Skip to main content

Statement of the State Agency of Medicines regarding processing of personal data

About us

State Agency of Medicines (hereinafter – Agency)
Registration number: 90001836181,
Address: Jersikas Street 15, Riga, LV-1003.

Our operational objective is to ensure qualitative and justified services related to evaluation of medicinal products, procurement and storage centres of human blood, tissues, cells and organs, as well as pharmaceutical activity companies according to the state and public interests in the field of healthcare.

 

We value your privacy and trust

Our objective is to inform you as clearly and transparently on how and why we use your personal information.

Our aim is to make you feel safe when disclosing your personal data to us. Personal data is any information that may be used to identify an individual person.

We take appropriate measures to ensure that your personal data are always safe with us and that processing of your personal data is done in accordance with the current data protection laws, our internal policies, guidelines and procedures. We have also appointed a data protection specialist whose task is to supervise compliance with the requirements of data protection regulations, guidelines and procedures.

We protect your personal information and maintain confidentiality in everything we do. This policy allows you to know what data we may obtain from you, how are we going to use this data and provide information regarding your rights and how we may contact you. All of the changes (if any) in Agency’s privacy policy will be published in this document and will be available to you on Agency’s website zva.gov.lv.

 

What type of personal data do we collect and why?

a)    Provision of services

We process your personal data in order to ensure that you receive our services. If you do not provide the personal data required for provision of services, you will not be able to receive our services.

By using our services, you verify that the personal data you have submitted is precise and accurate. We will not be able to guarantee provision of services, if you do not submit precise data.

Categories of personal data   

 Legal basis
Personal information (name, surname)
Contact information (address; e-mail address)
Account number  
Provision of service and assurance of responsibilities un functions delegated to the Agency
Phone number   Your consent
Health information  Assurance of responsibilities un functions delegated to the Agency
Type of personal identification document (passport or identification card)   Legal responsibility to identify persons

b)    Video surveillance

We perform video surveillance and process your personal data when you visit our place of service (Jersikas Street 15, Riga) for the purposes of your personal safety and the safety of our employees. clients and property. Video surveillance is performed in accordance with strict safety and privacy regulations using modern technologies and equipment. Video surveillance records are stored in our systems for 30 calendar days.

Category of personal data  

Legal basis
Biometrical data (facial image)  Our legal interest and protection of vital interests, including life and health

c)    Informative materials

With your consent we inform you regarding news and updates published in the “News” section on Agency’s website.

Category of personal data Legal basis
Contact information (e-mail address)   Your consent

d)    Cookies

Cookies are small text files that are created and saved on the device of the internet user (computer, tablet, mobile phone, etc.) when the user visits our website. Cookies “remember” your experience and basic information, thus, increasing the convenience of browsing our website.

Cookies allow processing of website browsing history data, diagnosing problems and deficiencies in site operation, collecting user behaviour statistics, as well as ensuring complete and convenient use of site functionality.

If you do not want to allow cookie use, you may stop it by changing the settings of your internet browser. However, in this case there might be disruptions or difficulties in using our website. You may delete cookies in the settings of your internet browser by deleting cookie history.

See our cookie policy here.

Category of personal data    Legal basis

Website user behaviour statistics  

 Your consent by using browser configuration

Personal data received by the Agency are processed by:

  • Keeping accounting records (both electronically and manually)
  • Keeping personal records (both electronically and manually)
  • Evaluating applications for personnel selection (both electronically and manually)
  • Keeping records of received and sent documents (both electronically and manually)
  • Archiving received and sent documents (both electronically and manually)
  • Keeping records of marketing authorisation holders and their authorised representatives (both electronically and manually)
  • Keeping records of persons conducting clinical trials with medicinal products and their authorised representatives (both electronically and manually)
  • Keeping records of precursor operator registration cards and special permits (licences) for work with precursors (both electronically and manually)
  • Keeping records of permits for use of herbs, substances and medicinal products included in the list I, II and III of narcotic substances, psychotropic substances and precursors controlled in Latvia in medical and veterinary medical scientific studies, testing of physical and chemical properties and for training (both electronically and manually)
  • Keeping records of data of pharmacies, medicinal product wholesalers, manufacturing companies and brokers for issuance, renewal, suspension and annulment of special permits (licences) (both electronically and manually)
  • Keeping records of manufacturers of class I, in vitro diagnostic and custom manufactured medical devices, as well as collectors of device (with CE marking) systems or procedure packs with business operation registered in the Republic of Latvia (both electronically and manually)
  • Keeping records of persons conducting clinical trials with medical devices and their monitoring (both electronically and manually)
  • Keeping records of marketing authorisation holders of medical devices and their authorised representatives, medical device manufacturers or their authorised representative, wholesalers of medicinal products or medical devices, or their authorised representative (both electronically and manually)
  • Keeping records of authorised representatives of centres for procurement, testing, processing, storage and distribution of human blood and blood components (both electronically and manually)
  • Keeping records of authorised representatives of centres for procurement, utilisation and storage of human tissues, cells, organs (both electronically and manually)

