers;
• Public bodies that provide services (for instance, SDDA);
• State institutions, which must provide the information specified in regulatory enactments;
• Under certain circumstances (for example, if a complaint is received about the relevant service), the data may be transferred to law enforcement or supervisory authorities, the court, as well as to the Controller’s processors – legal service providers.

Personal data is not intended to be transferred to recipients outside the European Union or the European Economic Area countries.

How long do we store your data?
In accordance with Section 46 of the Law On the Procurement of Public Service Providers, we, as a public service provider, will keep all original documents of the price pools and procurement procedure, as well as original applications and bids on LEIS for no less than three years after the decision regarding the procurement procedure has been made and for no longer than ten years, as provided for by Part Five, Section 40 of the Public Procurement Law.

If a complaint is received or the legitimate interest of the Controller is violated, for instance, a dispute regarding the scope of the received service exists, the relevant information may be retained until the resolution of the dispute is complete, or if the dispute is being resolved in court, until the date when the final court decision enters into force.

Personal data that we process
The Supplier List and Qualification Systems are established and maintained on LEIS. The following personal data may be processed within the framework of the maintenance of the Supplier List and the Qualification System:

• Authentication information;
• Identifying information (name, surname, personal identification number);
• Information on the represented company (title and registration number of the employer) (if applicable);
• Position (if applicable);
• Professional suitability, experience and education data;
• Contact details (correspondence address, mobile phone, phone, e-mail address);
• Information related to participation in procurements, including professional eligibility, experience and education data (work experience, education, qualifications, additional education and courses, information on language skills);
• Payment information (credit institution and details of the credit institution, current account number);
• Information on the qualification deadline;
• Type of work/services;
• Information contained in communication materials (for instance, in correspondence);
• Unstructured data enclosed in the annexes.

The legal (judicial) grounds for processing
In maintaining the Supplier List and Qualification Systems, we will process your personal data on the basis of Article 6(1)(f) of the Regulation – for the purposes of the legitimate interests pursued by us “To maintain the Supplier List and to select and maintain a list of qualified suppliers (Section 55 of the Law On the Procurement of Public Service Providers)”.

Who will receive your personal data?
Your personal data will be processed by the authorised personnel of Latvenergo Group who have access to the Supplier List and/or Qualification Systems. The authorised personnel will process personal data in accordance with the scope specified in their job duties, observing the requirements specified in personal data protection and other regulatory enactments, as well as the requirements for the processing of personal data specified in the Controller’s internal regulatory enactments.

Personal data may be handed over to:

• A Latvenergo Group company, if the Supplier List and/or Qualification Systems are used by a Latvenergo Group company;
• Outsourcing service providers (processors) of the Controller, who are authorised to perform certain data processing activities on behalf of and under the supervision of the Controller;
• Audit and audit service providers;
• Public bodies that provide services (for instance, SDDA);
• State institutions, which must provide the information specified in regulatory enactments;
• Third parties that gain access to the lists of qualified suppliers published on the websites of Latvenergo Group;
• Under certain circumstances (for example, if a complaint is received about the relevant service), the data may be transferred to law enforcement or supervisory authorities, the court, as well as to the Controller’s processors – legal service providers.

It is not planned to transfer the personal data to recipients located outside of the countries of the European Union or European Economic Area.

How long do we store your data?
We will process your personal data that have been included on the Supplier List and the Qualification System as long as you are included on the Supplier List and/or the Qualification System, but for no longer than 10 years, with the maximum period being adjusted to the period specified in Part Five, Section 40 of the Public Procurement Law.

If a complaint is received or the legitimate interest of the Controller is violated, for instance, a dispute regarding the scope of the received service exists, the relevant information may be retained until the resolution of the dispute is complete, or if the dispute is being resolved in court, until the date when the final court decree enters into force.