Cookie policy

SIA Mitigate, registration No. 50103381201, registered address Gustava Zemgala gave 74A, Riga, LV-1039, Latvia, hereinafter referred to as “Company,” undertakes to ensure the security of personal information and the protection of users’ rights on the Company’s website and its content.

This cookie policy allows website visitors to obtain additional information on the technologies used and how the Company uses them.

Terminology

Cookie is a small text file sent to a user’s computer or mobile device when a user visits the website. The website stores This text file on the user’s computer or mobile device when the user opens the site. At each subsequent visit, cookies are sent back to the home site or another site that recognizes the cookie. Cookies act as a memory of the specific site, allowing this site to remember the user’s computer or mobile device in the next few visits. Cookies can remember user settings and make the site use more convenient.

The categories of cookies:

(a) First-party cookies are cookies created by the Company, and the Company is the Controller over the cookies. Cookies are sent from that service provider’s device or domain from which the service requested by the user is provided.

(b) Third-party cookies are created by other service providers (third parties). They are sent from devices or domains not managed by the service provider itself, and a third party processes all data collected from cookies.

The Controller is a physical or legal person who, alone or jointly with others, determines the purposes and means of personal data processing.

Purpose and legal basis for having cookies

Cookies are needed to make it more convenient for you to use our digital services: we collect information on how you use our website and improve our services. Cookies are also used to provide you with customized information about our products and services.

We use different types of cookies placed by default (such as Required cookies), but we ask your consent for individual cookies used for analytical and targeting purposes. By consenting to the cookie bar that appears when you visit the website, you choose whether to allow specific cookie categories.

We also use third-party cookies. In regards to these third-party cookies, we suggest you learn more about their cookie policies and make your own decision on how your data is processed.

Types of cookies and their use

We use three cookie categories, two of which require your consent. By agreeing to one of the categories, you give your consensus to all cookies included in this category (see a detailed list of cookies below). You can change your preferences and opt out of cookies at any time.

Required cookies

The Required cookies ensure that the site functions correctly by providing its basic functions. The website will not be able to function properly without these cookies. These cookies are stored on your computer, smartphone, tablet, or other device during site visits and browsing or for a specific period. They are set up in response to your actions, which are considered as a request for a service, such as setting up privacy preferences, signing in, or filling out forms. As the Required cookies are necessary for the website’s functioning, they cannot be excluded; therefore, the user’s consent to this category of cookies is not required.

NamePurposeShelf-life
security_tokenA permanent security cookie to maintain user session security30 days

Analytical cookies

Analytical cookies allow us to list the number of visits and sources to measure and improve our website’s functioning. They help us understand which pages are the most popular and used rarely and how visitors move on our site. If you refuse to use these cookies, your visit will not be included in our statistics but will not limit your activities on our website.

Accept/rejectNamePurposeShelf-life
Accept/rejectsite_activityTracks user behaviour for website optimization90 days

Marketing cookies

In general, targeting cookies are used to identify the content you want on the website and to provide you with the best information about our products and services, improve the customization of our content, and expand your activity on our site. These cookies can be used for our advertising campaigns on third-party websites. If you agree to use these cookies, we can also get information about the websites of our trusted partners where you have responded to our ads. If you opt out of these cookies, you’ll be offered general and depersonalized ads.

Marketing cookies are set by other companies whose offered functionality is used or whose functionality is linked to the website.

Accept/rejectNamePurposeShelf-life
Accept/rejectad_trackerTracks which ads a user clicks on for targeted advertising180 days

Withdrawal of consent

At any time, you can change what cookies you allow us to use or opt out of using cookies. You can opt out of all cookies except the Required cookies.

Third-party cookies

The site uses Google Analytics software cookies, which provide anonymous information about the visitor’s activities on the website (such as the visited page, the date and time of the visit, etc.) and is used for statistics and analysis, according to the stated purposes.

Accept/rejectNamePurposeShelf-life
Accept/reject_gaRegisters a unique ID used to generate statistics on how the visitor uses this site2 years
Accept/reject_gatUses Google Analytics to adjust the number of requests1 minute
Accept/reject_smartlookSessionSmartlook tracking to understand user interactions on the website1 year
Accept/rejectSL_C_2e6ea2aa51c95fc5235393c645ad8e5729bc2bb1_VID:Used to identify the user's sessionSession duration
Accept/rejectSL_C_2e6ea2aa51c95fc5235393c645ad8e5729bc2bb1_VID:Used to recognize the user's device2 years

For more details on the cookies provided by third parties, visit here: https://policies.google.com/privacy?hl=en-US.

If any of the links mentioned do not work or there are additional questions about Mitigate cookies, don’t hesitate to contact us at datuapstrade@mitigate.dev.

Cookie policy

SIA Mitigate, registration No. 50103381201, registered address Gustava Zemgala gave 74A, Riga, LV-1039, Latvia, hereinafter referred to as “Company,” undertakes to ensure the security of personal information and the protection of users’ rights on the Company’s website and its content.

This cookie policy allows website visitors to obtain additional information on the technologies used and how the Company uses them.

Terminology

Cookie is a small text file sent to a user’s computer or mobile device when a user visits the website. The website stores This text file on the user’s computer or mobile device when the user opens the site. At each subsequent visit, cookies are sent back to the home site or another site that recognizes the cookie. Cookies act as a memory of the specific site, allowing this site to remember the user’s computer or mobile device in the next few visits. Cookies can remember user settings and make the site use more convenient.

The categories of cookies:

(a) First-party cookies are cookies created by the Company, and the Company is the Controller over the cookies. Cookies are sent from that service provider’s device or domain from which the service requested by the user is provided.

(b) Third-party cookies are created by other service providers (third parties). They are sent from devices or domains not managed by the service provider itself, and a third party processes all data collected from cookies.

The Controller is a physical or legal person who, alone or jointly with others, determines the purposes and means of personal data processing.

Purpose and legal basis for having cookies

Cookies are needed to make it more convenient for you to use our digital services: we collect information on how you use our website and improve our services. Cookies are also used to provide you with customized information about our products and services.

We use different types of cookies placed by default (such as Required cookies), but we ask your consent for individual cookies used for analytical and targeting purposes. By consenting to the cookie bar that appears when you visit the website, you choose whether to allow specific cookie categories.

We also use third-party cookies. In regards to these third-party cookies, we suggest you learn more about their cookie policies and make your own decision on how your data is processed.

Types of cookies and their use

We use three cookie categories, two of which require your consent. By agreeing to one of the categories, you give your consensus to all cookies included in this category (see a detailed list of cookies below). You can change your preferences and opt out of cookies at any time.

Required cookies

The Required cookies ensure that the site functions correctly by providing its basic functions. The website will not be able to function properly without these cookies. These cookies are stored on your computer, smartphone, tablet, or other device during site visits and browsing or for a specific period. They are set up in response to your actions, which are considered as a request for a service, such as setting up privacy preferences, signing in, or filling out forms. As the Required cookies are necessary for the website’s functioning, they cannot be excluded; therefore, the user’s consent to this category of cookies is not required.

NamePurposeShelf-life
security_tokenA permanent security cookie to maintain user session security30 days

Analytical cookies

Analytical cookies allow us to list the number of visits and sources to measure and improve our website’s functioning. They help us understand which pages are the most popular and used rarely and how visitors move on our site. If you refuse to use these cookies, your visit will not be included in our statistics but will not limit your activities on our website.

Accept/rejectNamePurposeShelf-life
Accept/rejectsite_activityTracks user behaviour for website optimization90 days

Marketing cookies

In general, targeting cookies are used to identify the content you want on the website and to provide you with the best information about our products and services, improve the customization of our content, and expand your activity on our site. These cookies can be used for our advertising campaigns on third-party websites. If you agree to use these cookies, we can also get information about the websites of our trusted partners where you have responded to our ads. If you opt out of these cookies, you’ll be offered general and depersonalized ads.

