Privacy Policy

ZAB Privacy Policy

Controller: SIA “ZAB Velmers” Reg. No. 40203347668 Legal address: Vīlandes iela 6-3, Riga Telephone: 68202381 E-mail: birojs@velmers.lv

The Controller takes all necessary actions to ensure that your personal data in its possession is secure and that its processing complies with General Data Protection Regulation No. 2016/679 (hereinafter – the Regulation), the Law on the Processing of Personal Data of Natural Persons, as well as other applicable laws and regulations. In view of the above, the Controller has developed this privacy policy with the aim of providing you with the information stipulated by the Regulation.

The Controller draws attention to the fact that Section 67 of the Law on the Bar (Advokātūras likums) stipulates that a sworn advocate may not disclose the secrets of their client not only during the conduct of a case but also after being released from the conduct of the case or after the completion of the case. They must also ensure compliance with these requirements in the work of their staff.

The Controller ensures:

  • Lawful and fair processing of personal data;

  • Data processing only for appropriate purposes explained to the data subject;

  • Data minimization (processing only to the extent necessary);

  • Data accuracy;

  • Data storage for no longer than necessary for the processing purposes;

  • Data security and confidentiality.

2. Personal Data Processing Processes

  • Client's name, surname, personal identity number are processed for the purpose of client identification and the provision of legal services. The legal basis under the Regulation is the performance of a contract (Article 6(1)(b)).

  • Contact information (telephone, e-mail) is processed for the purpose of communication with the client. The legal basis under the Regulation is the performance of a contract and legitimate interests (Article 6(1)(b) and (f)).

  • Financial data (settlement account, invoices, payments) are processed for the purpose of accounting and payment processing. The legal basis under the Regulation is a legal obligation (Article 6(1)(c)).

  • Client's passport, ID card are processed for the purpose of verifying the client's identity in accordance with regulatory acts. The legal basis under the Regulation is a legal obligation (Article 6(1)(c)).

  • Client case information is processed for the purpose of client representation, preparation of documents, and litigation. The legal basis under the Regulation is the performance of a contract and a legal obligation (Article 6(1)(b) and (c)).

  • Data obtained from third parties (e.g., parties to a case) or public registers are processed for the purpose of ensuring legal representation. The legal basis under the Regulation is legitimate interests and fulfillment of a legal obligation (Article 6(1)(c) and (f)).

  • Processing of third-party data (advocates, parties to a case, representatives of parties, or persons involved in resolving legal issues) is carried out for the purpose of ensuring legal representation. The legal basis under the Regulation is legitimate interests and fulfillment of a legal obligation (Article 6(1)(c) and (f)).

  • Transfer of data to third parties outside of legal necessity is carried out regarding contact information and case data. The legal basis under the Regulation is the consent of the data subject (Article 6(1)(a)).

The Controller does not perform automated decision-making or profiling regarding your personal data.

3. Processing of Personal Data in Fulfillment of AML/CTF Obligations

The Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing (AML/CTF Law) obliges the Controller to perform Client identification and due diligence.

As a result of this process, the Controller may obtain data on the Client's economic activities, financial data, status as a politically exposed person, information on sanctions, and reputation.

Information regarding the status of a Politically Exposed Person (PEP) and data from which racial or ethnic origin can be indirectly inferred, as well as other sensitive data, are considered special category data.

The legal basis for the processing of this data is Article 6(1)(c) of the Regulation – processing is necessary for compliance with a legal obligation to which the controller is subject, and Article 9(2)(g) of the Regulation – for reasons of substantial public interest, based on existing Latvian legislation.

4. Personal Data Retention Period

  • For data processed by the Controller on the basis of regulatory acts, the storage duration is determined in accordance with the laws governing document storage.

  • Data processed on the basis of client consent is stored as long as the consent is valid, i.e., until the client has withdrawn it.

  • Personal data processed on the basis of Article 6(1)(f) (legitimate interest) will be stored for as long as necessary to achieve the specific purpose for which the data was obtained.

5. Recipients of Personal Data

Personal data may be transferred to:

  • Courts and state authorities (only when necessary within the framework of a case or for the fulfillment of legal obligations);

  • Notaries, bailiffs, sworn translators (if necessary);

  • Accounting service providers;

  • IT service providers, in compliance with data processing agreements.

6. Data Transfer Outside Latvia

The law firm generally does not transfer your personal data to countries outside the European Economic Area (EEA). Exceptions occur when such a transfer is necessary during the execution of a specific legal task or due to the requirements of regulatory acts.

In such cases, the law firm ensures appropriate data security measures in accordance with the requirements of the Regulation.

7. Data Subject Access to Personal Data

You have the right to request and receive information from the Controller regarding the processing of your data; the right to request access to your personal data; as well as the right to request the Controller to supplement, correct, or delete it, restrict processing, or the right to object to processing, insofar as these rights do not conflict with the purpose of the data processing.

You may submit a request regarding the exercise of your rights in writing in person at the Controller's legal address (presenting an identity document), by mail, or electronically, signed with a secure electronic signature.

The response to the request will be provided no later than within 30 days and sent (by mail or with an electronic signature) to the contact address (residential address or e-mail address) specified in your request.

The Controller draws attention to the fact that personal data whose storage is determined by regulatory acts (accounting, issued invoices, concluded contracts, etc.) can only be deleted in accordance with the requirements of regulatory acts.

You do not have the right to receive information if the disclosure of such information is prohibited by law.

For personal data protection issues, you can contact the Controller's contact person by writing to: birojs@velmers.lv

8. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the Controller has acted unlawfully in the processing of your data, you have the right to lodge a complaint with the supervisory authority – the Data State Inspectorate (DVI), (Elijas iela 17, Riga, LV-1050, e-mail: info@dvi.gov.lv).

9. Validity of the Privacy Policy

The Controller reserves the right to change and supplement the content of this privacy policy from time to time to clarify the description of how the Controller processes your personal data.

In view of the above, we invite you to regularly review this privacy policy to remain informed about the processing of your personal data.

The last changes to the privacy policy were made on June 18, 2025.

2026, ZAB Velmers. All rights reserved.

2026, ZAB Velmers. All rights reserved.

Strategy designed for business

Contacts
About Us

2026, ZAB Velmers. All rights reserved.

Strategy designed for business

Contacts
About Us

2026, ZAB Velmers. All rights reserved.