Privacy policy

Version: October 18, 2022
This privacy policy informs and explains how SE “Capitalia” (further - Capitalia) processes personal data about clients and their representatives (including on websites www.capitalia.com/lv, www.capitalia.com/lt, www.capitalia.com/ee (further – Websites)), complying with the provisions of the EU’s General Data Protection Regulation No.2016/679 (further – GDPR).

Controller of personal data processing: SE „Capitalia” (reg.No.40003933213, legal address: Stabu iela 20-1, Riga, Latvia, LV-1011). Contact information: phone: +371-28800880, e-mail address: info@capitalia.com).

Capitalia evaluates the necessity of processing the personal data of each person. Therefore, the further information is about our targets for personal data processing and legal basis which is essential for Capitalia commercial processes.


1. The aim and purpose for personal data processing

The aim of data processing indicates the expected result. The legal basis for data processing shows which of the legal bases recognized by GDPR is used on the acquisition, use or storage of your personal data.

Capitalia obtains and uses personal data for such general processes:

1.1. when processing financing, loan application or other application to Capitalia. Your name, surname, e-mail address, phone number will be processed to clarify the details of the product you are interested in, and to prepare a customized offer in order to conclude an agreement (GDPR Article 6, Clause 1, subparagraph “b”);

1.2. when registering an investor’s account on the website of Capitalia (GDPR Article 6, Clause 1, subparagraph “a” for a private individual or subparagraph “f” for legal entities);

1.3. when processing your or your company’s submitted application for Capitalia products for investor’s application to evaluate the transaction’s compliance with regulatory acts, especially its feasibility in relation to the requirements of the Law on the Prevention of Laundering of Criminal Proceeds and the Financing of Terrorism and Proliferation, as well as the Law on International and National Sanctions of the Republic of Latvia, as well as the obligation to identify the true beneficiary. In such situations, additional information can be obtained from third-party registers (credit history database, credit bureau database, public state registers, etc.) (GDPR Article 6, Clause 1, subparagraph “c”);

1.4. when communicating with Capitalia through e-mail or other company’s communication channels. Your name, surname, e-mail address, phone number, address, city, name of the company (if a legal entity is represented by its employee), and the submitted message will be used for inquiry and respond to your request for information about our service offerings and concluding an agreement in accordance with your consent (GDPR Article 6, Clause 1, subparagraph “a”);

1.5. when Capitalia is sending commercial or marketing e-mails in accordance with your consent (GDPR Article 6, Clause 1, subparagraph “a”);

1.6. Capitalia can process your personal data to comply with GDPR requirements if you have submitted questions about your personal data processing or wish to exercise any of the data subject’s rights under the GDPR. The processed personal data: name, surname, address, e-mail, in case of an electronic submission also personal ID. The legal basis for the processing: fulfillment of legal obligation and legal interests of the controller (GDPR Article 6, Clause 1, subparagraph “c” and subparagraph “f”);

Capitalia does not obtain and does not process special categories of personal data or personal data on criminal convictions.


2. The categories of receivers of personal data

2.1. Capitalia does not give access to its database to unauthorized persons and protects your submitted personal information. Individual personal data can be forwarded to other parties only:

2.1.1. to provide website operations and service functioning (for example, to the website maintenance and server accommodation service providers);

2.1.2. to personal data processors which maintain Capitalia company data as outsourcers;

2.1.3. to check personal data in third-party registers.

2.2. Capitalia has the duty to transfer the data to state institutions when the institution’s request is received in the cases specified in the regulatory acts.


3. Personal data storage terms

3.1. Personal data is stored and used in accordance with the defined personal data processing purposes and personal data processing legal basis as long as Capitalia has at least one of these criteria:

3.1.1. there is a certain legal obligation to store the data for a certain time period to comply with the regulatory acts;

3.1.2. it is necessary to realize its legitimate interests;

3.1.3. it is necessary to fulfill the assumed contractual obligations as well as a certain time after the fulfillment of the contract;

3.1.4. data subject consent for the particular personal data processing is in force.