Marketing cookies are set by other companies whose offered functionality is used or whose functionality is linked to the website.

Accept/rejectNamePurposeShelf-life
Accept/rejectad_trackerTracks which ads a user clicks on for targeted advertising180 days

Withdrawal of consent

At any time, you can change what cookies you allow us to use or opt out of using cookies. You can opt out of all cookies except the Required cookies.

Third-party cookies

The site uses Google Analytics software cookies, which provide anonymous information about the visitor’s activities on the website (such as the visited page, the date and time of the visit, etc.) and is used for statistics and analysis, according to the stated purposes.

Accept/rejectNamePurposeShelf-life
Accept/reject_gaRegisters a unique ID used to generate statistics on how the visitor uses this site2 years
Accept/reject_gatUses Google Analytics to adjust the number of requests1 minute
Accept/reject_smartlookSessionSmartlook tracking to understand user interactions on the website1 year
Accept/rejectSL_C_2e6ea2aa51c95fc5235393c645ad8e5729bc2bb1_VID:Used to identify the user's sessionSession duration
Accept/rejectSL_C_2e6ea2aa51c95fc5235393c645ad8e5729bc2bb1_VID:Used to recognize the user's device2 years

For more details on the cookies provided by third parties, visit here: https://policies.google.com/privacy?hl=en-US.

If any of the links mentioned do not work or there are additional questions about Mitigate cookies, don’t hesitate to contact us at datuapstrade@mitigate.dev.

Privacy policy

For customers, business partners and their employees, candidates

Data Protection Privacy Policy of SIA Mitigate, unified reg. No. 50103381201, VAT reg. No. LV50103381201, legal address: Gustava Zemgala gatve 74A, Riga, LV-1039, Latvia, hereinafter – the Company. This Policy is applicable in cases when the Company, or the Company together with its Cooperation Partners, processes personal data.

Regarding potential employees the Privacy policy is applied till decision about candidates employment is made. After moment decision on candidate’s employment is made, all internal regulations are applied as for any employee.

1. Definitions

Controller is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data;

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party is a natural or legal person, public authority, agency or body other than the Data Subject, the controller, the processor and persons, who under direct authority by the Controller or the Processor are authorised to process Personal Data.

Personal data is any information relating to an identified or identifiable natural person (Data Subject).

Data Subject is an identifiable natural person, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, identification number, phone number, e-mail address, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or being made available otherwise, alignment or combination, restriction, erasure or destruction.

Customer is any natural or legal person who uses, has used, or has expressed a wish to use any services provided by SIA Mitigate or is in any other way related to them.

Cooperation Partner is any natural or legal person with whom the Company works on joint projects or whose objectives are shared by the Company.

Candidate is any natural person, who has applied to vacancy or who has been contacted by Company using social media profile contact information, or who has been contacted and candidate (You) have replied to, or You have provided Your personal information to recruitment company.

2. General Provisions

2.1. This privacy policy, hereinafter – the Policy, describes the procedure by which the Company handles the personal data that comes into its possession. Depending on the legal basis of the data processing, the Company may be a controller, a processor or a third party.

2.2. The Company shall ensure the confidentiality of personal data within the framework of applicable laws and regulations and has implemented appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.

2.3. In cases where the Company acts as a controller of personal data, it shall determine the purposes and means of personal data processing.

2.4. In cases where the Company acts as a processor of personal data, the Company shall process personal data on behalf of the controller.

2.5. In cases where the Company acts as a third party, the Company is authorised to process personal data under the direct supervision of the controller or processor.

2.6. In cases where the Company processes data, the Company may use approved personal data processors for personal data processing. In such cases, it shall take the necessary measures to ensure that such processors process personal data in accordance with the instructions of the Company and in accordance with applicable laws and regulations and require appropriate security measures to be taken.

2.7. If the Company updates this Policy, the current version of the Policy shall be published on the Company’s website www.mitigate.dev in the privacy policy section, while you may get acquainted with the historical versions of this Policy by contacting the Company and sending an e-mail to: datuapstrade@mitigate.dev.

3. How the Company obtains the data of natural persons (you)

3.1. The Data Subject (You) submits his/her data to the Company;

3.2. The Company receives personal data from its Customers or Cooperation Partners;

3.3. Company receives personal data from third parties;

3.4. The Company records your data, which is located in the public space (media, social networks, your workplace website, etc.);

3.5. You are visiting our website (see cookie policy);

3.6. You participate in corporate events organised by us, where you can be photographed or filmed;

3.7. You participate in our surveys, contests, etc.;

3.8. You participate in business forums, business networking, your contact information in social networks is created for the exchange of mutual communication, such as LinkedIn, or You follow us on social media, contact us etc.;

3.9. You visit our office;

3.10. You add Your data in Company`s systems;

3.11. You apply for our services using the registration forms posted on our website. 

In cases where the Company obtains data from the controller, any responsibility for informing the Data Subject shall rest with the relevant controller.

Company doesn’t perform video surveillance in it’s office. In building, where office is located, landlord performs video surveillance of common areas and is responsible for that.

4. What personal data may be processed by the Company?

Depending on the nature of the data processing, the Company may process the following personal data:

  • Personal identification data – name, surname, personal identification number/ID, date of birth;
  • Personal contact information – address, telephone number, e-mail address;
  • Personal workplace data – workplace, position held;
  • Data on Your experience, education, professional skills, recommendations and other data, which allows to evaluate You as professional;
  • Actions taken on internet websites – IP address, actions taken, date and time;
  • Data published by a person on social networks;
  • Survey and contest data – name or date of the survey or contest, date of the answer, questions/tasks of the survey and answers provided;
  • Photos, videos of corporate events, date, place of the photos;
  • Photos uploaded to Company systems;
  • Your contact details from social media accounts, which are used for detail exchange, as Linkedin;
  • Communication data, in case of communication between us;
  • Data of various categories, including, in exceptional cases, data of special categories, which the Company processes within the framework of various projects as a controller, processor or as a third party on the basis of the authorisation of the Controller.


Depending on the provided service, the provided product, the nuances of mutual cooperation, your above-mentioned data may be processed to different extents, in different combinations, with different purposes, and on different legal grounds, as mentioned in this privacy policy.

5. Legal basis for data processing

5.1. Conclusion and performance of the agreement – in order for the Company to be able to conclude and perform the agreement concluded with the Customer or the Cooperation Partner, providing high-quality services, it must collect and process certain personal data.  (GDPR clause 6 part 1, b subsection)

5.2. Legitimate interests of the Company – in order to observe the interests of the Company based on compliance with the requirements of applicable laws and regulations and provide high-quality services and timely support to the Customer and/or Cooperation Partner, the Company may process personal data of the Customer or Cooperation Partner to the extent objectively necessary and sufficient. In addition, the processing of personal data providing information about news in the field in which the Company operates, new development opportunities, including direct marketing, as a result of which the Company can individually address various persons to inform them about news in the field, education and development opportunities, on opportunities to provide a new and/or individually prepared offer of the Company’s products and services, shall be considered a legitimate interest. However, the Company respects the wishes of the Data Subject and provides an opportunity to opt out of receiving the above information. (GDPR clause 6 part 1, f subsection)

5.3. Fulfilment of legal obligations – the Company is entitled to process personal data in order to comply with the requirements of the laws and regulations, as well as to provide answers to lawful requests of the state and local government authorities. (GDPR clause 6 part 1, c subsection)

5.4. Consent of the Data Subject. The Data Subject himself/herself consents to the collection and processing of personal data for specified purposes. Consent is his/her free will and an independent decision that can be given at any time, thus allowing the Company to process personal data for specified purposes. The Data Subject may withdraw his/her prior consent at any time through the specified channels of communication with the Company. The applied changes shall come into effect within three working days. Revocation of consent shall not affect the lawfulness of processing which is based on the consent before revocation. (GDPR clause 6 part 1, a subsection)

5.5. Protection of vital interests. The Company may process personal data in order to protect the essential interests of the Customer, Cooperation Partner or other natural person, for example if processing is necessary for humanitarian purposes, monitoring of natural disasters and epidemics caused by human beings and the spread thereof, or in emergency humanitarian situations (acts of terror, in technological disaster situations, etc.). (GDPR clause 6 part 1, d subsection)

5.6. Exercise of official authority or public interest. The Company may process data in order to perform a task in the public interest or in the exercise of official authority legally granted to the Company. In such cases the grounds for personal data processing are included in the laws and regulations. (GDPR clause 6 part 1, e subsection)

5.7. If the Company processes the data as a processor on the basis of a duly concluded agreement with the data controller, the Company shall follow the instructions given by the controller.

