1. Purpose and Scope of the Document

1.1. The purpose of this document is to provide clear information to natural persons – data subjects (potential or existing clients of SIA Qtech, partners, job applicants, or any other persons whose personal data may come into the possession of SIA Qtech) – about the manner in which SIA Qtech, operating under the brand “Qticket,” processes personal data.
1.2. This Policy applies to:
a) Clients of SIA Qtech (including former and potential clients) and their representatives;
b) Cooperation partners and their representatives;
c) Third parties that, in connection with the provision or receipt of services, process personal data;
d) Users of SIA Qtech websites and mobile applications.

1.3. The Policy applies to personal data processing regardless of the form of submission (via website, application, in paper format, by phone, or in person).
1.4. If the platform is used for services of partners (e.g., municipalities), the data controller is the respective service provider, while SIA Qtech acts as the data processor.

2. Definitions and Terms

  • Processing: any operation with personal data – collection, registration, organization, storage, adaptation, use, disclosure, alignment, erasure, etc.

  • Data Processor: a person or organization that processes personal data on behalf of the controller.

  • Special Category Data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health data, or data on sex life or sexual orientation.

  • Client: a natural or legal person that enters into, or prepares to enter into, an agreement with SIA Qtech.

  • Personal Data: any information relating to an identified or identifiable natural person (e.g., name, surname, personal identification number, IP address).

  • Third Party: a person or entity that is not the data subject, controller, or processor and to whom data may be disclosed.

  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data.

Terms not defined in this document are used in accordance with the General Data Protection Regulation, the eIDAS Regulation, and other applicable laws governing personal data protection and electronic identification services.

3. General Provisions

3.1. SIA Qtech ensures that personal data are processed in compliance with the laws of the Republic of Latvia, the GDPR, and other applicable legislation in the field of privacy and data protection.
3.2. Qtech implements appropriate physical, technical, and organizational security measures (such as access control, encryption, audits) to protect personal data from unauthorized access, disclosure, or destruction.
3.3. When data are processed via the Qtech website or application, the data controller is SIA Qtech. When processed within the framework of partner services, the respective service provider is the data controller and Qtech acts as a data processor. In the mobile application, Qtech is the controller at the installation, registration, and service selection stage; thereafter, the respective partner becomes the controller.
3.4. Regarding cookies, data subjects are informed upon visiting any SIA Qtech-managed website. The SIA Qtech Cookie Policy is available at: www.qticket.lv.

4. Categories of Personal Data

  • Identification data: name, surname, personal ID or identification number, date of birth, document details, signature.

  • Contact details: phone number, email address.

  • Appointment data: location and date of visit, type of service, chosen provider, appointment status (confirmed, canceled).

  • Client data: application number/date, contract number/date, contract status, address.

  • Service data: service name and parameters (address, prices, dates).

  • Communication data: correspondence sent/received (emails, SMS), phone call data.

  • Web activity data: IP address, cookie identifiers, audit logs, browser data.

  • Job applicant data: information provided in applications (name, surname, gender, date of birth, contact information, work experience, education, language skills, etc.).

5. Purposes of Processing

5.1. Service provision and contract execution: customer relationship management, appointment functionality (authentication, reservation, confirmations, security checks), technical support.
5.2. System maintenance and development: development of new functionalities, service improvement, user needs analysis, communication regarding service changes.
5.3. Security and protection of rights: protection of Qtech or partner property and persons’ life/health, access control, use of reCAPTCHA, incident prevention and logging.
5.4. Compliance with legal obligations: reporting to state authorities and law enforcement bodies as required by law.
5.5. Protection of rights and legitimate interests: enforcement of contractual obligations, debt recovery, dispute resolution.
5.6. Recruitment: processing of candidate data for competitions and selection.
5.7. Specific purposes: communicated to the data subject at the time of data submission (e.g., event organization).

6. Legal Bases

  • Contract conclusion and performance – data required to provide services requested by the client.

  • Legal obligation – Qtech fulfills statutory duties (e.g., accounting, mandatory reporting).

  • Legitimate interests – ensuring system operation and security, developing services, protecting Qtech rights.

  • Consent – for analytics or marketing cookies, location usage, and future additional services (e.g., eParaksts).

  • Public interest – when services are provided by state or municipal institutions.

7. Data Disclosure

7.1. Data recipients: cooperation partners (e.g., municipalities), IT and hosting processors, email/SMS providers, authentication and security service providers (e.g., Google reCAPTCHA), payment provider Klix (only payment status is received).
7.2. Qtech discloses data only to the extent necessary for service provision as required by contract or law.
7.3. Data may be provided to state authorities and auditors when required by legislation.
7.4. Transfers outside the EU/EEA are carried out only with appropriate safeguards (EU Standard Contractual Clauses, EU–US Data Privacy Framework) and adequate security guarantees.

8. Data Storage and Protection

8.1. Data retention periods:

  • Active accounts – up to 3 years after closure;

  • Appointment data – until service provision and 1 year thereafter;

  • Audit logs – at least 18 months;

  • Communication and recruitment data – up to 6 months or 2 years, depending on purpose.

8.2. After expiry, data are deleted or anonymized, unless retention is required by law.
8.3. Qtech uses a security management system compliant with ISO 27001.

9. Data Subject Rights

  • Access: right to know if Qtech processes data and obtain a copy.

  • Rectification: right to request correction of inaccurate data.

  • Erasure: right to request deletion if no legal ground for retention.

  • Restriction: right to request temporary restriction of processing.

  • Portability: right to receive data in a structured format and transfer to another controller.

  • Objection: right to object to processing based on legitimate interests; Qtech will assess whether processing should continue.

  • Withdrawal of consent: right to withdraw consent at any time (without affecting prior processing).

  • Complaint: right to lodge a complaint with the Data State Inspectorate.

To exercise rights, contact: info@qticket.com or in person; Qtech may request identity verification.

10. Cookie Policy

10.1. Qticket uses both first-party (session and functionality) cookies and third-party cookies (Google reCAPTCHA for security, Google Analytics for statistics).
10.2. Functional and security cookies (e.g., authentication, reCAPTCHA) are set without consent, as they are essential.
10.3. Analytics cookies (Google Analytics) are set only with user consent; they help evaluate service use and improve the system.
10.4. Marketing cookies are not used.
10.5. Users can “Accept all,” “Reject,” or “Customize” cookies via the banner; consent can be withdrawn at any time.
10.6. More information on Google Analytics cookies can be found in Google’s privacy policies; Qtech is not responsible for third-party data processing.

11. Contact Information

Controller: SIA “Qtech”, Reg. No. 50203226351, Penkules iela 13, Riga, LV-1058.
Email for data protection matters: info@qticket.com
Requests may be submitted electronically (with e-signature) or in person at the Qtech office.

12. Validity and Amendments

12.1. The Policy is available at www.qticket.lv; Qtech reserves the right to update it in accordance with legal requirements.
12.2. For material changes, Qtech will inform users on the website and, where possible, individually.
12.3. Amendments take effect from the date of publication, unless specified otherwise; continued use of services constitutes acceptance of the updated Policy.
12.4. The Latvian version of the Policy is legally binding; translations into other languages are for informational purposes only.

Annex: Examples of Controllers’ Personal Data Processing Rules

No. Client Website Data Processing Rules
1. Liepāja City Municipality https://www.liepaja.lv/tiessaistes-pieraksts/ Information on personal data processing