4. Your rights, their enforcement and restrictions related to personal data processing

We inform you about the rights that Capitalia provides you as a data subject. We draw your attention that GDPR or the law might determine restrictions for the enforcement of these rights and each rights enforcement application is evaluated individually.

4.1. Right to access your own personal data
Capitalia will provide you with a confirmation that Capitalia processes your personal data and will issue a summary of the processed data as additional information in compliance with GDPR. Capitalia is entitled not to provide the personal data or not to disclose personal data receivers in case if personal data or data receiver’s disclosing is restricted by law, for example, Anti-Money Laundering and Terrorism and Proliferation Financing Act.

4.2. Right to request correction or complementation of imprecise personal data
Capitalia encourages to submit changes if they have happened in name, surname, delivery address, contact information or in other personal data which is needed to provide correct personal data processing.
Capitalia will review the request for correcting wrong or imprecise data and, if the demand is justified, personal data will be corrected, by providing you with a relevant notice for the decision. The right to request personal data does not concern documents which are kept in the archive or other exceptional cases.

4.3. Right to request limitation (suspension) of personal data processing
Capitalia will automatically limit your personal data processing (except storing) if:

Processing is limited for the period of time while the request for personal data correction or the request for the objection is reviewed. In other cases, you have to demand that Capitalia limits personal data processing, by stating a reason.

4.4. Right to object against personal data processing
You have the right to object against particular personal data processing process in cases when Capitalia performs processing in favor of Capitalia interests or on the basis of legitimate interest. When reviewing the request, Capitalia has the right to fulfill the request either fully or partially. In case if Capitalia recognizes it has compelling legal interest to process your personal data, the request will not be fulfilled.

4.5. Right to request the deletion of your personal data
Capitalia will review if there is a basis set by the GDPR to delete the personal data and will inform about the decision made. Rights for data deletion do not exist if the data must be stored to comply with legal requirements.

4.6. Right to withdraw consent
If personal data processing is performed on the basis of consent, it can be withdrawn. Capitalia will suspend the processing for the purpose for which consent was given, with the exception of cases when personal data will be stored to protect Capitalia legitimate interests.
Consent withdrawal cannot affect the processing of such personal data which is necessary to fulfill the requirements of regulatory acts or which bases on an agreement, Capitalia legitimate interests, or other bases for legal processing of personal data specified in regulatory acts.

4.7. By sending any request for your rights, you submit your personal data to Capitalia. In this case, the target of the data processing is to make a decision and provide you with an answer regarding this request and the request itself will be stored for five years starting from the date when Capitalia’s response is provided to save proof for fulfilling data subject rights.

4.8. You can realize the above-mentioned data subject rights by submitting an application in any of the following ways:

4.8.1. a written and signed- by-hand application which is addressed to Capitalia legal address stated in this Privacy policy;

4.8.2. an application signed with a secure electronic signature, which is addressed to Capitalia and sent to e-mail address: info@capitalia.com. In order for Capitalia to send a reply to your e-mail address in substance, the submission signed with a secured electronic signature must contain your e-mail address to which you want to receive a reply.
Every right fulfillment application will be reviewed as soon as possible but no later than in one month’s time.

4.9. Data subject has the right to submit a complain to the supervising authority. If you have any questions about the personal data processing, you need to turn to Capitalia, by writing to the e-mail address: info@capitalia.com. If you are not satisfied with the received reply, you have the right to submit a complain to Data state inspectorate: Elijas iela 17, Riga, Latvia, LV-1050.


5. Changes in privacy policy and consultations

Privacy policy can be regularly updated and changes can be made in it. By making changes in the Privacy policy, they are published and updated on the website: www.capitalia.com.

We will be glad to hear your questions, comments, and requests regarding Privacy, and they have to be addressed to SE “Capitalia”, registration No.40003933213, Stabu iela 20-1, Riga, LV-1011, Latvia, or sent to the e-mail address: info@capitalia.com.