5.8. If the Company performs activities with personal data as a third party on the basis of a duly concluded agreement with the data controller, the Company shall comply with the authorisation granted by the controller.

6. Purposes of data processing

The following purposes of data processing are distinguished:6.1. General management of relations with the Customer and the Cooperation Partner and provision and administration of access to products and services, in order to enter into and execute an agreement with the Customer and the Cooperation Partner; deliver the purchased service or product, verify the availability and quality of the service or product, to fulfil the obligation imposed by law, provide reports and declarations, calculate and pay taxes, to ensure high-quality, timely service and cooperation during the term of the contractual relationship; to ensure the timeliness and accuracy of the data by checking and supplementing the data.6.2. The Company shall process personal data for email marketing purposes and customer relationship management using third-party services such as Mailchimp, a service provided by The Rocket Science Group LLC, to manage email subscriber lists and send emails to our Customers and Cooperation Partners.6.3. Create a corporate link between the Company, Customers and Cooperation Partners.6.4. Find out the opinion of the Customers, Cooperation Partners and others about the work of the Company, necessary improvements.6.5. Defend Company’s legal rights.6.6. The Company is entitled to process the data for the above, as well as for other purposes, if there is a legal basis for it.

7. Rights of the Data Subject

The Data Subject has the following rights with regard to the processing of his/her data:

7.1. If the Company receives personal data from the Data Subject, the Company shall provide all the following information to the Data Subject during the acquisition of personal data:

    1. 7.1.1. registration number and legal address, contact information of the Company;
    2. 7.1.2. the contact details of the data protection specialist, if any;
    3. 7.1.3. the purposes of processing for which the personal data is intended, as well as the legal basis for the processing;
    4. 7.1.4. legitimate interests if the processing is based on Article 6 (1) (f) of the Regulation;
    5. 7.1.5. recipients or categories of recipients of personal data, if any;
    6. 7.1.6. whether the data shall be transferred to a third country or international organisation, if so, the relevant information in accordance with the requirements of applicable laws and regulations.

7.2. In addition to the above, during the collection of personal data the Company shall show the Data Subject this Policy, which ensures fair and transparent processing, i.e.:

    1. 7.2.1. the Data Subject has the right to be informed of the period for which his or her personal data will be stored or, if that is not possible, the criteria used to determine that period;
    2. 7.2.2. the Data Subject has the right of access to his or her data, i.e. the right to rectify, erase, object to the processing as well as the right to data portability;
    3. 7.2.3. where processing is based on Article 6 (1) (a) or Article 9 (2) (a) of the Regulation, the right to withdraw consent shall be without prejudice to the lawfulness of the processing based on which the consent was given before the withdrawal;
    4. 7.2.4. the Data Subject has the right to submit a complaint to the supervisory authority;
    5. 7.2.5. the Data Subject has the right to know whether automated decision-making, including profiling, exists.

7.3. If the Company has personal data that is not obtained from the Data Subject, in cases where the Company is the controller, the Company, in addition to the above, shall inform the Data Subject about the source from which the personal data has been received.

7.4. If the controller intends to further process personal data for a purpose other than the purpose for which the personal data were obtained, the Company shall inform the Data Subject of such other purpose before further processing and provide it with all relevant additional information, unless the provision of such information requires a disproportionate effort.

7.5. In cases where the Company is a processor or a third party, the Company shall act in accordance with the task or authorisation of the controller; in the case of a request from the data subject, the controller of the request received shall be informed immediately.

7.6. You have the right, by contacting us, to receive information about what your data is, in what amount, on what legal basis, for how long, etc. are processed, depending on the nuances of our cooperation.

8. Retention period

Personal data is only processed for as long as necessary for achieving the purpose of processing. The retention period may be based on the concluded agreements, the Company’s legitimate interests or applicable laws and regulations.

9. Technical and organisational requirements for data protection

9.1. The Controller shall ensure, review on a regular basis and improve the personal data protection measures in order to protect personal data of the Data Subject from unauthorised access, accidental loss, disclosure or destruction. To ensure this, the Company shall use modern technologies, technical and organisational requirements, including appropriate software, using firewalls, intrusion detection, analysis software and data encryption, as well as physical data protection (access code at the front door), alarm.

9.2. The Company shall carefully inspect all service providers who process personal data on behalf and upon instruction of the Company, as well as assess whether cooperation partners (processors of personal data) apply appropriate security measures to ensure that personal data is processed in accordance with the Company’s delegation and requirements of the laws and regulations.

9.3. The Company shall regularly train its employees and ensure their qualifications are maintained.

9.4. The Company shall not be liable for any unauthorised access to personal data and/or loss of personal data if it is beyond the Company’s control, for example due to the fault and/or negligence of the Customer or the Cooperation Partner or the Data Subject.

10. Processing area

10.1. Personal data may be processed within the EU/EEA and, for the purposes of email marketing, may be transferred to Mailchimp’s servers located in the United States. The Company ensures that all data transfers to Mailchimp are covered by appropriate safeguards in line with GDPR requirements, such as standard contractual clauses or Mailchimp’s Privacy Shield certification.10.2. The transfer and processing of personal data outside the EU/EEA may take place if there is a legal basis for doing so, namely to fulfil a legal obligation, enter into or perform an agreement, or in accordance with the Customer’s consent, and appropriate security measures have been taken.The European Commission has recognized which countries provide a level of personal data protection that corresponds to the relevant level of data protection in the European Union (Article 45 of the Regulation “Transmission based on a decision on the adequacy of the level of protection”). On the other hand, if the Company transfers personal data to countries for which the EC decision on the adequacy of the level of protection has not been adopted, the Company performs additional supervision over the implementation of relevant protection measures. For example, according to Article 46 of the Regulation “Shipping based on appropriate guarantees”. Ensuring the appropriate guarantees by including the requirements for the personal data protection framework in a legally binding document (agreement, agreement, etc.) for both parties (both the sender of personal data and the recipient of personal data), clearly indicating the procedure for implementing the data subject’s rights and the legal remedies available to the data subject means of protection.10.3. Upon request, the Customer can receive more detailed information on the transfer of personal data to countries outside the EU/EEA.

11. Contact information

11.1. The Data Subject may contact the Company regarding any matter, withdraw his/her consent, make requests for information, use Data Subject rights and submit complaints on the processing of personal data.

11.2. For any questions regarding the management of your data by Mailchimp, or if you wish to opt-out of email marketing communications, please contact us using the details provided below. You may also directly unsubscribe using the link provided in every marketing email.

11.3. The contact information of the Company is available at www.mitigate.dev in the contact section.

11.4. Responsible for data processing datuapstrade@mitigate.dev.

Approved on October 18, 2023.
Revised on October 30, 2023.
The next review shall take place by no later than October 18, 2024.

Privacy policy

For customers, business partners and their employees, candidates

Data Protection Privacy Policy of SIA Mitigate, unified reg. No. 50103381201, VAT reg. No. LV50103381201, legal address: Gustava Zemgala gatve 74A, Riga, LV-1039, Latvia, hereinafter – the Company. This Policy is applicable in cases when the Company, or the Company together with its Cooperation Partners, processes personal data.

