We are glad that you have expressed interest about our company. SIA “KAK” highly prioritizes data protection. It is possible to use the SIA “KAK” software without submitting personal data: but if the data subject wishes to use specific services provided by our company through our Internet site, it may be necessary to process personal data. Usually, when it is necessary to process personal data and there is no legal basis for such processing, we ask for a permission from the data subject.
The processing of personal data, for example, the name and surname of the data subject, their address, e-mail address or phone number, is performed strictly in accordance with the General Data Protection Regulation (hereafter – GDPR) and the national data protection provisions that are applicable to SIA “KAK”. With this data protection notification SIA “KAK” aims to notify the public about the manner in which SIA “KAK” collects, uses and processes personal data, as well as the scope and purpose of any processing. This data protection notification also informs data subjects about their rights. SIA “KAK” as a personal data processor has implemented several technical and organizational measures in order to ensure the most complete possible protection of personal data in relation to data processing on this Internet site. However, data transmission on the Internet may have inherent security drawbacks therefore we cannot guarantee absolute protection. For this reason, any data subject can choose to submit to us their personal data using alternative means, for example, during a telephone conversation.
1. Definitions
The SIA “KAK” data protection notification is based on the terms that the European legislator has used for the purposes of GDPR. The SIA “KAK” data protection notification should be available and intelligible for the general population, as well as our clients and business partners. In order to ensure this, SIA “KAK” would first like to explain the terminology used in this policy.
In this data protection notification SIA “KAK” uses (among others) the following terms:
a) personal data – ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;.
b) datu subjekts – datu subjekts ir jebkura identificēta vai identificējama fiziska persona, kuras personas datus apstrādā par šo apstrādi atbildīgais pārzinis.
c) processing – ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) restriction of processing – ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
e) profiling – ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) pseudonymisation – ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) controller or the controller responsible for processing – ‘controller’ or ‘the controller
responsible for processing’ means the natural or legal person, public authority, agency
or other body which, alone or jointly with others, determines the purposes and means
of the processing of personal data; where the purposes and means of such processing
are determined by Union or Member State law, the controller or the specific criteria for
its nomination may be provided for by Union or Member State law.
h) processor – ‘processor’ means a natural or legal person, public authority, agency or
other body which processes personal data on behalf of the controller.
i) saņēmējs – saņēmējs ir fiziska vai juridiska persona, publiska iestāde, aģentūra vai cita struktūra, kurai izpauž personas datus — neatkarīgi no tā, vai tā ir trešā persona vai nav. Tomēr publiskas iestādes, kas var saņemt personas datus saistībā ar konkrētu izmeklēšanu saskaņā ar Savienības vai dalībvalsts tiesību aktiem, netiek uzskatītas par saņēmējiem; minēto datu apstrāde, ko veic minētās publiskās iestādes, atbilst piemērojamiem datu aizsardzības noteikumiem saskaņā ar apstrādes nolūkiem.
i) recipient – ‘recipient’ means a natural or legal person, public authority, agency or
another body, to which the personal data are disclosed, whether a third party or not.
However, public authorities which may receive personal data in the framework of a
particular inquiry in accordance with Union or Member State law shall not be regarded
as recipients; the processing of those data by those public authorities shall be in
compliance with the applicable data protection rules according to the purposes of the
processing.
j) third party – ‘third party’ means a natural or legal person, public authority, agency or
body other than the data subject, controller, processor and persons who, under the direct
authority of the controller or processor, are authorized to process personal data.
k) consent – ‘consent’ of the data subject means any freely given, specific, informed
and unambiguous indication of the data subject’s wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the processing of
personal data relating to him or her.
2. Name and surname/name and address of the Controller
According to the General Data Protection Regulation (GDPR), other data protection
legislation applicable in the European Union Member States and other data protection
regulations, the Controller is:
• SIA “KAK”, registration number 40103648886
• Address: Riga, Daugavgrīvas iela 70 k-5 – 39, LV-1007
• E-mail: support@kaktaxi.lv
• Internet site: www.kaktaxi.lv
3. Collection of general data and information
When the data subject or an automated system visits the SIA “KAK” web site, a series
of general data and information is collected. Such general data and information are
stored in the server log files. The following data may be collected:
1) browser software type and version;
2) operating system used by the accessing system;
3) the web site from which the accessing system has been directed to our web site (so-
called referrers);
4) the web site sub-pages;
5) the date and time of accessing the web site;
6) the Internet provider for the accessing system;
and 7) any similar data and information that could be used in case our IT systems are
attacked.
