Privacy policy

About us

Controller: SIA “NESS”, single registration No. 40103240056 (hereinafter referred to as ‘NESS’).

The use of the words ‘you’, ‘your’ or similar expressions in this Privacy Policy shall mean any visitor of (hereinafter referred to as the ‘website’). Terms such as ‘we’, ‘our’ or similar expressions shall mean NESS.

This Privacy Policy explains the way NESS processes personal data, the procedures for exercising the rights of a data subject, and matters related to the protection of personal data. The NESS Privacy Policy concerns the processing of personal data carried out by NESS on the website and in connection with ensuring the operation of the said website.

In processing personal data, NESS observes the requirements of General Data Protection Regulation No. 2016/679 and the Personal Data Protection Law, as well as other laws and regulations in force in Latvia.

Your privacy

Our goal is to clearly and understandably inform you about the ways, extent and reasons we use your personal information, and to make you feel safe when disclosing your personal data to us. Personal data is any information that can be used to identify an individual.

We implement appropriate measures to ensure that your personal data is always safe with us and that the processing of your personal data is carried out in accordance with applicable data protection laws and regulations, our internal policies and procedures. We have also appointed a data protection specialist whose task is to monitor the observance of requirements and procedures laid down in personal data protection regulations.

We protect your personal information and confidentiality in everything we do. This Policy makes you aware of what data we can receive from you, how we will use them, as well as of your rights and how to contact us.

We keep up to date with data protection and privacy matters; therefore, this Privacy Policy can be amended or supplemented at any time. The updated Privacy Policy shall be published on this website. Any version of the Privacy Policy published on this website replaces all previous versions of the Privacy Policy and comes into force immediately after its publication.

What categories of personal data we collect and why?


Cookies are small text files that are created and stored on your device (computer, tablet, mobile phone, etc.), as an internet user when you visit our website. Cookies ‘remember’ your experience and principal information and, thus, improve the convenience of using a website.

When cookies are used, the history data of the website is processed, issues and shortcomings in the operation of the website are diagnosed, statistics on user habits are collected, and full, convenient use of the website’s functionality is ensured.

More information about the processing of cookies can be found in our Cookies Processing Terms and Conditions available here.

Direct marketing, advertising and information materials

After receiving your consent, we inform you about various news and topics related to our services and operations. If you wish to receive our news, you have to specify that on our website or by subscribing in any other way offered.

Categories of personal data Legal grounds
  • Personal information (name, surname)
  • Contact information (e-mail address, mobile phone number)
Your consent

Data provided by you when contacting us

When you contact us (inter alia, when filling out and using the contact forms available on the website) or when we need to inform you to reply to your request, process your application or, in cases stipulated by applicable laws and regulations, to contact you, we may identify and contact you by using the available contact information (phone number, e-mail address, postal address), request additional identification information needed for adequate privacy protection or performance of our obligations, as well as to notify our business partners or to be able to respond better to your wishes or improve our products and services. We may keep our correspondence and your requests to serve our legitimate interests (to ensure due customer support, ensure efficient corporate management processes, ensure and improve the quality of services, protect the interests of NESS during the period for filing claims or complaints, among other reasons) as well as for the purpose of entering into an agreement or taking measures needed to enter into an agreement at your initiative.

To ensure greater protection of data and carry out data minimisation, it is necessary to specify only your name, phone number and e-mail address, as well as the topic of interest in the contact form available on the website. We encourage you to specify work contacts in the contact form.

Categories of personal data Legal grounds
  • Personal information (name, surname)
  • Other identifying information
  • Contact information (residence address, e-mail address or mobile phone number)
To fulfil legal obligations stipulated in the applicable laws and regulations

Our legitimate interest in carrying out business activities, ensuring due customer support, ensuring efficient corporate management processes, ensuring and improving the quality of services, protecting our interests during the period for filing claims or complaints

Entering into an agreement or activities for entering into an agreement

Investigation and prevention of illegal activities aimed against us

To detect and prevent illegal activities against NESS (i.e., to investigate and eliminate violations, protect and improve our IT systems, prevent attacks and intrusions or unauthorised website modification or hindering access to the website, prevent spamming, phishing or other prohibited activities), we may collect and process data available to us in order to, among other things, transfer them to law enforcement authorities or institutions responsible for the prevention of information technology security incidents.

Categories of personal data Legal grounds
– Data generated by a user, history of visits, data related to used devices and their settings, e.g. language, time zone, operating system and platform, IP and MAC addresses, browser settings, other information about the use of the website and NESS digital services, other identifying information. Our legitimate interest in preventing the misuse of our services or disruption of service provision or investigating and preventing criminal offences that can be committed against the company.

To fulfil legal obligations stipulated in the applicable laws and regulations.

What sources do we use to obtain personal data, how accurate are they?

We receive personal data from you. We summarise the information that we receive when you visit and use the website, providing us data (including the data provided to us prior to receiving our services or filling out information fields on the website), as well as data provided by you when contacting us. We may receive data from service providers that ensures the website operation, provides services relating to the statistics of actions, attack prevention, safety and intrusion protection services, among others.

If your data provided to us has changed (e.g. contact details for the receipt of news) you have to immediately inform us about these changes by correcting incorrect or inaccurate data.

When do we process data on behalf of other persons?

Our clients are mostly economic operators (other legal entities) and, within the framework of the provided services, our clients as data controllers assign us as processors to carry out activities that also include the processing of personal data. In such cases, our clients determine the objectives and means of personal data processing, whereas we carry it out on behalf and on the orders of clients. The sources of obtaining data in such cases depend on the controller and the type of the provided service. In instances where we process personal data on behalf of a client in providing services, we encourage you to address questions concerning data processing primarily to the respective data controller who will be able to provide more accurate and exhaustive answers to all other questions concerning the processing of personal data. Of course, we will help you in communication regarding the processing of such data as far as possible.