Regarding potential employees the Privacy policy is applied till decision about candidates employment is made. After moment decision on candidate’s employment is made, all internal regulations are applied as for any employee.

1. Definitions

Controller is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data;

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party is a natural or legal person, public authority, agency or body other than the Data Subject, the controller, the processor and persons, who under direct authority by the Controller or the Processor are authorised to process Personal Data.

Personal data is any information relating to an identified or identifiable natural person (Data Subject).

Data Subject is an identifiable natural person, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, identification number, phone number, e-mail address, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or being made available otherwise, alignment or combination, restriction, erasure or destruction.

Customer is any natural or legal person who uses, has used, or has expressed a wish to use any services provided by SIA Mitigate or is in any other way related to them.

Cooperation Partner is any natural or legal person with whom the Company works on joint projects or whose objectives are shared by the Company.

Candidate is any natural person, who has applied to vacancy or who has been contacted by Company using social media profile contact information, or who has been contacted and candidate (You) have replied to, or You have provided Your personal information to recruitment company.

2. General Provisions

2.1. This privacy policy, hereinafter – the Policy, describes the procedure by which the Company handles the personal data that comes into its possession. Depending on the legal basis of the data processing, the Company may be a controller, a processor or a third party.

2.2. The Company shall ensure the confidentiality of personal data within the framework of applicable laws and regulations and has implemented appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.

2.3. In cases where the Company acts as a controller of personal data, it shall determine the purposes and means of personal data processing.

2.4. In cases where the Company acts as a processor of personal data, the Company shall process personal data on behalf of the controller.

2.5. In cases where the Company acts as a third party, the Company is authorised to process personal data under the direct supervision of the controller or processor.

2.6. In cases where the Company processes data, the Company may use approved personal data processors for personal data processing. In such cases, it shall take the necessary measures to ensure that such processors process personal data in accordance with the instructions of the Company and in accordance with applicable laws and regulations and require appropriate security measures to be taken.

2.7. If the Company updates this Policy, the current version of the Policy shall be published on the Company’s website www.mitigate.dev in the privacy policy section, while you may get acquainted with the historical versions of this Policy by contacting the Company and sending an e-mail to: datuapstrade@mitigate.dev.

3. How the Company obtains the data of natural persons (you)

3.1. The Data Subject (You) submits his/her data to the Company;

3.2. The Company receives personal data from its Customers or Cooperation Partners;

3.3. Company receives personal data from third parties;

3.4. The Company records your data, which is located in the public space (media, social networks, your workplace website, etc.);

3.5. You are visiting our website (see cookie policy);

3.6. You participate in corporate events organised by us, where you can be photographed or filmed;

3.7. You participate in our surveys, contests, etc.;

3.8. You participate in business forums, business networking, your contact information in social networks is created for the exchange of mutual communication, such as LinkedIn, or You follow us on social media, contact us etc.;

3.9. You visit our office;

3.10. You add Your data in Company`s systems;

3.11. You apply for our services using the registration forms posted on our website. 

In cases where the Company obtains data from the controller, any responsibility for informing the Data Subject shall rest with the relevant controller.

Company doesn’t perform video surveillance in it’s office. In building, where office is located, landlord performs video surveillance of common areas and is responsible for that.

4. What personal data may be processed by the Company?

Depending on the nature of the data processing, the Company may process the following personal data:

  • Personal identification data – name, surname, personal identification number/ID, date of birth;
  • Personal contact information – address, telephone number, e-mail address;
  • Personal workplace data – workplace, position held;
  • Data on Your experience, education, professional skills, recommendations and other data, which allows to evaluate You as professional;
  • Actions taken on internet websites – IP address, actions taken, date and time;
  • Data published by a person on social networks;
  • Survey and contest data – name or date of the survey or contest, date of the answer, questions/tasks of the survey and answers provided;
  • Photos, videos of corporate events, date, place of the photos;
  • Photos uploaded to Company systems;
  • Your contact details from social media accounts, which are used for detail exchange, as Linkedin;
  • Communication data, in case of communication between us;
  • Data of various categories, including, in exceptional cases, data of special categories, which the Company processes within the framework of various projects as a controller, processor or as a third party on the basis of the authorisation of the Controller.


Depending on the provided service, the provided product, the nuances of mutual cooperation, your above-mentioned data may be processed to different extents, in different combinations, with different purposes, and on different legal grounds, as mentioned in this privacy policy.

5. Legal basis for data processing

5.1. Conclusion and performance of the agreement – in order for the Company to be able to conclude and perform the agreement concluded with the Customer or the Cooperation Partner, providing high-quality services, it must collect and process certain personal data.  (GDPR clause 6 part 1, b subsection)

5.2. Legitimate interests of the Company – in order to observe the interests of the Company based on compliance with the requirements of applicable laws and regulations and provide high-quality services and timely support to the Customer and/or Cooperation Partner, the Company may process personal data of the Customer or Cooperation Partner to the extent objectively necessary and sufficient. In addition, the processing of personal data providing information about news in the field in which the Company operates, new development opportunities, including direct marketing, as a result of which the Company can individually address various persons to inform them about news in the field, education and development opportunities, on opportunities to provide a new and/or individually prepared offer of the Company’s products and services, shall be considered a legitimate interest. However, the Company respects the wishes of the Data Subject and provides an opportunity to opt out of receiving the above information. (GDPR clause 6 part 1, f subsection)

5.3. Fulfilment of legal obligations – the Company is entitled to process personal data in order to comply with the requirements of the laws and regulations, as well as to provide answers to lawful requests of the state and local government authorities. (GDPR clause 6 part 1, c subsection)

5.4. Consent of the Data Subject. The Data Subject himself/herself consents to the collection and processing of personal data for specified purposes. Consent is his/her free will and an independent decision that can be given at any time, thus allowing the Company to process personal data for specified purposes. The Data Subject may withdraw his/her prior consent at any time through the specified channels of communication with the Company. The applied changes shall come into effect within three working days. Revocation of consent shall not affect the lawfulness of processing which is based on the consent before revocation. (GDPR clause 6 part 1, a subsection)

5.5. Protection of vital interests. The Company may process personal data in order to protect the essential interests of the Customer, Cooperation Partner or other natural person, for example if processing is necessary for humanitarian purposes, monitoring of natural disasters and epidemics caused by human beings and the spread thereof, or in emergency humanitarian situations (acts of terror, in technological disaster situations, etc.). (GDPR clause 6 part 1, d subsection)

5.6. Exercise of official authority or public interest. The Company may process data in order to perform a task in the public interest or in the exercise of official authority legally granted to the Company. In such cases the grounds for personal data processing are included in the laws and regulations. (GDPR clause 6 part 1, e subsection)

5.7. If the Company processes the data as a processor on the basis of a duly concluded agreement with the data controller, the Company shall follow the instructions given by the controller.

5.8. If the Company performs activities with personal data as a third party on the basis of a duly concluded agreement with the data controller, the Company shall comply with the authorisation granted by the controller.

6. Purposes of data processing

The following purposes of data processing are distinguished:

6.1. General management of relations with the Customer and the Cooperation Partner and provision and administration of access to products and services, in order to enter into and execute an agreement with the Customer and the Cooperation Partner; deliver the purchased service or product, verify the availability and quality of the service or product, to fulfil the obligation imposed by law, provide reports and declarations, calculate and pay taxes, to ensure high-quality, timely service and cooperation during the term of the contractual relationship; to ensure the timeliness and accuracy of the data by checking and supplementing the data.

6.2. The Company shall process personal data in order to improve the provided services, including communicating with the Customer, by calling or writing e-mail,  inform the Company’s existing and potential Customers and Cooperation Partners about news in the industry, opportunities for development, new and individualised offers.

