Privacy Policy

1. Introduction

SIA Graudu Enerģija, Reg. No.: LV40203347812, hereinafter referred to as the Controller, performs on the website, hereinafter referred to as the Website, the processing of the personal data obtained from the data subject – the user of the Website, hereinafter referred to as the User. The Controller cares for privacy of the User and protection of personal data, respects the User’s right to the lawfulness of personal data processing in accordance with the applicable legal enactments – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and such data free circulation, hereinafter referred to as the Regulation, and other applicable legal enactments in the field of privacy and data processing. Taking into account the mentioned, the Controller has developed this privacy policy for the purpose of providing the User with the information provided for in the Regulation.

The privacy policy applies to data processing regardless of the form and/or environment in which the User provides the personal data (on the Website, in paper format, in person or by phone). The Controller reserves the right to change these regulations at any time.

The website visitor is obliged to independently check the content of the Website in order to familiarise himself or herself with the changes in the regulations.

2. Identity and contact information of the controller

Controller: SIA "Graudu Enerģija"

Reg. No.: LV40203347812

Address of the controller: Skaņkalnes iela 2B, Skaņkalne, LV-4215



Phone: +371 26 847 848

3. Purposes of personal data processing, as well as the legal basis for processing

If the User submits his or her personal data to the Controller by phone, using the Website’s contact forms, e-mail or other type of mail, we save and use this information to perform or conclude a respective service provision contract, including to identify the customer; to prepare and conclude the contract; to provide the services (perform the contractual obligations); to serve the customers; to consider and process the objections; to increase loyalty of customers; to administer payments and settlements; to recover and collect debts; to prove facts, to maintain the website and improve operation; to plan and analyse business; for planning and accounting. We will also process these data to provide information to state administration authorities and subjects of operational activity in cases and to the extent specified in external regulatory enactments. The legal basis for processing of data is the conclusion and performance of the contract, the compliance with the regulatory enactments, in accordance with the consent of the Customer – the data subject, our legal (legitimate) interests (for example, to verify the identity of the Customer before concluding the contract; to ensure the performance of the contractual obligations; to analyse the operation of the website applications, to ensure the efficiency of service provision, etc.

4. Categories of personal data

Categories of personal data – name, surname, personal ID No., e-mail or postal address, IP address, phone number, message or letter content, etc.

5. Categories of personal data recipients

The data are disclosed to those employees of the Controller who need them for the performance of their direct duties in order to perform or conclude a respective service provision contract. When obtaining and using personal data, we partly use the services of external service providers who, in accordance with the contract, strictly follow our instructions and whom we constantly control before using the service and also in the future.

6. Categories of data subjects

Categories of data subjects – current, former and potential customers of the Controller, as well as other persons who express a desire to communicate with the Controller.

7. Transfer of data outside of Latvia

The received data are not planned to be transferred outside of Latvia, the European Union or the European Economic Area, nor will they be transferred to any international organisation. Simultaneously, taking into account that the Website is connected to Google and Facebook services, the Controller cannot guarantee that the mentioned companies will not transfer the data outside the European Union or the European Economic Area.

8. Data storage duration

We process and store the User’s personal data as long as any of the parties has a legal obligation to store the data.

After the aforementioned circumstances cease, and unless otherwise stated in the data protection instructions, we delete personal data no later than three months after the original reason for saving the data no longer applies, except in cases where we are legally obliged to continue to save these data (for example, but not limited to, the needs of accounting or legal proceedings).

9. Data subject’s access to personal data

The Data subject has the right to receive access to the data subject’s personal data within one month from the date of submission of the respective request.

The User can submit a request for the exercise of his or her right in writing in person, at the Controller’s registered office (presenting a personal identity document), by mail or in form of an e-mail, signing with a secure electronic signature;

Upon receiving the User’s request for the exercise of his or her rights, the Controller verifies the User’s identity, evaluates the request and fulfils it in accordance with the regulatory enactments. The User has the right to receive the information provided for in the regulatory enactments in relation to the processing of his or her data, the right to request access to his or her personal data, as well as to request the Controller to supplement, correct or delete them, limit the processing or the right to object to the processing, as long as these rights do not conflict with the purpose of data processing (conclusion or performance of contracts).

