Privacy Policy

This privacy policy was last updated on November 29, 2023.

Introduction

SIA AmazeS is firmly committed to the protection of personal data. This privacy policy describes why and how we collect and use personal data and provides information about the rights of individuals with respect to personal data. This applies to personal data provided to us either by the individuals themselves or by others. We may use personal information provided to us for any purpose described in this privacy statement or as otherwise specified at the time of collection.

Amazes processes personal data for various purposes. Our policy is to be transparent about why and how we process personal data.

Data controller and contact information

1. The controller for the processing of personal data of website users is the limited liability company SIA AmazeS, single registration No. 40203432377, legal address: Gustava Zemgala gatve 74, Rīga, LV-1039, Latvija (hereinafter referred to as the Company).

2. Contact information about the Company on issues related to the processing of personal data: hello@amazes.lv. Using this contact information or by contacting the Company during business hours, you can ask a question about the processing of personal data.

Legal grounds for processing your personal data

We may be required by law to set out in our Privacy Policy the legal basis on which we rely to process your personal information. In such cases, we rely on one or more of the following conditions for processing personal data:

  • our legitimate interests in effectively providing information and services to you and in conducting our business efficiently and lawfully, and our clients' legitimate interests in obtaining professional services from us (provided they do not infringe your rights);
  • our legitimate interests in developing and improving our business, services and offerings, and in developing new Amazes technologies and offerings (provided they do not infringe your rights);
  • to satisfy any requirement of law, regulation or a professional body of which we are a member (for example, in relation to some of our services we have a legal obligation to provide the service in a particular way);
  • to fulfill our obligations under the contract with you;
  • or if other processing conditions are not available, if you have consented to the processing of information about you for the relevant purpose.

TRANSFER OF PERSONAL DATA

Cross-border transfers

If we process information about you, it may be transferred to and stored outside the country in which you are located. This includes countries outside the European Union and the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

If we collect information about you within the EU and EEA, transfer outside the EU and EEA will only:

  • to a recipient located in a country that provides an adequate level of protection of information about you; and/or
  • under an agreement that satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EU and EEA, such as standard contractual clauses approved by the European Commission.

Third Party Suppliers

We may transfer or disclose the personal information we collect to third party contractors, subcontractors and/or their subsidiaries and affiliates. Third parties support us in providing services and help us provide, run and manage our IT systems. Examples of third-party contractors we use include providers of identity management services, website hosting and management, data analytics, data backup, security and cloud storage services. The servers that support our IT infrastructure are located in secure data centers and personal data may be stored in any of them.

Third party providers may use their own third party subcontractors who have access to personal data (subprocessors). Our policy is to use only third party providers who are required to maintain an appropriate level of security and confidentiality, to process personal information only in accordance with Amazes' instructions, and to pass on the same obligations to their subprocessors.

Transfer of information about you to third parties

We may also disclose information about you to the following persons and under the following circumstances:

  • professional advisers, such as law firms, as necessary to establish, exercise or defend our legal rights and to obtain advice in connection with the conduct of our business. Data about you may be transferred to these consultants as necessary in connection with the services for which they will be engaged;
  • at your direct request;
  • when required to provide publications or reference materials requested by you;
  • when necessary for conferences or events organized by a third party;
  • law enforcement agencies, the prosecutor and other government bodies, as well as professional organizations in accordance with the requirements of current legislation. Amazes may also review and use information about you to determine whether disclosure is required or permitted.

Safety

We have implemented generally accepted standards of technology and operational security to protect information about you from loss, misuse, alteration or destruction. Access to information about you is provided only to authorized persons, provided that such persons agree to keep this information confidential.

Although we use appropriate security measures once we receive data about you, the transmission of this data over the Internet (including by email) is never completely secure. We strive to protect personal information, but we cannot guarantee the security of information transmitted to or by us.

