EU Privacy Representatives

Privacy Notice


Effective: August 12, 2019

We hold your privacy in the highest regard.


You could even say “privacy” is our middle name.


This notice explains how EU Privacy Representatives, a service offered by Riga Tech Ventures SIA, Latvia registration number LV40103785826 (hereafter referred to as “EUPR,” “we,” “us,” or “our”), will collect and use the information you provide to us.  EUPR is a controller for the information provided to us.  This notice applies to personal data and personally identifiable information (collectively “Personal Data”) that we receive through our website, as well as by email, phone and mail.  Anonymous information that we may collect is not covered by this notice.


Data Collection


We will collect Personal Data when you inquire about or register for EUPR services.  If you are a data subject or representative of a government agency inquiring about an EUPR client, we will also collect Personal Data from you when you inquire about an EUPR client’s processing of personal data.  This information collected includes:

  1. Biographical information, such as your name;

  2. Contact information, such as your email address, phone number and mailing address;

  3. If you are a point of contact for a business, your professional title and position;

  4. Financial information, such as a credit card or bank account number, to complete payment for our services; and

  5. Any other information that would be considered Personal Data that is provided to us in the context of our services.  For example, a data subject contacting EUPR regarding one of our client’s services may explain the context for their inquiry by providing additional Personal Data.


Providing some or all of this information may be necessary for EUPR to fulfill its contractual or legal obligations to you.  For example, if you do not provide the information necessary for us to contact you, we could not effectively represent you.  If you are a data subject with an inquiry about an EUPR client, we similarly need your contact details to effectively respond and meet our legal obligations.

Our services may also collect Personal Data about you automatically when you interact with our services.  Our website contains technologies, such as cookies and pixels, which capture this information.  When you send us an email, your message contains metadata that includes additional information as well.  If you call us, the number from which you are calling and an associated name (Caller ID) may also be automatically provided.  The information collected through these methods is not all Personal Data, but some may be if it is reasonably linkable to you or your device.  The information automatically collected includes:

  1. Your device identifiers, such as your IP address (which may reveal your geographic location) and/or mobile advertising id;

  2. Details about your browser and device;

  3. Details about your interactions with our website (such as page views, length of visit), as well as the address of the website from which you navigated to our website (referrer);

  4. Cookies stored on your device or browser;

  5. Email header information (which includes your email address and may include your name), when you email us; and

  6. Automatically-provided telecommunications identifiers (which may include your phone number and/or name), when you call us.


Our website also utilizes third-party services to learn more about the persons who visit it, and which may reveal additional information about you.  This could include details about your demographics (such as age and gender), a general marketing classification (such as “technology enthusiast”), product interests, market segments and other details.  We would only receive this information if our third-party service can link your cookie or advertising identifier to these details.  Please see Cookies and Similar Technologies below to control whether this information is provided.

[back to menu]


Data Use and Purposes


We may use your Personal Data for the following purposes:


  1. Providing you with our services, including

    • evaluating your eligibility for our services;

    • maintaining necessary records;

    • communicating with you about our services;

    • billing; and

    • responding to inquiries by data subjects and/or government regulators;

  2. Responding to your questions and/or inquiries about our services, including sending you requested materials;

  3. Monitoring, evaluating, improving and/or personalizing our services and reviewing your use of them;

  4. Sending you promotional communications to tell you about our business, informing you about regulatory updates, and other related topics;

  5. Enforcing our legal rights, such as our contracts, copyrights, and trademarks;

  6. Maintaining the security of our services and otherwise protecting ourselves and our property;

  7. Managing our business, such as with respect to accounting, taxes, and other legal matters; and

  8. Ensuring that we comply with the law, including responding to valid government requests for information.

Notwithstanding anything to the contrary, we will never use (1) our customer’s GDPR Article 30 Records, or (2) inquiries from our customer’s data subjects or supervisory authorities, when they contact us as our customer’s representative, for any purpose other than the performance of our agreement with our customer.

If we may want to use your information for any other purpose, it will be specifically disclosed in our agreement and/or we will ask for your consent.


Under European Union law, the legal basis for the purposes listed above is one or more of the following:

  1. Data subject consent;

    • Data subjects may withdraw the consent they have provided at any time, however, this will not affect the lawfulness of the processing of their Personal Data based on consent received before such withdrawal.  To withdraw consent, please contact us or exercise this right in another context as provided to you (such as selecting to unsubscribe from promotional email messages).

  2. Necessity for the performance of a contract (such as the representation agreement between EUPR and its client);

  3. Necessity to comply with EUPR’s legal obligations (such as those under European law);

  4. Necessity to comply with the vital interests of a data subject or another natural person (such as responding to a data subject’s inquiry regarding an EUPR client);

  5. Necessity in the public interest or in the exercise of official authority vested in the controller (such as the authority of being an Article 27 Representative);

  6. Necessity in pursuit of the EUPR’s legitimate interests, except where the interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data.  The following legitimate interests could be invoked:

    • Fraud prevention;

    • Transfers of Personal Data to an EUPR affiliate for internal administrative purposes.


EUPR does not engage in automated decision-making regarding which clients to represent or processing inquiries regarding its clients.  Automated decision-making may occur with respect to the advertisements for our services that are displayed to you based on your interactions with EUPR, or if you may otherwise meet the criteria of a person who may be interested in EUPR services.  Please see Cookies and Similar Technologies below regarding how to control the display of such advertisements.

[back to menu]


Data Sharing and Recipients


We may share your Personal Data with the following persons or entities:


  1. Our vendors and service providers, including those involved in

    • The provision of our website, including analytics providers;

    • Collection and storage of registration and representation information;

    • Payment processing;

    • Communicating with you, such as through email and phone;

    • Providing EUPR with professional services, including consultants, accountants, and attorneys.

