Privacy Policy

Effective date: June 19, 2026  ·  Last updated: June 19, 2026

This Privacy Policy explains how ITIS collects and uses personal data through itis.lv, its contact and quotation forms, and related business communications. It also explains the choices and rights available to individuals under Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR) and applicable Latvian law.

1. Controller and contact details

The controller responsible for the processing described in this policy is SIA ITIS, registration number 40003793615, trading as ITIS.

Registered address: Augusta Deglava 7-6, Riga, LV-1009, Latvia

General email: pm_office [at] itis.lv

Privacy requests: pm_office [at] itis.lv

Telephone: +371 29183217

2. Scope

This policy applies to personal data collected through itis.lv and direct communications relating to ITIS services. It does not replace a customer-specific privacy notice or data processing agreement where ITIS processes personal data on behalf of a customer. In those circumstances, the customer generally determines the purposes and means of processing and ITIS acts as a processor under the applicable contract.

3. Personal data we collect

Depending on how you interact with ITIS, we may collect:

• Identity and business-contact data, such as name, job title, employer, email address and telephone number.
• Inquiry data, including the service requested, project requirements, message content and attachments you choose to provide.
• Commercial and contract data, including quotations, proposals, customer contacts, correspondence and transaction records.
• Technical data, such as IP address, browser type, device information, timestamps, requested URLs, security events and server logs.
• Cookie and similar-technology data, where such technologies are used and permitted.
• Recruitment data if you apply for a role, including your CV, qualifications, employment history and communications.

Please do not submit health data, government identification documents, financial credentials, criminal-record information or other sensitive personal data through a general contact form unless ITIS specifically requests it through an appropriate secure channel.

4. Purposes and legal bases

Where processing relies on legitimate interests, ITIS balances those interests against the rights and reasonable expectations of the affected individual. Where processing relies on consent, consent may be withdrawn at any time without affecting processing already carried out lawfully.

5. Contact and quotation forms

ITIS uses information submitted through a contact or quotation form to understand the request, communicate with the sender, prepare a response or proposal, and protect the form from spam or abuse. Fields marked as required are necessary to process the request. If required information is not provided, ITIS may be unable to respond.

Submitting an inquiry does not subscribe the sender to marketing. Any marketing subscription must be clearly separated from the inquiry and, where consent is required, use an optional unchecked control.

6. Recipients and processors

Personal data may be accessed by authorized ITIS personnel and disclosed to service providers only as necessary for the purposes described above. Categories may include website hosting, email, customer relationship management, file storage, IT support, backup, security, anti-spam, analytics, accounting and professional-advisory providers.

Currently used processors: Cloudflare Turnstile, Telegram (private channel), Dexik, Inc.

ITIS may also disclose information where required by law, to protect legal rights or system security, in connection with a corporate transaction, or with the individual's instruction or consent.

7. Messaging platforms, including Telegram

Where ITIS uses Telegram or another messaging platform to notify personnel about a new inquiry, the notification is kept to the minimum information necessary. Use of a messaging platform for ITIS's internal workflow is not a condition of sending an inquiry; any genuinely optional processing that relies on consent is presented separately, and the inquiry remains usable without that consent.

8. International transfers

Some service providers may process personal data outside Latvia or the European Economic Area. Where a restricted international transfer occurs, ITIS will use a legally recognized transfer mechanism, such as an adequacy decision or the European Commission's Standard Contractual Clauses, and supplementary safeguards where required. Information about relevant safeguards may be requested using the privacy contact above.

9. Retention

ITIS retains personal data only as long as reasonably necessary for the applicable purpose, legal obligation, security need or legal claim. The periods are:

• General inquiries that do not lead to a commercial relationship: up to 12 months after the last substantive communication.
• Quotation and prospective-customer records: up to 24 months after the last substantive communication.
• Customer and contract records: for the relationship and the applicable statutory limitation, accounting and tax periods.
• Website and security logs: 180 days unless an incident requires longer retention.
• Consent and objection records: as long as needed to demonstrate compliance.

Information may be retained longer where reasonably necessary to establish, exercise or defend legal claims, investigate security incidents, or comply with a preservation obligation.

10. Cookies and similar technologies

ITIS may use strictly necessary technologies to operate and secure the website. Analytics, advertising or other non-essential technologies will be used only in accordance with applicable consent requirements. Where consent is required, those technologies remain disabled until consent is obtained, and the visitor is able to withdraw consent as easily as it was given.

11. Your rights

Subject to the conditions and exceptions in applicable law, an individual may:

• Request access to personal data and information about its processing.
• Request correction of inaccurate or incomplete data.
• Request deletion of personal data.
• Request restriction of processing.
• Object to processing based on legitimate interests and object at any time to direct marketing.
• Receive certain data in a portable format.
• Withdraw consent at any time where consent is the legal basis.
• Lodge a complaint with a supervisory authority.

Requests may be sent to pm_office [at] itis.lv. ITIS may request information reasonably necessary to verify identity and will respond within the time required by law.

The Latvian supervisory authority is the Data State Inspectorate (Datu valsts inspekcija), Elijas iela 17, Riga, LV-1050, Latvia; telephone +371 67223131; website: https://www.dvi.gov.lv/en.

12. Automated decisions

ITIS does not use information submitted through its public website forms to make decisions based solely on automated processing that produce legal or similarly significant effects.

13. Security

ITIS uses technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration or disclosure. Measures are selected according to the nature of the data and processing risk. No website, transmission or storage system can be guaranteed completely secure.

14. Children

The website and ITIS business services are not directed to children. ITIS does not knowingly use its public forms to collect personal data from children. A parent or guardian who believes a child has submitted personal data may contact ITIS to request review and deletion.

15. Changes to this policy

ITIS may update this policy when its services, providers or legal obligations change. The current version will be posted on this page with its effective date. Material changes will be highlighted or otherwise communicated where appropriate.