Your rights regarding personal data

Regulatory acts on the protection of personal data provide you, as a user, with rights that we are obliged to observe and provide you with the opportunity to exercise them:

  • obtain confirmation of whether we are processing your personal data, obtain a copy of your personal data and obtain some other information about how and why we process your personal data,
  • the right to demand changes or corrections to your personal data if they are inaccurate (for example, if you change your address) and fill in incomplete personal data,
  • the right to have your personal data deleted in the following cases:
  • personal data are no longer necessary in connection with the purposes for which they were collected and processed;
  • our lawful basis for processing is consent, you withdraw consent and we have no other lawful basis for processing them;
  • You object to the processing of your personal data and we have no legal basis for this;
  • You object to the processing of your personal data for direct marketing purposes;
  • Your personal data was processed illegally;
  • Your personal data must be deleted in order to comply with a legal obligation to which we are subject.
  • the right to restrict the processing of personal data in the following cases:
  • for a period allowing us to verify the accuracy of the personal data if you dispute the accuracy of the personal data;
  • Your personal data has been processed unlawfully and you request the restriction of its processing instead of deletion;
  • Your personal data is no longer necessary in connection with the purposes for which it was collected and processed, but you need personal data to establish, exercise or defend legal claims; or
  • for a period to enable us to verify whether the legitimate grounds we rely on override your interests if you have objected to the processing on the basis that it is necessary for legitimate interests identified by us.
  • the right to object to the processing of your personal data in the following cases:
  • our legal basis for processing is that the processing is necessary for the legitimate interests pursued by us or a third party; or
  • our processing is for direct marketing purposes.
  • right to data portability
  • the right to receive your personal data provided by you to us, and the right to send the data to another organization (or ask us to do so if technically possible), if our lawful basis for processing personal data is consent or the need to perform our contract with you, and processing is carried out by automated means.
  • the right to withdraw consent to the storage, processing and use of personal data.

Where we process personal data based on consent, individuals have the right to withdraw consent at any time. We generally do not process personal data based on consent (as we can usually rely on another legal basis).

If you believe that the processing of your personal data or their use violates your rights, you have the right to file a complaint with the State Data Inspectorate, which is responsible for compliance with the law on the protection of personal data, if a request submitted to our company to eliminate violations of your rights is not met satisfied within a reasonable time.

Changes to the Privacy Policy

We may update our Privacy Policy at any time by posting the updated version here. When we change this Privacy Policy, we will change the revision date at the top of this page. The new version of the Privacy Policy will apply from the date of this revision. Therefore, we encourage you to periodically review our Privacy Policy to stay informed about how we are protecting your information.

Connect with us

Please submit a request to exercise a legal right in relation to your personal data or an inquiry if you have a question or complaint about the processing of your personal data to the following email address: hello@amazes.lv

For anything else please use our general contact form.

Our activities regarding the processing of personal data

To find out more, please go to the sections of this policy that apply to you.

CORPORATE CLIENTS AND PERSONS RELATED TO THEM

Collection of personal data

Our policy is to collect only the personal data that is necessary for the agreed purposes, and we ask our customers to share personal data with us only where it is strictly necessary for those purposes.

Where we need to process personal data to provide professional services, we ask our clients to provide data subjects with the necessary information about its use. Our customers may use the relevant sections of this privacy statement or refer data subjects to this privacy statement as they deem appropriate.

The categories of personal data processed by us in connection with the services we provide are generally the following:

  • Personal data (for example, name, age/date of birth, gender, marital status, country of residence);
  • Contact details (e.g. email address, contact number, postal address);
  • Financial data (eg, wages and other income and investments, benefits, tax status); And
  • Job details (such as role, grade, experience, and performance information).

We generally collect personal information from our clients or from third parties when providing services to the relevant client.

Use of personal data

We use personal data for the following purposes:

Providing professional services

We provide a wide range of professional services. Some of our services require us to process personal data in order to provide recommendations and results. For example, we look at salary data as part of building an incentive system.