The Data Subject does not have the right to receive information if this information is prohibited to be disclosed in accordance with the law in the field of national security, state defence, public safety, criminal law, as well as for the purpose of ensuring the national financial interests in tax matters or the supervision and macroeconomic analysis of financial market participants.

10. Processing of cookies

The Website collects data about the Website visitors, thus enabling the Website maintainer to evaluate how useful the Website is and how it could be improved. The Controller constantly improves the Website for the purpose of improving its use, therefore the Controller needs to know what information is important to the Website visitors, how often they visit this Website, what devices and browsers they use, what region the visitors come from, and what content they like to read the most. The Controller uses the Google Analytics system, which allows the Controller to analyse how visitors use the Website. You can find out how the basic principles of Google Analytics work on the Google website The Controller uses the collected data in its legal interests to improve the understanding of the needs of the Website visitors and the accessibility of the information published by the Controller. The visitor can opt-out of data collection by Google Analytics at any time, as described here:

The server hosting the Website can register the requests sent by the visitor (used device, browser, IP address, date and time of access). The data mentioned in this paragraph are used for technical purposes: to ensure the proper functioning and security of the Website and to investigate possible security incidents. The basis for collecting the data mentioned in this paragraph is the Controller’s legal interest in ensuring the technical accessibility and integrity of the Website.

Cookies are small files, which, each time a visitor visits the Website, are saved by the browser on the visitor’s computer in the amount specified in the browser settings of the visitor’s computer. Individual cookies are used to select and apply the information and advertisements offered to the visitor, based on the content that the visitor has viewed previously, and thus make the use of the Website simple, convenient and individually adapted for visitors. Additional information about cookies, as well as their deletion and management, can be obtained on the website

The Website uses cookies to collect the user’s IP addresses and browsing information and to allow the Website to remember the visitor’s choices. Cookies allow the Controller to follow the data flow of the Website and user interaction with the Website – the Controller uses these data to analyse visitors’ behaviour and improve the Website. The legal basis for the use of cookies is the Controller’s legitimate interest in ensuring the functionality, accessibility and integrity of the Website.

The visitor can control and/or delete cookies according to his or her choice. More information about this process is available here: The visitor can delete all cookies which are on his or her computer, and most browsers can be set to block the placement of cookies on the computer. The visitor can refuse cookies in the browser menu or on To make the necessary settings, the visitor needs to familiarise himself or herself with the terms of his or her browser. If cookies are blocked, the visitor will have to manually adjust the settings each time the Website is visited, and there is a possibility that some services and functions will not work.

Statistical data on the Website visitors can only be accessed by the Controller’s employees who are responsible for analysing such data.

Unless otherwise specified, cookies are stored until the activity for which they were collected is performed, and then are deleted.

In case where the possibility of a forum or comments is provided on the Website of the Controller, the IP address, as well as data specified by the visitor himself or herself are stored on the Website. Cookies containing these data can be stored for one year for your convenience (so that you don’t have to write again the next time).

11. Third-party websites

We may cooperate with any third parties which are authorised to place third-party cookies on our websites or in our services, applications and tools with your consent. These service providers enable us to provide you with a better, faster and more secure website use experience. Please note that third-party cookies are subject to third-party privacy policies, therefore we do not assume any responsibility for those privacy policies.

The "Facebook pixel" tool is installed on the Website. The purpose of using this tool is to tailor the content and advertisements to Facebook users. To find out more about Facebook’s privacy policy, click here: You can also change your advertising settings in your Facebook profile.

12. Right to submit complaint to the supervisory authority

The Data Subject has the right to submit a complaint to the supervisory authority (Data State Inspectorate). Documents are accepted by the Data State Inspectorate using mail, electronic mail (documents signed with a secure electronic signature), as well as they can be left at Blaumaņa iela 11/13, Riga, 1st floor mailbox. The Data State Inspectorate accepts electronic mails sent to the address

13. Validity of the Privacy Policy

We reserve the right to change and supplement the content of this privacy policy from time to time to clarify the description of how we process your data. Taking the mentioned into account, we invite you to regularly review this privacy policy so that you are informed about the processing of your personal data on the Website.