Last reviewed: 26 January 2026

SIA IMK 365 (the “Company”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose, and store personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national law.

1. Data Controller

SIA IMK 365 Reg. no.: 40203196483

Address: Blaumaņa iela 5A – 3, Riga, LV-1011

Contact for data protection matters: legal@imk365.com

2. Scope

This Privacy Policy applies to:

  • Contractors, suppliers, business partners, and their representatives, employees, and beneficial owners;
  • Individuals who contact us with inquiries, requests, or other communications;
  • Individuals who submit CVs, job applications, or other recruitment-related information;
  • Website visitors;
  • Internal processing related to customer due diligence (CDD), know-your-customer (KYC), and compliance with partner or risk management obligations.

3. Categories of Personal Data and Sources

Depending on the relationship and processing purpose, SIA IMK 365 may process:

  • Identification and contact data: Name, surname, position, business address, e-mail, phone number.
  • Verification data: Identification and verification data of beneficial owners, as well as self-declared regulatory or high-risk status information, including PEP declarations, collectedvoluntarily for risk management and compliance purposes;
  • Business correspondence and communication data: inquiries, requests, e-mails, letters,and other messages;
  • Compliance data: Regulatory compliance and risk management data, including data processed for internal CDD/KYC procedures or as required by contractual obligations with partners.
  • Contractual and operational data: Contractual and operational data obtained during contractual relationships, including bank account details, payment information, license or authorization data, and technical identification (such as IP addresses of operators), processed for contract performance, compliance, internal CDD/KYC, and risk management purposes.

Sources of data: Sources of data: data may be collected directly from the individual, from contractors or partners, from publicly available sources, or from partner-provided information.

4. Website Use and Cookies

Our website uses strictly necessary cookies to ensure proper functionality and security. These
cookies do not process personal data and include:

  • Technical cookies required for system operation;
  • Security cookies to detect misuse or attacks;
  • Load-balancing session cookies for website performance.
  • Contact form submissions are sent directly to our company email and does not use
    cookies.
  • License certificate digital seal in the footer displayed as a digital image and does not use
    cookies.
  • Our website includes embedded content from third parties, such as Google Maps, which
    may set cookies or process data outside our control. By using these features, users
    consent to their processing.

The use of strictly necessary cookies do not require user consent. Disabling cookies may affect
website functionality.

5. Purposes and Legal Bases for Processing

5.1 Contractual and Pre-Contractual Purposes

Legal basis: Article 6(1)(b) GDPR

  • Managing steps before entering contracts;
  • Concluding, performing, and terminating contracts;
  • Preparing offers, agreements, and related documentation.

5.2 Compliance with Legal Obligations

Legal basis: Article 6(1)(c) GDPR

  • Obligations under tax, accounting, and reporting laws;
  • Obligations arising from official requests from courts, supervisory authorities, or law
    enforcement institutions.

5.3 Customer Due Diligence (CDD) and Risk Management

Legal basis: Article 6(1)(f) GDPR

  • Processing data for internal CDD/KYC and risk management;
  • Collecting self-declared information about regulatory status, including PEP declarations;
  • Maintaining records for contractual or business risk purposes.

5.4 Legitimate Interests

Legal basis: Article 6(1)(f) GDPR

  • Protecting the Company’s legal rights and business interests;
  • Performing internal risk and compliance checks;
  • Ensuring operational and business security.

5.5 Consent

Legal basis: Article 6(1)(a) GDPR

  • Where personal data is voluntarily provided for communications (inquiries, requests, or
    messages);
  • Consent can be withdrawn at any time.

6. Disclosure of Personal Data

Personal data is only disclosed where necessary for the purposes listed above, including:

  • IT, hosting, security, and other service providers;
  • Banks, auditors, legal advisors, and professional consultants;
  • State and municipal authorities, institutions, courts, where required by law.

All recipients are bound by contractual or legal obligations to ensure confidentiality, security, and
GDPR compliance.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data,
including:

  • Access controls and permission basis;
  • Physical and IT security measures;
  • Encryption and anonymization where applicable;
  • Internal policies and procedures for handling, storing, and processing personal data.

8. Data Retention

We retain personal data only as long as necessary:

  • For the purpose it was collected;
  • Contracts and business records are retained for the period necessary to enforce
    contractual rights and obligations and for up to 10 years and thereafter;
  • Accounting and tax records are retained for at least 7 years, in accordance with Latvian
    accounting and tax laws;
  • Personal data of job applicants is retained for up to 6 months after completion of the
    recruitment process;
  • To establish, exercise, or defend legal claims.

Data is deleted or anonymized once the purpose expires and obligations are settled.

9. International Transfers

We generally do not transfer personal data outside the EU/EEA.
If transfers are necessary, they will be secured with appropriate safeguards and GDPR-compliant
mechanisms.

10. Data Subject Rights

You have the following rights under GDPR:

  • Access to your personal data;
  • Correction of any inaccurate or incomplete personal data;
  • Have your personal data deleted, if you are entitled to it;
  • Restriction of processing;
  • Receive a copy of your personal data in a commonly used format, if you are entitled to it;
  • Objection to processing your personal data when we rely on our legitimate interests;
  • File a complaint with the data protection authority if you think your rights are violated.

We do not carry out profiling or automated decision-making.

11. Exercising Your Rights

Submit requests in writing to: legal@imk365.com
We respond within 30 calendar days, with possible extension for complex requests as allowed by
law.

12. Supervisory Authority

Data State Inspectorate of Latvia
Elijas street 17, Riga, LV-1050, Latvia
Phone: +371 67223131
Email: pasts@dvi.gov.lv
Website: www.dvi.gov.lv

13. Changes to this Privacy Policy

This Privacy Policy may be updated periodically.