Administration, management and development of our business and services.

This includes:

  • managing our relationships with clients and potential clients;
  • developing our business and services (for example, identifying customer needs and improving service delivery);
  • administration and management of IT systems, websites and applications; And
  • holding or facilitating events.

Safety, quality and risk management activities

We have security measures in place to protect our and our customers' information (including personal information) that include detecting, investigating and resolving security threats. Personal data may be processed as part of our security monitoring; for example, automatic scanning to detect malicious emails. We monitor the services provided to clients for quality purposes, which may include the processing of personal data stored in the relevant client file. We have policies and procedures to monitor the quality of our services and manage risks associated with customer interactions. We collect and store personal data as part of our customer engagement and acceptance procedures.

Providing clients and potential clients with information about us and our range of services

We use the business contact information of clients and potential clients to provide information that we think will be of interest about us and our services, subject to any permissions required by law. This includes industry updates and ideas, other services that may be relevant, and invitations to events.

Complying with any requirement of law, regulation or professional body of which we are a member.

Like any professional service provider, we have legal, regulatory and professional obligations. We are required to maintain certain records to demonstrate that our services are provided in accordance with these obligations, and these records may contain personal information.

Improving and developing our services

We are constantly looking for ways to help our customers and improve our business and services. As agreed with our clients, we may use the information we obtain in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, share information with our clients, improve our business, service delivery and proposals, and develop new technologies and proposals. To the extent that information we receive in the course of providing professional services contains personal information, we will de-identify the information before using the information for these purposes.

Data storage

We store personal data processed by us for as long as necessary for the purpose for which it was collected. Personal data may be stored for longer periods of time if extended retention periods are required by law or to establish, exercise or defend our legal rights.

BUSINESS CONTACTS

Collection of personal data

Amazes processes personal data about contacts (existing and potential clients of Amazes and/or persons related to them).

This includes name, employer name, contact person's title, telephone, email address and other business contact information. We may also record information about our interactions with contacts.

Use of personal data

Personal data relating to business contacts may be used for the following purposes:

Administration, management and development of our business and services.

This includes:

  • managing our relationships with clients;
  • developing our business and services (for example, identifying customer needs and improving service delivery and learning more about customer relationship opportunities);
  • analysis and assessment of the strength of interaction between Amazes and the contact person;
  • performing analytics, including creating metrics for Amazes management such as trends, relationship maps, sales data, and progress toward client business goals;
  • administration and management of IT systems, websites and applications; And
  • holding or facilitating events

Providing information about Amazes and its services

We use customers' business contact details to provide information that we think may be of interest about Amazes and its services, subject to any permissions required by law. This may include industry updates and ideas, other services that may be relevant, and invitations to events.

Amazes does not sell or disclose personal information to third parties so that they can sell their products and services without the individual's consent to do so.

Data storage

Personal data will be retained for as long as we have or need to maintain records of the relationship with the business contact, that is, for the entire duration of our relationship with the contact or his organization. Personal data may be retained for longer periods of time if extended retention periods are required by law or regulation or to establish, exercise or defend our legal rights. 

WEB SITES

This section describes how Amazes processes personal information collected on the amazes.lv website.

By using the Websites and providing us with personal information, you acknowledge that you have read this privacy statement and, if your consent is required and valid under applicable law, you consent to the collection, use and disclosure of such personal information by Amazes and any third parties recipients in accordance with this privacy statement.

Third Party Links

The Websites may contain links to third party sites that are not controlled by Amazes and do not operate in accordance with Amazes' privacy policies. When you access third-party sites, Amazes' privacy policies no longer apply. We encourage you to review the privacy policy of each third-party site before disclosing any personal information.