6.3. Create a corporate link between the Company, Customers and Cooperation Partners.

6.4. Find out the opinion of the Customers, Cooperation Partners and others about the work of the Company, necessary improvements.

6.5. Defend Company’s legal rights.

6.6. The Company is entitled to process the data for the above, as well as for other purposes, if there is a legal basis for it.

7. Rights of the Data Subject

The Data Subject has the following rights with regard to the processing of his/her data:

7.1. If the Company receives personal data from the Data Subject, the Company shall provide all the following information to the Data Subject during the acquisition of personal data:

    1. 7.1.1. registration number and legal address, contact information of the Company;
    2. 7.1.2. the contact details of the data protection specialist, if any;
    3. 7.1.3. the purposes of processing for which the personal data is intended, as well as the legal basis for the processing;
    4. 7.1.4. legitimate interests if the processing is based on Article 6 (1) (f) of the Regulation;
    5. 7.1.5. recipients or categories of recipients of personal data, if any;
    6. 7.1.6. whether the data shall be transferred to a third country or international organisation, if so, the relevant information in accordance with the requirements of applicable laws and regulations.

7.2. In addition to the above, during the collection of personal data the Company shall show the Data Subject this Policy, which ensures fair and transparent processing, i.e.:

    1. 7.2.1. the Data Subject has the right to be informed of the period for which his or her personal data will be stored or, if that is not possible, the criteria used to determine that period;
    2. 7.2.2. the Data Subject has the right of access to his or her data, i.e. the right to rectify, erase, object to the processing as well as the right to data portability;
    3. 7.2.3. where processing is based on Article 6 (1) (a) or Article 9 (2) (a) of the Regulation, the right to withdraw consent shall be without prejudice to the lawfulness of the processing based on which the consent was given before the withdrawal;
    4. 7.2.4. the Data Subject has the right to submit a complaint to the supervisory authority;
    5. 7.2.5. the Data Subject has the right to know whether automated decision-making, including profiling, exists.

7.3. If the Company has personal data that is not obtained from the Data Subject, in cases where the Company is the controller, the Company, in addition to the above, shall inform the Data Subject about the source from which the personal data has been received.

7.4. If the controller intends to further process personal data for a purpose other than the purpose for which the personal data were obtained, the Company shall inform the Data Subject of such other purpose before further processing and provide it with all relevant additional information, unless the provision of such information requires a disproportionate effort.

7.5. In cases where the Company is a processor or a third party, the Company shall act in accordance with the task or authorisation of the controller; in the case of a request from the data subject, the controller of the request received shall be informed immediately.

7.6. You have the right, by contacting us, to receive information about what your data is, in what amount, on what legal basis, for how long, etc. are processed, depending on the nuances of our cooperation.

8. Retention period

Personal data is only processed for as long as necessary for achieving the purpose of processing. The retention period may be based on the concluded agreements, the Company’s legitimate interests or applicable laws and regulations.

9. Technical and organisational requirements for data protection

9.1. The Controller shall ensure, review on a regular basis and improve the personal data protection measures in order to protect personal data of the Data Subject from unauthorised access, accidental loss, disclosure or destruction. To ensure this, the Company shall use modern technologies, technical and organisational requirements, including appropriate software, using firewalls, intrusion detection, analysis software and data encryption, as well as physical data protection (access code at the front door), alarm.

9.2. The Company shall carefully inspect all service providers who process personal data on behalf and upon instruction of the Company, as well as assess whether cooperation partners (processors of personal data) apply appropriate security measures to ensure that personal data is processed in accordance with the Company’s delegation and requirements of the laws and regulations.

9.3. The Company shall regularly train its employees and ensure their qualifications are maintained.

9.4. The Company shall not be liable for any unauthorised access to personal data and/or loss of personal data if it is beyond the Company’s control, for example due to the fault and/or negligence of the Customer or the Cooperation Partner or the Data Subject.

10. Processing area

10.1. Personal data shall be normally processed in the European Union/European Economic Area (EU/EEA), but in some cases it may be transferred and processed in non-EU/EEA countries.

10.2. The transfer and processing of personal data outside the EU/EEA may take place if there is a legal basis for doing so, namely to fulfil a legal obligation, enter into or perform an agreement, or in accordance with the Customer’s consent, and appropriate security measures have been taken.

The European Commission has recognized which countries provide a level of personal data protection that corresponds to the relevant level of data protection in the European Union (Article 45 of the Regulation “Transmission based on a decision on the adequacy of the level of protection”). On the other hand, if the Company transfers personal data to countries for which the EC decision on the adequacy of the level of protection has not been adopted, the Company performs additional supervision over the implementation of relevant protection measures. For example, according to Article 46 of the Regulation “Shipping based on appropriate guarantees”. Ensuring the appropriate guarantees by including the requirements for the personal data protection framework in a legally binding document (agreement, agreement, etc.) for both parties (both the sender of personal data and the recipient of personal data), clearly indicating the procedure for implementing the data subject’s rights and the legal remedies available to the data subject means of protection.

10.3. Upon request, the Customer can receive more detailed information on the transfer of personal data to countries outside the EU/EEA.

11. Contact information

11.1. The Data Subject may contact the Company regarding any matter, withdraw his/her consent, make requests for information, use Data Subject rights and submit complaints on the processing of personal data.

11.2. The contact information of the Company is available at www.mitigate.dev in the contact section.

11.3. Responsible for data processing datuapstrade@mitigate.dev.

Approved on October 18, 2023.
Revised on October 30, 2023.
The next review shall take place by no later than October 18, 2024.

Datenschutzbestimmungen

Daten -schutzbestimmungen

Für unsere Kunden, Geschäftspartner und deren Mitarbeiter, unsere potenziellen Mitarbeiter

SIA Mitigate, einheitliche Registernummer Nr. 50103381201, USt-IdNr. Nr. LV50103381201, eingetragener Sitz: Gustava Zemgala gatve 74A, Riga, LV-1039 Lettland, im Folgenden als „die Gesellschaft“ bezeichnet, Datenschutzbestimmungen. Diese Bestimmungen gelten für alle Fälle, in denen die Gesellschaft oder die Gesellschaft zusammen mit ihren verbundenen Unternehmen personenbezogene Daten verarbeitet.

Für potenzielle Mitarbeiter gelten diese Datenschutzbestimmungen bis zur Entscheidung über die Einstellung des Mitarbeiters. Ab dem Zeitpunkt, an dem die Entscheidung über die Einstellung eines Mitarbeiters getroffen wird, unterliegt der Mitarbeiter dem internen Personalstatut.

1. Definitionen

Ein für die Verarbeitung Verantwortlicher ist eine natürliche oder juristische Person, Behörde, Einrichtung oder andere Stelle, die allein oder gemeinsam mit anderen über die Zwecke und Mittel der Verarbeitung von personenbezogenen Daten entscheidet;

Ein Auftragsverarbeiter ist eine natürliche oder juristische Person, Behörde, Einrichtung oder andere Stelle, die personenbezogene Daten im Auftrag des für die Verarbeitung Verantwortlichen verarbeitet;

Dritter ist eine natürliche oder juristische Person, Behörde, Einrichtung oder andere Stelle als die betroffene Person, der für die Verarbeitung Verantwortliche, der Auftragsverarbeiter und die Personen, die unter der unmittelbaren Verantwortung des für die Verarbeitung Verantwortlichen oder des Auftragsverarbeiters befugt sind, personenbezogene Daten zu verarbeiten;

Personenbezogene Daten sind alle Informationen, die sich auf eine identifizierte oder identifizierbare natürliche Person (Datensubjekt) beziehen;