SIA “KAK” does not use such general data and information to make any conclusions
about the data subject. This information is rather required in order to:
1) pareizi pasniegtu mūsu tīmekļa vietnes saturu;
2) optimizētu mūsu tīmekļa vietnes saturu, kā arī reklāmu;
3) nodrošinātu mūsu informācijas tehnoloģiju sistēmu un tīmekļa vietņu tehnoloģiju ilgtermiņa izredzes un
4) nodrošinātu tiesībaizsardzības iestādēm informāciju, kas nepieciešama kriminālvajāšanai kiberuzbrukuma gadījumā.
For these reasons SIA “KAK” analyzes the anonymously collected data and information
statistically with the goal of improving our company data protection and data security,
and ensuring an optimal personal data protection level. The anonymous data in the
server log files are stored separately from any personal data provided by the data
subject.
4. Registration on our web site
In some cases the data subject is given the opportunity to register in the controller’s
web site by indicating his/her personal data. The input mask used for registration
determines which personal data is sent to the controller. The personal data entered by
the data subject is stored and collected only for the internal use of the controller and for
the controller’s needs. The controller may request data transfer to one or several data
processors (for example, packet services) who also use the personal data for internal
purposes that can be applicable to the controller.
During registration in the controller’s web site, the registration date and time is also
stored. Such data are stored because that is the only way in which we can prevent the
abuse of our services and, if necessary, investigate the violations committed. Such data
must be stored for the security of the controller. Such data are not transferred to third
parties unless the law requires the data to be transferred or if the data are transferred for
criminal investigation purposes.
Data subject registration with voluntary submission of personal data is provided in
order for the controller to be able to offer the data subject content or services that can
only be offered to registered users due to the nature of the content or services. The
registered users can at any time freely change the personal data submitted during
registration or completely delete the data from the controller’s data storage.
The data controller, upon request from the data subject, will at any time provide
information about the stored personal data of the data subject. Furthermore, the data
controller will correct or delete any personal data on request of the data subject or upon
receiving instructions from the data subject, unless the law defines a duty for data
storage. The data subject is provided all the necessary contact information for the data
controller’s employees.
5. Subscribing to our informative messages
Upon applying to the SIA “KAK” service, the users have the option of subscribing to
the informative messages of our company. The input mask used for this purpose
determines which personal data are transferred, as well as the time when the informative
message is sent by the controller.
SIA “KAK” regularly uses the informative messages to notify its clients and business
partners about the company offers. The data subject can only receive the informative
messages from the company if: 1) the data subject has a valid e-mail address and 2) the
data subject has performed registration for receiving the informative messages. For
legal purposes the confirmation e-mail is sent to the e-mail address that the data subject
initially registered for receiving informative messages, using the double application
procedure. This confirmation e-mail is used to prove whether the owner of the e-mail
address (who is the data subject) is authorized to receive the informative messages.
When the user registers for receiving informative messages, we also store the
registration date and time. It is necessary to collect such data in order to understand the
possible abuse of the data subject’s e-mail address in the future, and therefore it serves
the legal interest of the controller to ensure his own security.
Personal data collected during registration for receiving informative messages will only
be used for sending our informative messages. The subscribers to the informative
messages can also be notified by e-mail if this is required for the operation of the
informative message service or for performing the registration, in case of making
changes to the informative message service or making technical changes. The personal
data collected as part of the informative message service will not be transferred to third
parties. The data subject can at any time cancel the informative message service. The
consent for storing personal data that the data subject gives for purposes of receiving
informative messages can be revoked at any time. Each informative message contains
a corresponding link for revoking the consent. The informative message service can
also be cancelled at any time on the controller’s web site or by otherwise notifying the
controller.