Collection of personal information through the Websites

When you use our website, we may collect information about you and your use of the relevant site, including through the use of cookies and analytics tools. We may collect personal information about you, such as your name, job title, company name, address, email address and telephone number, either directly from you or by combining information we collect through the Websites with personal information that we collect and store through other channels (such as customer relationship management systems or identity and access control systems, including IP addresses), or as we may legally collect from social media or other third party sites.

The following are examples of how you may provide us with personal information through the Websites:

  • search and view content;
  • subscribing to or ordering newsletters and/or publications;
  • registration for paid online services;
  • participating in “join our mailing list” initiatives;
  • participating in message boards, discussions or message forums;
  • participating in quick surveys, quizzes or comparison surveys;
  • registration for events and conferences;
  • submitting a resume or work history information;
  • contact us for more information;
  • visiting our Websites while logged into a social media platform; and/or
  • providing us with business cards or other contact information.

We do not intend to collect sensitive information through the Websites unless required to do so by law. Examples of sensitive information include race or ethnicity; Political Views; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sex life or sexual orientation; and criminal records. We ask that you do not provide this type of confidential information when using the Websites. If you choose to provide us with sensitive information for any reason, that action constitutes your express consent, where such consent is required and valid under your local law, to the collection and use of that information in the ways described in this section of this Privacy Statement or as described at the time you choose to disclose this information.

We also do not actively seek demographic information from visitors to the Websites. However, you may provide such information (including, for example, when you visit our site from a social network, submit a resume, or respond to an online job application). If you choose to provide us with demographic information, it will constitute your express consent, where such consent is required and valid under applicable law, to the collection and use of that information in the ways described in this section of the Privacy Statement or where you choose disclose this information.

Our policy is to collect the minimum necessary personal information. If the Websites request non-mandatory personal information about you, you will be notified at the time of collection. If you believe that a website has collected excessive information about you, please contact us to report any concerns.

Certain pages of the Websites may allow you to send us email. Messages sent through the Websites will include your display name and email address, as well as any additional information you choose to include in the message.

We may also match the information you provide to us with third-party data to complete your user profile. For example, if a third party has additional information associated with your email address (such as a social media profile URL or photo), we may match your email address and activity on the Websites with that data and then use third party data for additional marketing activities.

Use of personal information

When you provide personal information to us through the Websites, we may use it for any of the purposes described in this section of the privacy statement or as indicated at the time of collection (or as is apparent from the context of collection), including:

  • to administer and manage the Websites;
  • to personalize and enrich your browsing experience by displaying content that is more likely to be relevant and interesting to you;
  • to sort and analyze user data (for example, to determine how many users from one organization subscribe to or use the Websites);
  • to identify the company, organization, institution or agency for which you work or with which you are otherwise associated;
  • to develop our business and services;
  • to conduct benchmarking and data analysis, including, for example, regarding the use of the Websites and the demographics of their users;
  • conduct quality and risk management reviews;
  • to understand how people use the features and functionality of our websites to improve the user experience;
  • to monitor and enforce compliance with applicable terms of use, including acceptable use policies; and/or
  • any other purposes for which you provided information to Amazes, including any purposes specified in the “Collection of Personal Information” section above.

Our Websites do not collect or aggregate personal information for sale to parties outside of Amazes for consumer marketing purposes.

If you would like to learn more about the different categories of information we collect on the Websites, please see the “Collection of Personal Information” section.

Cookies and Beacons

Please check out our Cookies Policy.

Data storage

We will only store your personal information on our systems for as long as we need it, in light of the purposes for which it was collected, or as required by law. We retain mailing list information until the user unsubscribes from our mailing lists. If you choose to unsubscribe from a mailing list, we may retain certain limited information about you in order to fulfill your request.

Marketing

Where we are required by law to obtain your express consent to provide you with marketing materials, we will only provide you with such marketing materials if you have given us your consent to do so.

If you choose any subscriptions, you will receive automatic emails when content is updated.

Unsubscribe

If you wish to unsubscribe from mailing lists or any registrations, you should find and follow the instructions we provide in the relevant areas of the Website or in relevant communications to you.