Eine betroffene Person ist eine identifizierbare natürliche Person, die direkt oder indirekt identifiziert werden kann, insbesondere durch Zuordnung zu einer Kennung wie einem Vornamen, Nachnamen, zu einer Identifikationsnummer, Telefonnummer, E-Mail-Adresse, Standortdaten, zu einer Online-Kennung oder zu einem oder mehreren spezifischen Elementen, die Ausdruck der physischen, physiologischen, genetischen, psychischen, wirtschaftlichen, kulturellen oder sozialen Identität dieser natürlichen Person sind;

Verarbeitung ist jeder mit oder ohne Hilfe automatisierter Verfahren ausgeführte Vorgang oder jede Vorgangsreihe im Zusammenhang mit personenbezogenen Daten oder einer Reihe personenbezogener Daten wie das Erheben, das Erfassen, die Organisation, die Strukturierung, die Speicherung, die Anpassung oder Veränderung, das Auslesen, das Abfragen, die Benutzung, die Weitergabe, die Übermittlung, die Verbreitung oder jede andere Form der Bereitstellung, die Kombination oder die Verknüpfung sowie das Einschränken, Löschen oder Vernichten;

Als Kunde gilt jede natürliche oder juristische Person, die eine der von SIA Mitigate angebotenen Dienstleistungen nutzt, genutzt hat oder den Wunsch geäußert hat, diese zu nutzen, oder die in irgendeiner anderen Weise mit ihnen verbunden ist;

Ein Kooperationspartner ist jede natürliche oder juristische Person, mit der die Gesellschaft an gemeinsamen Projekten arbeitet oder mit der die Gesellschaft gemeinsame Ziele verfolgt;

Ein potenzieller Mitarbeiter ist jede natürliche Person, die sich bei der Gesellschaft auf eine ausgeschriebene oder potenzielle Stelle beworben hat oder die von der Gesellschaft aufgrund von Kontakten in sozialen Netzwerken angesprochen wurde oder die von der Gesellschaft angesprochen wurde und der potenzielle Mitarbeiter (Sie) auf die Anfrage der Gesellschaft geantwortet hat oder Sie Ihre Daten einem Personalvermittlungsunternehmen mitgeteilt haben.

2. Allgemeines

2.1. Die vorliegenden Datenschutzbestimmungen, im Folgenden als „Bestimmungen“ bezeichnet, beschreiben die Art und Weise, wie die Gesellschaft mit personenbezogenen Daten umgeht, die in ihren Besitz gelangen. Je nach der Rechtsgrundlage für die Verarbeitung kann die Gesellschaft der für die Verarbeitung Verantwortliche, der Auftragsverarbeiter oder ein Dritter sein;

2.2 Die Gesellschaft gewährleistet die Vertraulichkeit personenbezogener Daten im Rahmen der geltenden Gesetze und Vorschriften und hat geeignete technische und organisatorische Maßnahmen ergriffen, um personenbezogene Daten vor unbefugtem Zugriff, unrechtmäßiger Verarbeitung oder Weitergabe, versehentlichem Verlust, Veränderung oder Zerstörung zu schützen;

2.3. Handelt die Gesellschaft als für die Verarbeitung Verantwortlicher, so bestimmt sie die Zwecke und Mittel der Verarbeitung personenbezogener Daten;

2.4. Wenn die Gesellschaft als Verarbeiter personenbezogener Daten auftritt, verarbeitet sie personenbezogene Daten im Auftrag des für die Verarbeitung Verantwortlichen;

2.5. Wenn die Gesellschaft als Dritter auftritt, ist die Gesellschaft unter der direkten Autorität des für die Verarbeitung Verantwortlichen oder des Auftragsverarbeiters befugt, personenbezogene Daten zu verarbeiten;

2.6. Wenn die Gesellschaft Daten verarbeitet, kann die Gesellschaft zugelassene Datenverarbeiter mit der Verarbeitung personenbezogener Daten beauftragen. In diesen Fällen ergreift sie die erforderlichen Maßnahmen, um sicherzustellen, dass diese Auftragsverarbeiter personenbezogene Daten gemäß den Anweisungen der Gesellschaft und im Einklang mit den geltenden Gesetzen und Vorschriften verarbeiten, und die Anwendung geeigneter Sicherheitsmaßnahmen verlangt;

2.7. Wenn die Gesellschaft diese Bestimmungen aktualisiert, wird die aktuelle Version auf der Website der Gesellschaft unter www.mitigate.dev im Abschnitt „Datenschutzbestimmungen“ veröffentlicht, und frühere Versionen dieser Bestimmungen werden Ihnen zur Verfügung gestellt, indem Sie die Gesellschaft im Voraus unter datuapstrade@mitigate.dev kontaktieren.

3. Wie erhält die Gesellschaft die Daten einer natürlicher Personen (von Ihnen)

3.1. Die betroffene Person (Sie) stellt der Gesellschaft Ihre Daten zur Verfügung;

3.2. Die Gesellschaft erhält personenbezogene Daten von seinen Kunden oder Vertragspartnern;

3.3. Die Gesellschaft erhält personenbezogene Daten von Dritten;

3.4. Die Gesellschaft erfasst Ihre Daten im öffentlichen Bereich (Medien, soziale Netzwerke, Website Ihres Arbeitsplatzes usw.);

3.5. Sie besuchen unsere Website (siehe Cookie-Richtlinie);

3.6. Sie nehmen an von uns organisierten Firmenveranstaltungen teil, bei denen Sie fotografiert und gefilmt werden können;

3.7. Sie nehmen an unseren Umfragen, Wettbewerben usw. teil;

3.8. Sie nehmen an Wirtschaftsforen und Business-Networking teil, Sie haben Kontakte in sozialen Netzwerken, die für Peer-to-Peer-Networking gedacht sind, wie z. B. Linkedin, Sie folgen uns in sozialen Netzwerken, kontaktieren uns usw;

3.9. Sie befinden sich in unseren Geschäftsräumen.

Erhält die Gesellschaft Daten von einem für die Datenverarbeitung Verantwortlichen, so ist dieser für die Unterrichtung der betroffenen Person verantwortlich.

Die Gesellschaft führt keine Videoüberwachung in ihren Räumlichkeiten durch. Der Verwalter des Gebäudes, in dem die Gesellschaft ihren seinen Sitz hat, ist für die Videoüberwachung der Gemeinschaftsräume zuständig und verantwortlich.

4. Welche personenbezogenen Daten darf die Gesellschaft über Sie verarbeiten?

Je nach der Art der Verarbeitung kann die Gesellschaft die folgenden personenbezogenen Daten verarbeiten:

  • Persönliche Identifikationsdaten – Name, Nachname, Personencode/ID-Nummer, Geburtsdatum;
  • Kontaktinformationen – Adresse, Telefonnummer, E-Mail-Adresse;
  • Angaben zum Arbeitsort der Person – Arbeitsort, Position;
  • Angaben zu Ihrer Erfahrung, Ihrer Ausbildung, Ihren beruflichen Fähigkeiten, Referenzen und anderen Informationen, die uns helfen, Sie als Fachkraft zu beurteilen;
  • Auf Websites durchgeführte Aktionen – IP-Adresse, durchgeführte Aktionen, Datum und Uhrzeit;
  • Daten, die von der Person selbst in sozialen Netzwerken veröffentlicht wurden;
  • Daten zu Umfragen und Wettbewerben – Name der Umfrage oder des Wettbewerbs, Datum, Datum der Antwort, Umfragefragen/Fragen und gegebene Antworten;
  • Fotos, Videos von Firmenveranstaltungen usw., Datum, Ort;
  • Ihre Kontaktinformation befindet sich in sozialen Netzwerken, die für den Austausch von Kontakten untereinander geschaffen wurden, wie z. B. Linkedin;
  • Kommunikationsdaten, bei denen eine Kommunikation mit uns stattgefunden hat;
  • Verschiedene Datenkategorien, darunter ausnahmsweise auch besondere Datenkategorien, die von der Gesellschaft als Verantwortlicher, Auftragsverarbeiter oder Dritter im Rahmen verschiedener Projekte auf der Grundlage der Genehmigung des Verantwortlichen verarbeitet werden.