6. Informative messages – tracking
The SIA “KAK” informative messages contain the so-called tracking pixels. A tracking
pixel is a miniature graphical element that is embedded in e-mails sent in an HTML
format in order to ensure the recording and analysis of log files. This allows statistically
analyzing the successes or failures of online marketing campaigns. Using the embedded
tracking pixel, SIA “KAK” can find out if and when the data subject has opened the e-
mail and which links in the e-mail the data subjects have viewed.
The controller stores and analyzes the personal data collected in the tracking pixels
contained in the informative messages in order to optimize the delivery of the
informative messages and to better adapt the content of further informative context to
the interests of the data subjects. Such personal data are not transferred to third parties.
Data subjects have the right to cancel the corresponding separate consent message
(issued using the double choice procedure) at any time. After cancelling, the data
controller deletes such personal data. SIA “KAK” automatically assumes that a user
declining to receive informative messages has performed such cancellation.
7. Possibility to communicate using the web site
The SIA “KAK” company web site contains information that allows the users to quickly
contact us electronically, as well as directly contact us using our general e-mail address.
If the data subject contacts the data controller through e-mail or using the
communication form, then then personal data sent by the data subject are automatically
stored. Such personal data voluntarily sent by the data subject to the data controller are
stored for purposes of processing or for purposes of contacting the data subject. Such
personal data are not transferred to third parties.
8. Regular deletion and blocking of personal data
The data controller processes and stores personal data only during the period that is
required for the specific purpose of data storage, or as long as allowed by the European
Union legislator or other legislators according to the legislation that is applicable to the
data controller.
If the purpose of storage is not applicable or if the storage term defined by the European
Union legislator or other legislators has passed, then the personal data are regularly
deleted according to legal requirements.
9. Rights of the data subject
a) rights of confirmation – each data subject may use the rights established by the
European Union legislator to receive from the data controller a confirmation of the fact
that the data subject’s data is being processed. If the data subject wishes to use these
rights of confirmation, then he/she can contact the controller at any time.
b) rights of access – each data subject may use the rights established by the European
Union legislator to receive from the data controller free-of-charge information about
his/her personal data that is stored at any given time and a copy of such data.
Furthermore, the European directives and regulations grant the data subject access to
such information:
o the purposes of the processing;
o the categories of personal data concerned;
o the recipients or categories of recipients of the personal data to whom the
personal are or will be disclosed, in particular recipients in third countries or
international organizations;
o if possible, the period for which the personal data will be stored, or if that is
not possible, the criteria used to determine that period;
o the existence of the right to request from the controller access to and
rectification or erasure of personal data or restriction of processing concerning
the data subject and to object to processing;
o the right to lodge a complaint with a supervisory authority;
o if the personal data is not collected from the data subject, any available
information about their source;
o the existence of automated decision-making, including profiling, referred to
in Article 22(1) and (4) of GDPR and, at least in those cases, meaningful
information about the logic involved, as well as the significance and the
envisaged consequences of such processing for the data subject.
Additionally the data subject has the right to obtain information about whether the
personal data are transferred to a third country or international organizations. In that
case the data subject can demand information about the corresponding security
measures that are applied to the data transfer.
If the data subject wishes to use such rights of access, he/she can contact us at any time.
c) right to rectification – according to the European legislator, the data subject has the
right to obtain from the controller without undue delay the rectification of inaccurate
personal data concerning him or her. Taking into account the purposes of the processing,
the data subject has the right to have incomplete personal data completed, including by
means of providing a supplementary statement.
If the data subject wishes to use such rights of rectification, he/she can contact us at any
time.
d) right to erasure (‘right to be forgotten’) – according to the European legislator, the
data subject has the right to obtain from the controller the erasure of personal data
concerning him or her without undue delay and the controller has the obligation to erase
personal data without undue delay where one of the following grounds applies and
unless processing is required:
o the personal data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed;
o the data subject withdraws consent on which the processing is based
according to point (a) of Article 6(1), or point (a) of Article 9(2) of GDPR, and
where there is no other legal ground for the processing;
o the data subject objects to the processing pursuant to Article 21(1) of GDPR
and there are no overriding legitimate grounds for the processing, or the data
subject objects to the processing pursuant to Article 21(2) of GDPR;
o the personal data have been unlawfully processed;
o the personal data have to be erased for compliance with a legal obligation in
Union or Member State law to which the controller is subject;
o the personal data have been collected in relation to the offer of information
society services referred to in Article 8(1).