If you do not want to receive emails or marketing communications from us, you may contact us at any time to request that we stop such communications. If you would like to unsubscribe or no longer receive only certain communications, please include such communications in your request.

If you decide to unsubscribe from any or all communications, we may retain information sufficient to identify you so that we can comply with your request.

Any User Content you may have previously created will not be anonymized upon deactivation and will not be immediately removed from our systems or records.

Data access

We are committed to providing reasonable and practical access that allows visitors to the Websites to identify and correct any inaccuracies in the information we collect about them.

When we hold personal information about you, we are responsible for accurately recording the information you provide to us. We do not undertake any responsibility to continually verify the accuracy of your personal information.

If you have questions about the accuracy of identifying information you previously provided to Amazes, or would like to remove outdated information, please contact us. Upon request, and provided that complying with the request is practical and commercially reasonable and we have no legal or regulatory need to retain the information, we will remove personally identifiable information from current operating systems.

Children

We understand the importance of protecting children's privacy, especially in the online environment. The websites covered by this Privacy Statement are not specifically directed to children and our terms and conditions of use require all users to be at least the age of majority in their country. We comply with laws regarding marketing to children. We never knowingly collect or store personal information from anyone under 18 years of age.

MARKETING ACTIVITIES

Marketing includes any communication about Amazes products and services. If we are required by law to obtain your explicit consent to send you marketing materials, we will only provide you with such marketing materials if you have given us your consent to do so.

We retain contact information (including name and email address) on our mailing lists until the person unsubscribes from our mailing lists. If you unsubscribe from our communications, we may retain limited information sufficient to identify you so that we can comply with your unsubscribe request.

Amazes does not sell personal information to parties outside of Amazes for consumer marketing purposes.

How to unsubscribe from marketing emails

You may contact us at any time to request that we stop sending you marketing emails. If you would like to unsubscribe from mailing lists, you should find and follow the instructions we provide to you in the relevant communications.

If you no longer wish to receive only certain communications, please include those communications in your request.

Others who contact us

We collect personal data when a person contacts us with a question, complaint or feedback (for example, name, contact details and content of the message). In these cases, the individual controls the personal data transferred to us. We use data only as necessary to respond to a message or resolve a complaint.

CANDIDATES FOR RECRUITMENT

This section describes why and how we collect and use personal data in connection with our recruitment activities.

If your application is approved, we will conduct a pre-employment screening as part of our onboarding process. Depending on the role you are applying for, these checks may include a criminal record check.

Collection of personal data

We collect personal data in connection with our recruitment activities as described below.

Most of the personal data we collect as part of our recruitment process is provided by you, for example:

  • Contact information (name, email, phone number);
  • Areas of interest;
  • CV, work experience, education, academic and professional qualifications;
  • Information provided through interviews and assessments;
  • Diversity and Equal Opportunity Data;
  • Pre-employment screening information if your application is successful;
  • Information about your financial relationships and your immediate family, if your application is approved; And
  • Bank details if your application is approved.

We create personal data in connection with our recruitment activities, such as:

  • Interview results and assessments and feedback; And
  • Offer details

We receive personal data from third party sources such as:

  • Recommendations from your named referrals
  • Information from your referrer (where applicable);
  • Results of screening tests (depending on the role being applied for);
  • Verifying information provided during the recruitment process by contacting relevant third parties (for example, previous employers, education and qualification providers) or using publicly available sources (for example, to verify your experience, education and qualifications); And
  • Information from social networks of which you are a member regarding your participation in our recruitment campaigns.