5. Rechtsgrundlage für die Datenverarbeitung

5.1. Vertragsabschluss und -erfüllung, damit die Gesellschaft einen mit einem Kunden oder einem verbundenen Unternehmen geschlossenen Vertrag abschließen und erfüllen kann, um qualitativ hochwertige Dienstleistungen zu erbringen, muss sie bestimmte personenbezogene Daten erfassen und verarbeiten. Artikel 6 Absatz 1 Buchstabe b der DSGVO;

5.2. Berechtigte Interessen der Gesellschaft: Zur Wahrung der Interessen der Gesellschaft, die auf der Einhaltung der Anforderungen der geltenden Gesetzgebung, der Erbringung qualitativ hochwertiger Dienstleistungen und der rechtzeitigen Unterstützung des Kunden und/oder des Geschäftspartners beruhen, hat die Gesellschaft das Recht, die personenbezogenen Daten des Kunden oder des Geschäftspartners in dem Umfang zu verarbeiten, der für diesen Zweck objektiv erforderlich und ausreichend ist. Darüber hinaus wird die Verarbeitung personenbezogener Daten zum Zweck der Information über neue Entwicklungen in dem Bereich, in dem die Gesellschaft tätig ist, über neue Entwicklungsmöglichkeiten, einschließlich Direktmarketing, als berechtigtes Interesse angesehen, da die Gesellschaft verschiedene Personen individuell ansprechen kann, um über Branchennachrichten, Bildungs- und Entwicklungsmöglichkeiten, Möglichkeiten zur Bereitstellung neuer und/oder individuell vorbereiteter Angebote von Produkten und Dienstleistungen der Gesellschaft zu informieren. Die Gesellschaft respektiert jedoch die Wünsche der betroffenen Person und bietet ihr die Möglichkeit, den Erhalt der oben genannten Informationen abzulehnen. Artikel 6 Absatz 1 Buchstabe f der DSGVO;

5.3. Erfüllung gesetzlicher Verpflichtungen – Die Gesellschaft ist berechtigt, personenbezogene Daten zu verarbeiten, um die Anforderungen der gesetzlichen Vorschriften zu erfüllen und um auf rechtmäßige Anfragen der staatlichen und lokalen Behörden zu reagieren. Artikel 6 Absatz 1 Buchstabe c der DSGVO;

5.4. Einwilligung der betroffenen Person. Die betroffene Person gibt ihre Einwilligung zur Erhebung und Verarbeitung personenbezogener Daten für bestimmte Zwecke selbst. Die Einwilligung ist eine freie und unabhängige Entscheidung, die jederzeit gegeben werden kann und mit der die Gesellschaft ermächtigt wird, personenbezogene Daten für die angegebenen Zwecke zu verarbeiten. Die betroffene Person hat das Recht, ihre vorherige Einwilligung jederzeit über die angegebenen Kommunikationskanäle mit der Gesellschaft zu widerrufen. Die mitgeteilten Änderungen werden innerhalb von drei Geschäftstagen wirksam. Der Widerruf der Einwilligung berührt nicht die Rechtmäßigkeit der Verarbeitung aufgrund der Einwilligung vor dem Widerruf. Artikel 6 Absatz 1 Buchstabe a der DSGVO;

5.5. Schutz lebenswichtiger Interessen. Die Gesellschaft ist berechtigt, personenbezogene Daten zu verarbeiten, um die lebenswichtigen Interessen des Kunden, des Geschäftspartners oder einer anderen natürlichen Person zu schützen, z. B. wenn die Verarbeitung für humanitäre Zwecke, zur Überwachung von Naturkatastrophen und von Menschen verursachten Katastrophen, insbesondere von Epidemien und deren Ausbreitung, oder in humanitären Notfällen (Terroranschläge, technogene Katastrophen usw.) erforderlich ist. Artikel 6 Absatz 1 Buchstabe d der DSGVO;

5.6. Ausübung der Amtsgewalt oder öffentliches Interesse. Die Gesellschaft ist berechtigt, Daten für die Wahrnehmung einer Aufgabe zu verarbeiten, die im öffentlichen Interesse oder in Ausübung öffentlicher Gewalt erfolgt, die der Gesellschaft gesetzlich übertragen wurde. In solchen Fällen ist die Grundlage für die Verarbeitung personenbezogener Daten in den Rechtsakten enthalten. Artikel 6 Absatz 1 Buchstabe e der DSGVO;

5.7. Verarbeitet die Gesellschaft Daten als Auftragsverarbeiter auf der Grundlage eines ordnungsgemäß mit dem für die Verarbeitung Verantwortlichen abgeschlossenen Vertrags, so befolgt die Gesellschaft die Anweisungen des für die Verarbeitung Verantwortlichen;

5.8. Handelt die Gesellschaft als Dritter mit den personenbezogenen Daten einer natürlichen Person auf der Grundlage eines ordnungsgemäß mit dem für die Verarbeitung Verantwortlichen geschlossenen Vertrags, so hält sich die Gesellschaft an die von dem für die Verarbeitung Verantwortlichen erteilte Bevollmächtigung.

6. Zwecke der Datenverarbeitung

Es wird zwischen den folgenden Zwecken der Datenverarbeitung unterschieden:

6.1. Zur allgemeinen Verwaltung der Kunden- und Partnerbeziehungen und des Zugangs zu Produkten und Dienstleistungen sowie zur Verwaltung, um den Vertrag mit dem Kunden und Partner abzuschließen und zu erfüllen; zur Erfüllung gesetzlicher Pflichten, zur Erstellung von Berichten und Erklärungen, zur Berechnung und Abführung von Steuern, zur Sicherstellung von Qualität, rechtzeitigem Service und Zusammenarbeit während der Dauer des Vertragsverhältnisses; zur Sicherstellung der Aktualität und Richtigkeit von Daten durch Überprüfung und Aktualisierung von Daten;

6.2. Die Gesellschaft verarbeitet personenbezogene Daten, um die angebotenen Dienstleistungen zu verbessern und die bestehenden und potenziellen Kunden und Partner der Gesellschaft über die neuesten Entwicklungen in der Branche, Entwicklungsmöglichkeiten, neue und personalisierte Angebote zu informieren;

6.3. Aufbau einer Unternehmensbindung zwischen der Gesellschaft, den Kunden und den Geschäftspartnern;

6.4. Einholung der Meinung von Kunden, Geschäftspartnern usw. über die Arbeit der Gesellschaft und notwendige Verbesserungen;

6.5. Verteidigung ihrer gesetzlichen Rechte;

6.6. Die Gesellschaft ist berechtigt, Daten zu den oben genannten Zwecken sowie zu anderen Zwecken zu verarbeiten, wenn es dafür eine rechtmäßige Grundlage gibt.

7. Rechte der betroffenen Person

Die betroffene Person hat in Bezug auf die Verarbeitung ihrer Daten die folgenden Rechte:

7.1 Erhält die Gesellschaft personenbezogene Daten von einer betroffenen Person, so stellt die Gesellschaft der betroffenen Person zum Zeitpunkt des Erhalts der personenbezogenen Daten alle folgenden Informationen zur Verfügung:

    1. 7.1.1. Registrierungsnummer und Sitz der Gesellschaft, Kontaktdaten;
    2. 7.1.2. die Kontaktdaten des Datenschutzbeauftragten, sofern ein solcher ernannt wurde;
    3. 7.1.3. die Zwecke, für die die personenbezogenen Daten verarbeitet werden, und die Rechtsgrundlage für die Verarbeitung;
    4. 7.1.4. berechtigte Interessen, wenn sich die Verarbeitung auf Artikel 6 Absatz 1 Buchstabe f der Verordnung stützt;
    5. 7.1.5. die Empfänger oder Kategorien von Empfängern der personenbezogenen Daten, falls vorhanden;
    6. 7.1.6. ob die personenbezogenen Daten an ein Drittland oder eine internationale Organisation übermittelt werden, und wenn ja, die entsprechenden Informationen gemäß den Anforderungen des geltenden Rechts.

