Send request
CANDIDATES PERSONAL DATA PROCESSING POLICY
1. GENERAL TERMS
1.1. SIA “IT Camp”, registration no. 40103908693, legal address: Kaivas street 50, k-2, dz. 24C, Riga, LV-1021 (hereinafter – the Company).
1.2. The purpose of this Clients Personal Data Processing Policy (hereinafter – the Policy) is to provide the data subject (identified or identifiable natural person, representatives, employees or contact persons of legal entities) as a client (hereinafter – the Client) with information about the processing of the Client’s personal data in connection with recruitment and related services, including the purposes of processing, categories of personal data, storage periods, data protection measures, and the Client’s rights in relation to such processing.
1.3. The Client’s personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation), the applicable laws of the Republic of Latvia in the field of privacy and personal data protection, and this Policy.
1.4. Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, use, disclosure, transmission, restriction, erasure or destruction.
1.5. The Company processes the Client’s personal data in order to provide recruitment and HR-related services, to communicate with the Client, to organise and manage the recruitment process, to fulfil contractual obligations and, where applicable, to facilitate the establishment of employment or commercial cooperation between the selected candidate and the Client, as the Company provides recruitment services in the course of its commercial activities.
1.6. The processing of the Client’s personal data is necessary to respect the legitimate interests of the Controller (the Company), which include communication with Clients, managing recruitment assignments, organising interviews between Clients and candidates and, where necessary, establishing, exercising or defending legal claims related to the recruitment process.
1.7. The Company undertakes to ensure the confidentiality of the Client’s personal data and to protect such data by using appropriate secure modern technology options, including secure data transmission technologies (such as SSL encryption) and other safeguards intended to prevent unauthorised access, disclosure, alteration, loss or other unlawful processing of personal data. Such measures are regularly reviewed and improved in accordance with applicable legal requirements.
1.8. The Company does not disclose or transfer the Client’s personal data to third parties except where such disclosure is necessary for the purposes set out in this Policy, is required for the provision of recruitment services, is based on the Client’s consent, is necessary for compliance with applicable legal obligations, or is otherwise permitted under applicable law.
1.9. As a general rule, the Client’s personal data is processed within the territory of the European Union and the European Economic Area. If, in exceptional cases, the Company transfers personal data outside the European Union or the European Economic Area, such transfer shall be carried out in accordance with the requirements of applicable data protection laws and subject to appropriate safeguards.
1.10. This Policy applies to the processing of personal data regardless of the form and/or medium in which the Client provides such data to the Company, including in person, by e-mail, via the Company’s website, in paper form, by telephone or otherwise.
2. CONTROLLER AND CONTROLLER CONTACT INFORMATION
2.1. The controller of personal data processing is the Company.
2.2. For matters related to the processing of personal data or possible personal data protection violations, the Client may contact the Company by telephone at +371 26884088 or by e-mail at info@itcamp.lv
3. WHAT DATA DOES THE COMPANY PROCESS AND FOR WHAT PURPOSE
3.1. Submission of service requests via website:Purpose: receiving and processing Client inquiries submitted via the Company’s website (e.g. contact form, request for recruitment services), initial communication with potential clients, preparation of offers and proposals.Legal basis: taking steps at the request of the data subject prior to entering into a contract and legitimate interest in responding to business inquiries.
Important note: The provision of personal data is necessary to process the request. If the Client does not provide the required information, the Company may be unable to respond or provide the requested services.
3.2. Provision of recruitment services:
Purpose: identifying Client needs, searching and selecting candidates, organising interviews, facilitating the hiring process.
Legal basis: performance of a contract or taking steps prior to entering into a contract, legitimate interests (e.g. communication, service management, legal protection).
Processed data: name, surname, position, contact details (email, phone), company information, communication records.
3.3. Business communication and relationship management:
Purpose: maintaining cooperation, responding to inquiries, providing updates.
Legal basis: legitimate interest (e.g. communication, service management, legal protection).
3.4. Compliance with legal obligations:
Purpose: accounting, tax compliance, responding to authorities.
Legal basis: legal obligation.
3.5. Marketing and future cooperation:
Purpose: informing about services, maintaining client databases.
Legal basis: consent, legitimate interest (e.g. communication, service management, legal protection).
4. DATA CATEGORIES
The Company may process identification data, contact information, company-related data, communication content (emails, calls), contractual information, billing and payment data.
Processed data may include: name and surname, company name, position, email address, telephone number, content of the inquiry (including hiring needs, budgets, etc.), any other information voluntarily provided.
Additional data collected automatically: IP address, date and time of submission, browser and device information.