Use of personal data

We process personal data in our legitimate interests to attract and secure the best talent to work with us as follows:

  • Attract talent and market opportunities to Amazes, including by organizing, hosting and participating in events, marketing and advertising opportunities, and using recruiters to source talent for us.
  • To identify and source talent, including by searching our talent pool and public sources (such as professional networks and career websites of which you are a member).
  • To process and manage applications for positions at Amazes, evaluate your vacancies against your interests and experience, manage your candidate profile, send you email notifications and other announcements, request additional information or otherwise contact you about your candidacy.
  • To screen and select talent by assessing your suitability to work for Amazes, including through interviews and assessments and background checks.
  • To recruit and onboard talent by making offers to successful candidates and conducting pre-employment screenings.
  • To perform statistical analysis and reporting, including, for example, on usage of our careers websites, candidate demographic analysis, Amazes recruiting activity reports and candidate sourcing channel analysis.
  • to inform you about careers at Amazes.
  • Any other purposes stated when providing information to Amazes.

Where permitted by law, we conduct criminal background checks for the following purposes:

  • To comply with legal obligations to ensure that a person has the right to work;
  • It is a matter of law to determine whether the applicant has committed an unlawful act or has engaged in dishonesty, malpractice or other serious misconduct; or
  • Meet government and public sector permitting requirements.

Data storage

We store personal data processed in connection with recruitment activities as follows:

If your application is successful, we will store the relevant personal data as part of your employee list.

If your application is unsuccessful, we will retain and use the information you provided to Amazes as part of your application for a reasonable period of time to resolve any issues that may arise in connection with your application, to contact you about other employment opportunities and to our legitimate business purposes (for example, to ensure that we do not contact an individual about a position for which they have already applied).

SUPPLIERS (INCLUDING SUBCONTRACTORS AND PERSONS ASSOCIATED WITH OUR SUPPLIERS AND SUBCONTRACTORS)

Collection of personal data

We collect and process personal data about our suppliers (including subcontractors and persons associated with our suppliers and subcontractors) to manage relationships, enter into contracts, obtain services from our suppliers and, where necessary, provide professional services to our clients. Personal information is typically business card information and will include name, employer, telephone, email and other business contact information and how to contact us.

Use of personal data

We use personal data for the following purposes:

Receiving services

We process personal data in relation to our suppliers and their employees as necessary to obtain the services they have contracted to provide. For example, if a supplier provides us with facilities management or other outsourced services, we will process the personal data of those individuals who provide the services to us.

Providing professional services to clients

Where a supplier helps us provide professional services to our clients, we process personal data about the individuals involved in the provision of the services to administer and manage our relationship with the supplier and relevant persons, and to provide such services to our clients (for example, where our supplier provides people to work with us as part of the Amazes team providing professional services to our clients).

Administration, management and development of our business and services

This includes:

  • managing our relationships with suppliers;
  • developing our business and services (for example, identifying customer needs and improving service delivery);
  • holding or facilitating events; And
  • administration and management of IT systems, websites and applications

Safety, quality and risk management activities

We have security measures in place to protect our and our customers' information (including personal information) that include detecting, investigating and resolving security threats. Personal data may be processed as part of our security monitoring; for example, automatic scanning to detect malicious emails. We have policies and procedures to monitor the quality of our services and manage risk with our suppliers. We collect and store personal data as part of our contracting procedures with suppliers. We monitor the services we provide to ensure quality, which may include the processing of personal data.

Providing information about us and our range of services

We use business contact information to provide information that we think will be of interest about us and our services, subject to the permissions required by law.

Complying with any requirement of law, regulation or professional body of which we are a member

Like any professional service provider, we have legal, regulatory and professional obligations. We are required to maintain certain records to demonstrate that our services are provided in accordance with these obligations, and these records may contain personal information.

Data storage

We store personal data processed by us for as long as it is considered necessary for the purpose for which it was collected. Personal data about our contacts will be retained by our suppliers for as long as necessary for the purposes set out above (for example, for as long as we have or need to maintain a record of the relationship with the contact, i.e. for the duration of our relationship with the contact or their organization). Personal data may be stored for longer periods of time if extended retention periods are required by law or to establish, exercise or defend our legal rights.