Who will be provided with your personal data?

Service providers and business partners

To perform our obligations to you, ensure the operation of the website and the provision of services by NESS, we transfer your personal data to companies and institutions that provide us services, e.g. those relating to the maintenance of the website and activities or sending direct marketing messages.

We and our business partners who ensure the operation of the website, summarise and analyse your activities on the website process and receive your cookies.

We make reasonable efforts to check all service providers that process your personal data on our behalf and by our order. We evaluate whether business partners (personal data processors) take relevant safety measures for the processing of your personal data to be compliant with our tasks, instructions and provisions of regulations. These companies have no right to use your personal data for any other objectives (purposes).

Law enforcement authorities, governmental and local government institutions

To perform the duties stipulated in laws and regulations, we may transfer your personal data to law enforcement authorities (e.g. the police), governmental and local government institutions upon their request. We may transfer your personal data to law enforcement authorities (e.g. the courts) as well as governmental and local government institutions, legal service providers, also to protect our legitimate interests, when making, filing and defending our claims, complaints and applications.

Transfer of personal data outside the European Union and European Economic Area (EU/EEA)

We always make our best efforts to process your personal data in the territory of the European Union and European Economic Area (EU/EEA).

Personal data may be transferred and processed outside the EU/EEA if there are legal grounds and relevant safety measures are taken to ensure the reasonable safety of personal data processing, depending on the nature of processing and provisions of applicable laws and regulations.

How long is your personal data kept?

All personal data obtained from you is kept while you use our services or while you have not withdrawn your consent if your personal data is processed based on this consent. Personal data may be kept for a longer period to meet requirements stipulated by laws on the minimum term for storing documents or information or to protect our legitimate interests.

After this period has expired, we will securely delete your personal data or make it unavailable (archiving) or unidentifiable so that it cannot be related to you.

We reserve the right to delete or irreversibly anonymise your data if the legal grounds for its use no longer exists, or it is not needed for the further provision of services.

We receive an electronic notification from the online contact form to be kept and processed as soon as possible in the course of communication with a relevant person (but not more than 15 days), whereafter the data sent in the contact form is deleted. This data is not further processed unless there are other legal grounds for such processing (e.g. for entering into an agreement, provision of services, etc.).

You are responsible for keeping and deleting the data kept in your end device (you are expected to use relevant browser settings for clearing the cache memory and cookies). Google Analytics settings provide that this tool keeps the obtained data for no more than 26 months.

How do we protect your personal data?

We ensure, constantly review and improve safety measures to protect your personal data from unauthorised access, accidental loss, disclosure or deletion. To do so, we use modern technologies, technical and organisational requirements, such as using firewalls, intrusion detection, analysis software and data encryption.

However, we recommend you meet general requirements for the use of computers and the Internet, as well as requirements for the protection and storage of your private data, and we do not assume any responsibility for unauthorised access to your personal data and/or data loss if this happens through your fault or results from your negligence.

What are your rights?

As a data subject, you have general rights stipulated by the General Data Protection Regulation and other applicable laws and regulations, including the following:

Access to personal data

You have the right to request our confirmation that we process personal data related to you and, in such cases, request access to the personal data or information about personal data if direct access is not stipulated.

Amendment of personal data

If you believe that the information about you is incorrect or incomplete, you have the right to request that we amend or supplement the information.

Withdrawal of consent

As long as we process your personal data based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent shall not affect the legality of processing based on the consent provided before the withdrawal, as well as in instances where data is processed based on other legal grounds.

Objection to data processing for the purpose of sending addressed information

You have the right to object to the processing of your personal data for the purpose of direct marketing or the sending of addressed information.

Objection to the processing based on legitimate interests

You have the right to object to the processing of personal data processed based on our legitimate interests; however, we shall continue processing your data even if you object to such processing if we have reasonable grounds for continuing your personal data processing. To exercise the aforementioned rights, please send us your written application.


In certain circumstances, you have the right to demand that we delete your personal data, however, this does not apply when laws or regulations stipulate that we keep the data. To exercise the aforementioned rights, please send us your written application.

Processing restriction

In certain circumstances, you have the right to demand that we delete your personal data, however, this does not apply when laws or regulations stipulate that we keep the data. To exercise the aforementioned rights, please send us your written application.

Data transfer

You have the right to receive or transfer your personal data further to a different data controller. This right applies solely to the data that you have provided to us based on your consent or agreement, as well as if processing is carried out in an automated way. To exercise the aforementioned rights, please send us your written application.

What law governs the website operation?

The website operation as well as all relations between you and NESS are governed by the laws and regulations of the Republic of Latvia, as well as applicable regulations of the European Union.

Who governs the processing of data on other websites to which links are provided?

The NESS website may feature links to third-party websites (home pages) that have their own use and personal data protection terms and conditions, wherefor NESS bears no liability.

Whom can I contact in case of questions?

If you have any questions, comments or requests related to the Privacy Policy or the processing of your personal data, please contact NESS.

If you are not satisfied with the answer received, you have the right to file a complaint to the supervisory institution — the Data State Inspectorate (

Contact details of the Controller and the data protection specialist

To contact us, please write to [email protected] or:

SIA “NESS”, Dzirnavu iela 37-62, Riga, LV-1010, phone: (+371) 67 274 479.

Contact details of the data protection specialist — e-mail: [email protected].