7.2. Darüber hinaus weist die Gesellschaft die betroffene Person zum Zeitpunkt der Erhebung personenbezogener Daten auf diese Politik hin, die eine faire und transparente Verarbeitung gewährleistet, d.h.:

    1. 7.2.1. die betroffene Person hat das Recht, über den Zeitraum, für den ihre personenbezogenen Daten gespeichert werden, oder, falls dies nicht möglich ist, über die Kriterien für die Festlegung dieses Zeitraums informiert zu werden;
    2. 7.2.2. die betroffene Person hat das Recht auf Auskunft über ihre Daten, d.h. das Recht auf Berichtigung, Löschung, Widerspruch gegen die Verarbeitung sowie das Recht auf Datenübertragbarkeit;
    3. 7.2.3. wenn die Verarbeitung auf Artikel 6 Absatz 1 Buchstabe a oder Artikel 9 Absatz 2 Buchstabe a der DSGVO beruht, das Recht, die Einwilligung zu widerrufen, ohne dass die Rechtmäßigkeit der Verarbeitung aufgrund der vor dem Widerruf erteilten Einwilligung berührt wird;
    4. 7.2.4. die betroffene Person hat das Recht, eine Beschwerde bei der Aufsichtsbehörde einzureichen;
    5. 7.2.5. die betroffene Person hat das Recht zu erfahren, ob eine automatisierte Entscheidungsfindung, einschließlich Profiling, stattfindet.

7.3 Wenn die Gesellschaft über personenbezogene Daten verfügt, die nicht von der betroffenen Person stammen, muss die Gesellschaft in Fällen, in denen sie der für die Datenverarbeitung Verantwortliche ist, die betroffene Person zusätzlich zu den oben genannten Punkten über die Quelle informieren, aus der die personenbezogenen Daten gewonnen wurden;

7.4 Beabsichtigt die Gesellschaft als für die Verarbeitung Verantwortlicher, die personenbezogenen Daten für einen anderen Zweck weiterzuverarbeiten als den, für den die personenbezogenen Daten erhoben wurden, so unterrichtet die Gesellschaft die betroffene Person vor dieser Weiterverarbeitung über diesen anderen Zweck und stellt ihr alle zusätzlichen einschlägigen Informationen zur Verfügung, es sei denn, die Bereitstellung dieser Informationen wäre mit einem unverhältnismäßigen Aufwand verbunden;

7.5. Ist die Gesellschaft ein Auftragsverarbeiter oder ein Dritter, so handelt sie im Einklang mit dem Auftrag oder der Genehmigung des für die Verarbeitung Verantwortlichen; im Falle eines Antrags der betroffenen Person unterrichtet sie den für die Verarbeitung Verantwortlichen unverzüglich über den eingegangenen Antrag.

8. Aufbewahrungsfrist

Personenbezogene Daten werden nur so lange verarbeitet, wie es zur Erfüllung des Zwecks der Verarbeitung erforderlich ist. Die Aufbewahrungsfrist kann durch die geschlossenen Verträge, die berechtigten Interessen der Gesellschaft oder die geltenden Gesetze und Vorschriften gerechtfertigt sein.

9. Technische und organisatorische Anforderungen an den Datenschutz

9.1. Die Gesellschaft sorgt für den Schutz der personenbezogenen Daten der betroffenen Personen vor unbefugtem Zugriff, unbeabsichtigtem Verlust, unbeabsichtigter Weitergabe oder Vernichtung, überprüft und verbessert diesen Schutz. Um dies zu gewährleisten, wendet die Gesellschaft moderne Technologien, technische und organisatorische Anforderungen, einschließlich geeigneter Software, Firewalls, Intrusion Detection, Analysesoftware und Datenverschlüsselung sowie physischen Schutz der Daten (Zugangscode an Außentüren), Alarmanlagen, an;

9.2. Die Gesellschaft prüft sorgfältig alle Dienstleister, die personenbezogene Daten im Auftrag und im Namen der Gesellschaft verarbeiten, und bewertet, ob die Geschäftspartner (Verarbeiter personenbezogener Daten) angemessene Sicherheitsmaßnahmen anwenden, um zu gewährleisten, dass die Verarbeitung personenbezogener Daten im Einklang mit der Delegation der Gesellschaft und den Anforderungen der gesetzlichen Vorschriften durchgeführt wird;

9.3. Die Gesellschaft schult ihre Mitarbeiter regelmäßig und hält ihre Qualifikationen aufrecht;

9.4. Die Gesellschaft haftet nicht für den unbefugten Zugang zu und/oder den Verlust von personenbezogenen Daten, wenn dies außerhalb der Kontrolle der Gesellschaft liegt, z. B. aufgrund von Verschulden und/oder Fahrlässigkeit des Kunden oder des verbundenen Unternehmens oder der betroffenen Person.

10. Verarbeitungsgebiet

10.1. Personenbezogene Daten werden in der Regel innerhalb der Europäischen Union/des Europäischen Wirtschaftsraums (EU/EWR) verarbeitet, in einigen Fällen können sie jedoch auch in Länder außerhalb der EU/des EWR übermittelt und dort verarbeitet werden;

10.2. Die Übermittlung und Verarbeitung personenbezogener Daten außerhalb der EU/des EWR kann erfolgen, wenn es dafür eine rechtmäßige Grundlage gibt, d. h. zur Erfüllung einer rechtlichen Verpflichtung, zum Abschluss oder zur Erfüllung eines Vertrags oder in Übereinstimmung mit der Zustimmung des Kunden, und wenn angemessene Sicherheitsmaßnahmen getroffen wurden.

Die Europäische Kommission hat anerkannt, welche Länder ein Schutzniveau für personenbezogene Daten gewährleisten, das dem Datenschutzniveau in der Europäischen Union entspricht (Artikel 45 „Übermittlungen auf der Grundlage eines Angemessenheitsbeschlusses“). Wenn die Gesellschaft jedoch personenbezogene Daten in Länder übermittelt, für die kein Angemessenheitsbeschluss der EG vorliegt, führt die Gesellschaft eine zusätzliche Überwachung der Umsetzung angemessener Sicherheitsvorkehrungen durch. Zum Beispiel unter Artikel 46 „Übermittlung auf der Grundlage angemessener Garantien“. Geeignete Garantien werden dadurch geboten, dass in einem rechtsverbindlichen Dokument (Vertrag, Vereinbarung usw.) für beide Parteien (Datenexporteur und Datenimporteur) die Anforderungen an einen Rahmen für den Schutz personenbezogener Daten festgelegt werden, in dem auch die Verfahren für die Ausübung der Rechte der betroffenen Person und die ihr zur Verfügung stehenden Rechtsbehelfe klar angegeben sind;

10.3. Auf Anfrage kann der Kunde nähere Informationen über die Übermittlung personenbezogener Daten in Länder außerhalb der EU/des EWR erhalten.

11. Erreichbarkeit

11.1. Die betroffene Person kann sich mit Fragen, dem Widerruf der Einwilligung, Auskunftsersuchen, der Ausübung der Rechte der betroffenen Person und Beschwerden über die Verarbeitung personenbezogener Daten an die Gesellschaft wenden;

11.2. Die Kontaktdaten der Gesellschaft sind auf www.mitigate.dev unter Kontakte zu finden;

11.3. Für die Verarbeitung Verantwortlicher datuapstrade@mitigate.dev.

Genehmigt am 18. April 2023.
Überarbeitet – –
Nächste Überprüfung spätestens am 18. April 2024.