5. DATA SOURCES
Personal data may be obtained via the Company’s website (contact forms, service request forms, or other online submission tools), directly from the Client, during communication, from publicly available sources (e.g., LinkedIn), from third parties (within legal limits).
6. DATA SHARING
Personal data of the Client (e.g. contact details, company information) may be shared with candidates where necessary for the recruitment process, IT service providers, legal and financial advisors, public authorities when required by law. The Company ensures that only necessary data is shared.
7. DATA RETENTION
Personal data obtained via website inquiries is stored until the request is processed, and up to 1 year thereafter, unless further cooperation is established.
Personal data is stored during cooperation, up to 5 years after termination, longer if required by law (e.g., accounting).
8. WHO COULD ACCESS THE CLIENT’S PERSONAL DATA
8.1. Appropriate measures are taken to process personal data in accordance with applicable laws and to ensure that personal data is not accessed by third parties who do not have a relevant legal basis for processing personal data.
8.2. Personal data may be accessed, where necessary, by:
9. CLIENT’S RIGHTS
9.1. In accordance with the applicable law the Client has the right to:
9.2. These rights are not absolute and may be subject to limitations under applicable law. For example, the Company may continue processing where it demonstrates compelling legitimate grounds for the processing which override the Client’s interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims.
10. REQUEST EXAMINATION PROCEDURE
10.1. The Client’s request must be in writing or in a form that can be considered in writing in accordance with regulatory enactments, such as an electronic document signed with a secure electronic signature.
10.2. Upon receiving the Client’s request to provide data or exercise other rights, the Company must evaluate the request and fulfill it in accordance with the regulatory enactments, namely the need to identify the Client. The Company considers a person who has approached the Company in one of the following ways to be an identified Client (identified person):
10.3. Where necessary, the Company may request additional information or proof of identity before responding to the request. If the Client does not provide sufficient information to enable identification, the Company may refuse to act on the request to the extent permitted by applicable law.
10.4. Once the Client has been identified, the Company shall respond to the request without undue delay and, in any event, within one month of receipt of the request, unless a longer period is permitted under applicable law due to the complexity or number of requests.
10.5. The Company provides information relating to personal data processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and generally free of charge, except where requests are manifestly unfounded or excessive, as provided by applicable law.
10.6. The Company may refuse to provide the Client with information about the data processing performed if:
10.7. The Client has the right to access only his/her personal data, but not to information relating to other natural persons (unless the particular person exercises the right on behalf of another natural person).
10.8. The Company ensures compliance with applicable personal data protection requirements and takes appropriate steps to address objections or complaints raised by the Client. If the Client is not satisfied with the Company’s response, he/she has the right to contact the Data State Inspectorate.
11. EFFECTIVENESS AND AMENDMENTS OF THE POLICY
11.1. This version of the Policy is effective as of 1 April 2026. If the Policy is amended, the Company shall publish the updated version on its website www.itcamp.lv and, where appropriate, inform the Client of such changes by other means.
12. COMPANY DETAILS
Name: SIA IT Camp
Registration No.: 40103908693
VAT No.: LV40103908693
Legal address: Kaivas street 50, k-2, dz. 24C, Riga, LV-1021
Bank: AS Swedbank
Account No.: LV19HABA0551043005595
Phone: +371 26884088
E-mail: info@itcamp.lv
1. GENERAL TERMS
1.1. SIA “IT Camp”, registration no. 40103908693, legal address: Kaivas street 50, k-2, dz. 24C, Riga, LV-1021 (hereinafter – the Company).
1.2. The purpose of this Clients Personal Data Processing Policy (hereinafter – the Policy) is to provide the data subject (identified or identifiable natural person, representatives, employees or contact persons of legal entities) as a client (hereinafter – the Client) with information about the processing of the Client’s personal data in connection with recruitment and related services, including the purposes of processing, categories of personal data, storage periods, data protection measures, and the Client’s rights in relation to such processing.
1.3. The Client’s personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation), the applicable laws of the Republic of Latvia in the field of privacy and personal data protection, and this Policy.
1.4. Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, use, disclosure, transmission, restriction, erasure or destruction.
1.5. The Company processes the Client’s personal data in order to provide recruitment and HR-related services, to communicate with the Client, to organise and manage the recruitment process, to fulfil contractual obligations and, where applicable, to facilitate the establishment of employment or commercial cooperation between the selected candidate and the Client, as the Company provides recruitment services in the course of its commercial activities.
1.6. The processing of the Client’s personal data is necessary to respect the legitimate interests of the Controller (the Company), which include communication with Clients, managing recruitment assignments, organising interviews between Clients and candidates and, where necessary, establishing, exercising or defending legal claims related to the recruitment process.
