Get a Quote
Account

Data Processing Policy

The processing of personal data (hereinafter – Data Processing) describes how SIA “Fortsuno” (hereinafter – Fortsuno) carries out the processing of Personal Data.

1. Definitions

Personal Data – any information relating to a Client directly or indirectly.

Processing – any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, organization, storage, use, combination, erasure, or destruction.

Client – any natural person who uses, has used, has expressed a desire to use Fortsuno’s Services, or is otherwise connected to the use of Services and/or the user, or who is in any other relationship with Fortsuno established before the effective date of this Data Processing.

Controller – any person who alone or jointly determines the purposes and means of Processing of Personal Data. In the context of this Data Processing, the Controller is Fortsuno.

Processor – any person who Processes Personal Data on behalf of the Controller.

Recipient – natural or legal person, public authority, or other institution to whom Fortsuno is authorized to disclose Personal Data.

Data Protection Legislation – applicable EU and national data protection laws, such as Regulation (EU) 2016/679 (General Data Protection Regulation), Cabinet Regulation No. 558, Information Technology Security Law, and Cabinet Regulation No. 748.

Applicable Law – laws binding on Fortsuno, including those related to anti-money laundering, business activities, data protection, taxation, and accounting.

Services – any services, consultations, and products provided by Fortsuno through its office, website, phone, video stream, or other channels.

EU/EEA – the European Union/European Economic Area.

2. General Provisions

This Data Processing Policy describes how Fortsuno Processes Personal Data. Additional information may be provided in agreements and other Service-related documents.

In accordance with Data Protection Legislation, Fortsuno ensures the confidentiality of Personal Data. Fortsuno has implemented appropriate technical and organizational measures to protect Personal Data against unauthorized access, unlawful disclosure, accidental loss, alteration, destruction, or any other unlawful Processing.

3. Personal Data Processing by Fortsuno

3.1. Collection and Categories of Data Subjects

Personal Data is collected directly from the Client and from use of Services, as well as indirectly from external sources, such as public and private registers or databases. Fortsuno may record phone calls, visual images, video/audio, email communication, or other interactions.

Fortsuno primarily collects and Processes Personal Data of individuals who have entered into or wish to enter into contracts with Fortsuno, i.e., Clients or prospective Clients.

3.2. Categories of Personal Data

Examples include:

  • Identification data (e.g., personal ID number, date of birth, identity document details);
  • Contact information (e.g., address, phone number, email, preferred language);
  • Financial data (e.g., ownership, transactions, income, liabilities);
  • Account data (e.g., card number, bank account number);
  • Reliability and due diligence data (e.g., payment discipline, losses caused, AML/KYC/sanctions compliance);
  • Statutory data (e.g., data Fortsuno must submit to tax authorities, courts);
  • Communication and device data (e.g., emails, images, video/audio recordings);
  • Demographic data (e.g., country of residence, citizenship);
  • Data on relationships with legal entities (e.g., submitted by Client or obtained from public databases);
  • Special categories of data (e.g., health data), processed with explicit consent or Fortsuno’s legitimate interest;
  • Criminal conviction and offense data.

4. Legal Bases and Purposes of Processing

4.1. Contract Performance

  • To take steps prior to and to conclude, perform, maintain, and terminate contracts;
  • To manage Client relationships and administer access to Services;
  • To monitor business transactions and communications (e.g., record phone calls or video streams).


4.2. Legal Obligations

  • To identify and verify the Client and ensure up-to-date data;
  • To prevent, detect, investigate, and report money laundering or terrorist financing;
  • To report suspicious transactions or market abuse;
  • To transfer data to third-party payment service providers;
  • To fulfill other obligations under Applicable Law.


4.3. Consent
In some cases, Fortsuno will obtain the Client’s consent for specific purposes. Consent may be withdrawn at any time. Submission of health data will be treated as explicit consent.

5. Recipients of Personal Data

Data may be disclosed to:

  • Authorities and officials (e.g., regulatory, tax, law enforcement, courts);
  • Third-party payment providers, where required by law or contract;
  • Insurance/reinsurance service providers, intermediaries, and transaction partners;
  • Debt collection agencies, assignees, insolvency administrators;
  • Guarantors of Client obligations;
  • Other service providers related to Fortsuno’s Services.

6. Geographical Scope

Data is typically Processed in the EU/EEA, but may be transferred outside it if:

  • The third country has an adequate protection level per EU Commission decision;
  • Specific exceptions apply (e.g., consent, contract, legal claims, public interest).
  • Further details on such transfers can be provided upon request.

7. Retention Period

Data retention depends on the purpose and legal obligations. Fortsuno Processes Personal Data during contractual relationships and retains data afterward for the maximum limitation period under law. If consent-based, data is kept as long as consent remains valid. Data may also be retained for legitimate interests such as legal claims. Fortsuno minimizes Processing duration in all cases.


8. Data Subject Rights

Clients have the right to:

  • Confirm if data is being Processed and access it;
  • Request correction of inaccurate or incomplete data;
  • Request erasure of data;
  • Restrict Processing;
  • Object to Processing based on Fortsuno’s legitimate interests;
  • Object to direct marketing;
  • Receive data in a structured format and transmit it to another provider (data portability);
  • Withdraw consent;
  • Not be subject to fully automated decision-making, including profiling, unless necessary for contract performance, authorized by law, or based on explicit consent.


Clients may submit complaints to the Data State Inspectorate (www.dvi.gov.lv) if their rights are violated.

9. Contact Information

To make requests, withdraw consent, or exercise rights, Clients may contact Fortsuno at: rendijs@fortsuno.lv

10. Validity and Amendments

Fortsuno may unilaterally amend this Policy at any time in compliance with Applicable Law.

This Policy is prepared in English.