EUPR - EU Privacy Representatives (SM)

a service of:

Riga Tech Ventures SIA (limited liability company)

Headquarters /  Hauptniederlassung

Matīsa iela 61A-18

Rīga, LV-1009, Latvia

Reg. No.: LV40103785826

Berlin Branch (dependent) /

unselbständige Zweigstelle Berlin

House A, 1st Floor

Edisonstraße 63

12459 Berlin, Germany

© 2019 Riga Tech Ventures SIA.  All Rights Reserved.

overview

Our services provide a complete and compliant solution to Article 27 requirements:

  • Valid written agreement designating EUPR as our client's Article 27 representative​

  • Dedicated, auditable contact email address for all inquiries 

       (e.g., YourCo@euprivacyreps.com)

  • Prompt forwarding of all inquiries to client for resolution

  • Multi-lingual acknowledgments of data subject and regulator inquiries

    • We will receive and acknowledge inquiries in any EU language

  • Secure storage of our client's GDPR Article 30 data processing records

  • U.S. and E.U.-based customer service​​

eligibility criteria

We seek to accommodate all clients, though also holistically review each potential client's suitability for our services based on several factors such as the ones listed below.

Limitations on types of data processed:

We generally would not represent clients whose data processing includes:

  • Personal data relating to criminal convictions or offenses​, or

  • Personal data that may result in a risk to the rights and freedoms of natural persons.

We consider representation of companies processing "Special Categories of Data" (as defined below) on a case-by-case basis.  Given the sensitivities involved with these types of data, additional service fees may apply.

"Special Categories of Data" is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.​

Necessary to have Article 30 Records:

The European Data Protection Board has emphasized that we must keep our client's Article 30 records available and updated for inquiries.  As such, eligible clients must be able to provide these records.  See our post about Article 30 Records for more information about this requirement.  We can refer prospective clients to resources to help create these records if a client may not have them complete.

Source: EDPB, Guidelines 3/2018 on the territorial scope of the GDPR, page 23 (Nov. 2018)

Data subjects necessary in Germany or Latvia:

 

The European Data Protection Board has also noted that a representative must be established in one of the countries where the relevant data subjects are located.  As such, we can also only represent clients that would process data from persons in Germany or Latvia since those are the countries where EUPR is established.  Given that Germany is estimated to receive more Internet traffic than any other EU country, it is very likely that you have some data subjects in, at least, Germany and this should not be a concern.  If per chance you may need representation in another country, please contact us to discuss as we are continuously considering expanding the EU countries where we are established.

Please also see our post on Why Your Representative's Location Matters for further details on this topic.

 

Source: EDPB, Guidelines 3/2018 on the territorial scope of the GDPR, page 22 (Nov. 2018)

representation process

  • Request and complete our Registration Questionnaire

  • Assuming eligibility criteria are met, we provide our Representation Agreement

  • Client signs Representation Agreement and submits payment

  • We receive our client's GDPR Article 30-compliant records

  • Client updates their privacy notice and any other materials listing EUPR as their Representative