If any of the reasons listed above is applicable and the data subject wishes to request
the erasure of personal data stored by SIA “KAK”, then he/she may at any time contact
us using the e-mail address indicated above. An employee of SIA “KAK” will
immediately ensure that the request for erasure is implemented without delay.
If the controller has published personal data and according to Article 17(1) the
controller must erase personal data, the controller, taking into consideration available
technology and implementation costs, makes reasonable efforts, including technical
efforts, to notify other controllers that process personal data that the data subject has
requested and inform them that they must delete any links to personal data and the
copies and replications of such data, as far as processing is not required.
In special cases the SIA “KAK” employees will organize the necessary measures.
e) right to restriction of processing – according to the European legislator, the data
subject has the right to obtain from the controller restriction of processing where one
of the following applies:
o the accuracy of the personal data is contested by the data subject, for a period
enabling the controller to verify the accuracy of the personal data;
o the processing is unlawful and the data subject opposes the erasure of the
personal data and requests the restriction of their use instead;
o the controller no longer needs the personal data for the purposes of the
processing, but they are required by the data subject for the establishment,
exercise or defense of legal claims;
o the data subject has objected to processing pursuant to Article 21(1) of GDPR
pending the verification whether the legitimate grounds of the controller
override those of the data subject.
If any of the conditions listed above applies and the data subject wishes to request the
erasure the restriction of personal data stored by SIA “KAK”, then he/she may at any
time contact us using the e-mail address indicated above. An employee of SIA “KAK”
will organize the restriction of data processing.
f) right to data portability– according to the European legislator, the data subject has
the right to receive the personal data concerning him or her, which he or she has
provided to a controller, in a structured, commonly used and machine-readable format
and have the right to transmit those data to another controller without hindrance from
the controller to which the personal data have been provided, where the processing is
based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of
GDPR or on a contract pursuant to point (b) of Article 6(1) of GDPR ; and the
processing is carried out by automated means, unless processing is necessary for the
performance of a task carried out in the public interest or in the exercise of official
authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1)
of GDPR, the data subject has have the right to have the personal data transmitted
directly from one controller to another, where technically feasible, and unless such
actions would negatively affect the rights and freedoms of other persons.
In order to use the rights to portability, the data subject can at any time contact any
employee of SIA “KAK”.
In order to use the rights to portability, the data subject can at any time contact any
employee of SIA “KAK”.
g) right to object – each data subject has the right to object, on grounds relating to his
or her particular situation, at any time to processing of personal data concerning him or
her which is based on point (e) or (f) of Article 6(1) of GDPR, including profiling based
on those provisions.
SIA “KAK” shall no longer process the personal data unless we can demonstrate
compelling legitimate grounds for the processing which override the interests, rights
and freedoms of the data subject or for the establishment, exercise or defense of legal
claims.
If SIA “KAK” processes personal data for direct marketing purposes, the data subject
has the right to object at any time to processing of personal data concerning him or her
for such marketing, which includes profiling to the extent that it is related to such direct
marketing. If the data subject objects to SIA “KAK” processing personal data for direct
marketing purposes, then SIA “KAK” will no longer process personal data for such
purposes.
Furthermore, if SIA “KAK” processes personal data for scientific or historical research
purposes or statistical purposes pursuant to Article 89(1) of GDPR, the data subject, on
grounds relating to his or her particular situation, has the right to object to processing
of personal data concerning him or her, unless the processing is necessary for the
performance of a task carried out for reasons of public interest.
In order to use his/her right to object, the data subject can directly contact employees
of SIA “KAK”. In the context of the use of information society services, and
notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to
object by automated means using technical specifications.
h) automated individual decision-making, including profiling – each data subject has
the right not to be subject to a decision based solely on automated processing, including
profiling, which produces legal effects concerning him or her or similarly significantly
affects him or her, unless such a decision: 1) is necessary for entering into, or
performance of, a contract between the data subject and a data controller, or 2) is
authorized by Union or Member State law to which the controller is subject and which
also lays down suitable measures to safeguard the data subject’s rights and freedoms
and legitimate interests; or 3) is based on the data subject’s explicit consent.