1.7. The Company undertakes to ensure the confidentiality of the Client’s personal data and to protect such data by using appropriate secure modern technology options, including secure data transmission technologies (such as SSL encryption) and other safeguards intended to prevent unauthorised access, disclosure, alteration, loss or other unlawful processing of personal data. Such measures are regularly reviewed and improved in accordance with applicable legal requirements.
1.8. The Company does not disclose or transfer the Client’s personal data to third parties except where such disclosure is necessary for the purposes set out in this Policy, is required for the provision of recruitment services, is based on the Client’s consent, is necessary for compliance with applicable legal obligations, or is otherwise permitted under applicable law.
1.9. As a general rule, the Client’s personal data is processed within the territory of the European Union and the European Economic Area. If, in exceptional cases, the Company transfers personal data outside the European Union or the European Economic Area, such transfer shall be carried out in accordance with the requirements of applicable data protection laws and subject to appropriate safeguards.
1.10. This Policy applies to the processing of personal data regardless of the form and/or medium in which the Client provides such data to the Company, including in person, by e-mail, via the Company’s website, in paper form, by telephone or otherwise.
2. CONTROLLER AND CONTROLLER CONTACT INFORMATION
2.1. The controller of personal data processing is the Company.
2.2. For matters related to the processing of personal data or possible personal data protection violations, the Client may contact the Company by telephone at +371 26884088 or by e-mail at info@itcamp.lv
3. WHAT DATA DOES THE COMPANY PROCESS AND FOR WHAT PURPOSE
3.1. Submission of service requests via website:Purpose: receiving and processing Client inquiries submitted via the Company’s website (e.g. contact form, request for recruitment services), initial communication with potential clients, preparation of offers and proposals.Legal basis: taking steps at the request of the data subject prior to entering into a contract and legitimate interest in responding to business inquiries.
Important note: The provision of personal data is necessary to process the request. If the Client does not provide the required information, the Company may be unable to respond or provide the requested services.
3.2. Provision of recruitment services:
Purpose: identifying Client needs, searching and selecting candidates, organising interviews, facilitating the hiring process.
Legal basis: performance of a contract or taking steps prior to entering into a contract, legitimate interests (e.g. communication, service management, legal protection).
Processed data: name, surname, position, contact details (email, phone), company information, communication records.
3.3. Business communication and relationship management:
Purpose: maintaining cooperation, responding to inquiries, providing updates.
Legal basis: legitimate interest (e.g. communication, service management, legal protection).
3.4. Compliance with legal obligations:
Purpose: accounting, tax compliance, responding to authorities.
Legal basis: legal obligation.
3.5. Marketing and future cooperation:
Purpose: informing about services, maintaining client databases.
Legal basis: consent, legitimate interest (e.g. communication, service management, legal protection).
4. DATA CATEGORIES
The Company may process identification data, contact information, company-related data, communication content (emails, calls), contractual information, billing and payment data.
Processed data may include: name and surname, company name, position, email address, telephone number, content of the inquiry (including hiring needs, budgets, etc.), any other information voluntarily provided.
Additional data collected automatically: IP address, date and time of submission, browser and device information.
5. DATA SOURCES
Personal data may be obtained via the Company’s website (contact forms, service request forms, or other online submission tools), directly from the Client, during communication, from publicly available sources (e.g., LinkedIn), from third parties (within legal limits).
6. DATA SHARING
Personal data of the Client (e.g. contact details, company information) may be shared with candidates where necessary for the recruitment process, IT service providers, legal and financial advisors, public authorities when required by law. The Company ensures that only necessary data is shared.
7. DATA RETENTION
Personal data obtained via website inquiries is stored until the request is processed, and up to 1 year thereafter, unless further cooperation is established.
Personal data is stored during cooperation, up to 5 years after termination, longer if required by law (e.g., accounting).
8. WHO COULD ACCESS THE CLIENT’S PERSONAL DATA
8.1. Appropriate measures are taken to process personal data in accordance with applicable laws and to ensure that personal data is not accessed by third parties who do not have a relevant legal basis for processing personal data.
8.2. Personal data may be accessed, where necessary, by:
- employees of the Company who are involved in the recruitment process and require access to such data for the performance of their duties on a need-to-know basis;
- IT and system service providers engaged by the Company to ensure the operation, maintenance and security of the Company’s recruitment systems and candidate database;
- public authorities, courts, law enforcement authorities or other competent institutions, where such disclosure is required by law or necessary for the establishment, exercise or defence of legal claims.