  2. Our affiliates, such as companies which share common ownership or control with EUPR;

  3. EUPR clients, to the extent that we send them communications from data subjects or government agencies, received on their behalf;

  4. Referral partners, such as

    • businesses which referred a client to EUPR so that we can confirm the purchase of our services and fulfill our contractual requirements (which may include paying them a commission), and

    • businesses to which we refer EUPR clients for additional services (and which may pay us a commission), with our client’s consent;

  5. Third-parties, such as government agencies or private litigants, if we receive a legally sufficient request compelling us to provide Personal Data;

  6. A new owner of EUPR, if we sell or transfer all or a portion of our business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change.  In the unlikely event of an insolvency, bankruptcy or receivership, Personal Data may also be transferred as a business asset, to the extent permitted by law.

[back to menu]


Data Transfers outside the EU/EEA


Some EUPR staff, service providers/vendors, clients, and other resources identified above as entities that may receive personal information, are based outside the European Union/European Economic Area (EU/EEA) and could receive Personal Data collected by us.  Such outside-EU/EEA transfers will generally be to entities based in the United States of America.


All such transfers of Personal Data will comply with applicable law to ensure appropriate safeguards for that information.  EUPR ensures appropriate safeguards through the use of standard data protection clauses (model clauses), where necessary and appropriate.  A current copy of standard data protection clauses is available from the European Commission’s website containing model contracts.  You may also contact EUPR with any further questions.

[back to menu]


Data Retention


EUPR will retain Personal Data only as long as it is necessary to fulfill the purposes for which it was collected.  For example:


  1. We will retain information about our existing customers while they are active customers, and for a reasonable period afterward, but no less than the statute of limitations for litigation based on contracts or while such services could be subject to government inquiry or enforcement action.

  2. We will retain information about our prospective customers so long as they have not requested that we delete their information.  We believe that these prospective customers may become active customers in the future unless we receive a deletion request, in which case we will delete their information as necessary by law; where permitted by law, we will retain a history of when we have communicated with prospective customers.

  3. We will retain information about data subjects and government agencies that contact us with inquiries about EUPR clients for so long as necessary to resolve their inquiry, and for a reasonable period afterward, but no less than the statute of limitations for litigation based on contracts or while such services could be subject to government inquiry or enforcement action.

[back to menu]


Data Subject Rights


European Union law provides for the following rights to all data subjects whose information is received by EUPR:


1. Access – subject to conditions, data subjects have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and certain other information.


2. Rectification – data subjects have the right to have inaccurate personal data concerning him or her rectified and/or completed.


3. Erasure – under certain circumstances, data subjects have the right to erasure of personal data concerning him or her.


4. Restriction/Objection – under certain circumstances, data subjects may restrict EUPR from further processing their information.


5. Data Portability – subject to conditions, data subjects have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.


As noted, the above rights are subject to additional conditions and circumstances, which are detailed in the European Union General Data Protection Regulation (see Articles 16-20).  Please contact us to exercise these rights.

[back to menu]


Cookies and Similar Technologies

Our website uses technologies such as cookies and pixels to analyze our visitors and to potentially provide you with interest-based advertisements.  On your first visit to this website you were presented with notice of the cookies used on this website and choices on which cookies to accept.  Please visit our Cookie Declaration to review the cookies used by our website and update your preferences.


[back to menu]


Interest Based Advertising

We work with advertisers and advertising networks to advertise our services, which may collect information from third-party sites, and display ads for our service on third-party sites.  Information about your visit is also collected on our website, and you may see ads for our service on third-party sites that you visit.

Our website uses various Google analytics and advertising products.  For more information on how they function and your choices, please visit:

For information about opt-ing out of interest-based advertising, please visit  If you see our ad on a social media platform, such as LinkedIn, you can also use the tools offered by that service to opt-out of seeing ads for our service in the future.

[back to menu]


Do-Not-Track Requests

EUPR’s website currently does not respond to Do Not Track (DNT) signals.  We will revaluate our position when an industry or legal standard for recognizing DNT signals is developed.  In the meantime, we welcome you exercising your choices through the other means listed provided in this section.

[back to menu]


Children’s Data

We do not knowingly collect any information from persons 16 years of age or younger, and this service is explicitly not intended for children.  If you believe we have received any information about children, please email us the details and we will investigate the matter and take reasonable steps to remove the information that may have been collected.

[back to menu]


Changes to this Privacy Notice


If we make material changes to this Privacy Notice, we will notify EUPR’s current clients at the email address with which they are registered at least 30 days prior to the effective date of the changed Privacy Notice.  Otherwise, visitors to our website will receive at least a one-time notification when the changed Privacy Notice is effective.

[back to menu]


Data Protection Authority Contact


If you have a complaint regarding the processing of personal data by EUPR, you may contact a data protection authority for resolution.  The local data protection for EUPR in Latvia may be contacted as follows:


Data State Inspectorate

Blaumaņa iela 11/13-15

Rīga, LV-1011

Phone: +371 67 22 31 31

Fax: +371 67 22 35 56



[back to menu]


EUPR - EU Privacy Representatives (SM)

a service of:

Riga Tech Ventures SIA (limited liability company)

Headquarters /  Hauptniederlassung

Matīsa iela 61A-18

Rīga, LV-1009, Latvia

Reg. No.: LV40103785826

Berlin Branch (dependent) /

unselbständige Zweigstelle Berlin

House A, 1st Floor

Edisonstraße 63

12459 Berlin, Germany

© 2020 Riga Tech Ventures SIA.  All Rights Reserved.