If the decision
1) is necessary for entering into, or performance of, a contract between
the data subject and a data controller, or 2) is based on the data subject’s explicit consent,
then SIA “KAK” will implement suitable measures to safeguard the data subject’s rights
and freedoms and legitimate interests, at least the right to obtain human intervention on
the part of the controller, to express his or her point of view and to contest the decision.
In order to use his/her rights in relation to automated individual decision-making, the
data subject can at any time directly contact employees of SIA “KAK”.
i) right to withdraw consent – each data subject has the right to withdraw his/her consent
to data processing at any time.
In order to use his/her rights to withdraw consent, the data subject can at any time
directly contact employees of SIA “KAK”.
10. procedures
Data protection on submitting applications and during application
The data controller collects and processes the personal data of applicants for purposes
of processing applications. Such processing can also be performed electronically. This
particularly applies to cases when the applicant submits application documents to the
controller by e-mail or using the application form on the web site. If the data controller
signs an employment contract with the applicant, the submitted data are stored for
employment relation management purposes according to requirements of applicable
legislation. If the controller does not sign an employment contract with the applicant,
the application documents are automatically deleted two months after notifying the
rejection decision, unless deletion of data contradicts other legitimate interests of the
controller. Such legitimate interests in the context of such relations could be, for
example, the duty to provide proof in procedures connected to laws on equal treatment.
11. The legal basis for processing
Article 6(1) of GDPR serves as the legal basis for processing actions for which we
receive consent for a specific processing purpose. If personal data processing is required
in order to implement a contract to which the data subject is a party, for example, if
processing actions are required for supplying products or providing any other service,
then processing is performed on the basis of Article 6(1) (b) of GDPR. The same applies
to processing actions that are required for measures before concluding a contract, for
example, in order to answer questions about our products or services. If our company
is legally required to perform personal data processing, for example, in order to comply
with tax legislation, then processing is performed on the basis of Article 6(1) (c) of
GDPR.
In rare cases personal data processing can be required in order to protect
essential interests of the data subject or other natural persons. This applies, for example,
to cases when a guest has been injured in our company and his/her name, age, health
insurance data or other essential information must be provided to a doctor, hospital or
other third party. In that case processing is performed on the basis of Article 6(1) (d) of
GDPR.
Finally, processing may be based on Article 6(1) (f) of GDPR. This legal basis
is used for processing actions to which other legal basis does not apply, if data
processing is required for implementing our legitimate interests or the legitimate
interests of a third party, with the exception of cases when such legitimate interests
override the data subject’s interests, fundamental rights and freedoms that require
personal data protection. Such processing actions are particularly allowed since they
have been separately noted by the European legislator who believes that a legitimate
interest can be taken into account if the data subject is a client of the controller (2nd
sentence of Consideration 47 of GDPR).
12. Legitimate interests of the controller or a third party
If data processing is performed on the basis of Article 6(1) (f) of GDPR, then our
legitimate interests consist in conducting our business: developing and promoting our
products and services.
13. The period for storing personal data
The criterion for determining the period for storing personal data is the storage term
defined by the law. After the end of such a term the corresponding data usually are
deleted unless they are still required for the performance of the corresponding
processing purpose.
14. Provision of personal data as a compulsory requirement or contractual requirement; requirements for concluding a contract; the obligation
of a data subject to provide personal data; possible consequences for not providing
such data.
We hereby clarify that the provision of personal data is partly required by legislation
(for example, tax law and other laws) or might be required according to terms of a
contract (for example, information about the contractual partner).
Occasionally it might be necessary to sign a contract according to which the data subject
provides us his/her personal data which we then must process. The data subject has the
obligation to provide to us his/her personal data when we conclude a contract with the
data subject. The consequences of not providing personal data in that case would consist
in the impossibility to conclude a contract with the data subject.
Prior to providing personal data the data subject must contact an employee of our
company. The employee will provide to the data subject detailed information on
whether the provision of personal data is required by law or by contract, whether it is
necessary for concluding a contract, whether there exists a duty to provide personal
data, and what are the consequences of not providing personal data.
Last updated on September 10, 2025.