9. CLIENT’S RIGHTS
9.1. In accordance with the applicable law the Client has the right to:
- withdraw the given consent to the processing of personal data at any time, however, the fact that the Client withdraws his/her consent will not affect the lawfulness of the data processing, which was based on this consent before its withdrawal;
- to receive confirmation as to whether the Company processes personal data regarding the Client and, if so, to receive information about the personal data being processed (including the time of receipt, type and reasons for storage);
- to access his/her data and receive personal data submitted by the Client to the Company, which relate specifically to the Client and whose processing is based on his/her consent (the Client has the right to receive free of charge one copy of his/her personal data processed by the Company, including in electronic form);
- to request the restriction of the processing of Client’s personal data (marking of the personal data in the Company’s possession with the aim of limiting their processing in the future);
- request to fulfill the right to data portability;
- object to the processing of personal data;
- request to correct personal data if it is incomplete or inaccurate or to update personal data;
- request to delete personal data (the right to be forgotten), if this does not contradict the applicable laws and regulations. The Company ensures the deletion of the Client’s personal data if it is no longer necessary in connection with the purposes for which it was collected, for example, if data processing is based on the Client’s consent, which the Client withdraws in his/her request. On the other hand, if the Company processes personal data in accordance with another legal basis, for example, on the basis of the law, to ensure compliance with the requirements of regulatory acts, the data will not be deleted as long as the relevant legal basis is in force;
- the right to submit a complaint to the supervisory authority Data State Inspectorate, e-mail: pasts@dvi.gov.lv, address: Elijas street 17, Riga, LV-1050, regarding the processing of personal data by the Company.
9.2. These rights are not absolute and may be subject to limitations under applicable law. For example, the Company may continue processing where it demonstrates compelling legitimate grounds for the processing which override the Client’s interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims.
10. REQUEST EXAMINATION PROCEDURE
10.1. The Client’s request must be in writing or in a form that can be considered in writing in accordance with regulatory enactments, such as an electronic document signed with a secure electronic signature.
10.2. Upon receiving the Client’s request to provide data or exercise other rights, the Company must evaluate the request and fulfill it in accordance with the regulatory enactments, namely the need to identify the Client. The Company considers a person who has approached the Company in one of the following ways to be an identified Client (identified person):
- has appeared in person and presented an identity document;
- has delivered the shipment to the Company in the form of registered mail. A response to such a request will be provided to the Client by registered post, thereby ensuring that the letter is received by the relevant Client identified upon receipt of the mailing. In case of doubt or suspicion, the Company has the right to ask the Client for additional information that would allow him to be clearly identified (with the aim of preventing the data from reaching third parties);
- sent the request using a secure electronic signature to the Company’s e-mail info@itcamp.lv
10.3. Where necessary, the Company may request additional information or proof of identity before responding to the request. If the Client does not provide sufficient information to enable identification, the Company may refuse to act on the request to the extent permitted by applicable law.
10.4. Once the Client has been identified, the Company shall respond to the request without undue delay and, in any event, within one month of receipt of the request, unless a longer period is permitted under applicable law due to the complexity or number of requests.
10.5. The Company provides information relating to personal data processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and generally free of charge, except where requests are manifestly unfounded or excessive, as provided by applicable law.
10.6. The Company may refuse to provide the Client with information about the data processing performed if:
- the Client’s requests are clearly unfounded or excessive (repeated multiple times) and the Client has already been issued the same information during the last year and the content of that information has not changed since the last issue;
- providing such information is not possible or would require a disproportionate amount of effort;
- if the Company cannot identify the Client and the Client has not additionally identified himself at the request of the Company.
10.7. The Client has the right to access only his/her personal data, but not to information relating to other natural persons (unless the particular person exercises the right on behalf of another natural person).
10.8. The Company ensures compliance with applicable personal data protection requirements and takes appropriate steps to address objections or complaints raised by the Client. If the Client is not satisfied with the Company’s response, he/she has the right to contact the Data State Inspectorate.
11. EFFECTIVENESS AND AMENDMENTS OF THE POLICY
11.1. This version of the Policy is effective as of 1 April 2026. If the Policy is amended, the Company shall publish the updated version on its website www.itcamp.lv and, where appropriate, inform the Client of such changes by other means.
12. COMPANY DETAILS
Name: SIA IT Camp
Registration No.: 40103908693
VAT No.: LV40103908693
Legal address: Kaivas street 50, k-2, dz. 24C, Riga, LV-1021
Bank: AS Swedbank
Account No.: LV19HABA0551043005595
Phone: +371 26884088
E-mail: info@itcamp.lv