As well as by ensuring:

  • Receipt, evaluation, processing, storage of suspected adverse drug reaction reports submitted by patients, healthcare professionals un exchange of the data included in the reports with marketing authorisation holders, healthcare specialists and other EEA countries as part of pharmacovigilance (both electronically and manually)
  • Receipt, processing, storage of reports on suspected adverse reactions with medical devices submitted by patients, healthcare professionals un exchange of the data included in the reports with manufacturers, distributors of medical devices, healthcare specialists and other EEA countries as part of medical device vigilance
  • Receipt, processing, storage of healthcare specialist reports on serious adverse reactions or adverse events observed in donors or persons receiving blood or blood components (recipients) and exchange of data included in the reports with healthcare professionals and other EEA countries as part of haemovigilance (both electronically and manually)
  • Receipt, processing, storage of healthcare specialist reports on suspected serious adverse reactions and suspected serious adverse events, as well as reports on serious adverse reactions and serious adverse events related to procurement, testing, processing, storage and distribution of tissues and cells or their use in humans and exchange of data included in the reports with healthcare professionals and other EEA countries as part of biovigilance (both electronically and manually)
  • Receipt, processing, storage of healthcare specialist reports on suspected serious adverse reactions and suspected serious adverse events related to any stage of use of human organs from donation until transplantation and exchange of data included in the reports with healthcare professionals and other EEA countries as part of biovigilance (both electronically and manually)
  • Collection, analysis, evaluation, processing and storage of information and data submitted by merchants in accordance with normative acts and not mentioned above
  • Processing of data gathered by video surveillance (electronically)

 

From what sources do we receive personal data?

We collect the personal data you submit prior to receiving our services when you visit our place of service (video surveillance) and website, and we also receive personal data from companies and institutions that provide services to us or are involved in the provision of the service you have selected, for example, information centre of the Ministry of Internal Affairs, Enterprise Register, State Revenue Service, Health Inspectorate.

 

To whom do we disclose your personal data?

a)    Providers of services and collaboration partners

Data processing regulations for providers of technical support for Agency’s operation and functions are regulated by a mutual agreement.

In order to fulfil our commitments and obligations stipulated by normative acts, we disclose your personal data to companies and institutions that provide services to us or are involved in the provision of the service you have selected, for example, Ministry of Health, Health Inspectorate, information centre of the Ministry of Internal Affairs, Ministry of Finance, State Revenue Service, State Audit Office, State Employment Agency, Procurement Monitoring Bureau, Enterprise Register, Ministry of Environmental Protection and Regional Development, State Regional Development Agency, National Archives of Latvia, etc.

We carefully review all service providers that process your data upon our request. We assess whether collaboration partners (that process personal data) take appropriate security measures to ensure that processing of personal data is compliant with our tasks, instructions and requirements of normative acts. These companies are not entitled to use your personal data for any other purpose except to provide services to us and in accordance with the requirements of normative acts.

b)    Law enforcement institutions, state and municipal government institutions

In order to fulfil the obligations stipulated by normative acts we may disclose your personal data to law enforcement institutions (for example, the police), state and municipal government institutions upon their request. We may also disclose your personal data to law enforcement institutions (for example, to the court), state and municipal government institutions in order to protect our legal interests by preparing, submitting and defending claims, complaints and applications.

 

Transfer of personal data outside of the European Union and the European Economic Area (EU/EEA)

We always try to process your personal data within the territory of the European Union and European Economic Area (EU/EEA).

Personal data may be transferred and processed outside of the EU/EEA if there is legal justification, that is, in order to fulfil legal obligations, sign or fulfil contract, or with your consent and with the appropriate safety measures taken.

 

How long is your personal data stored?

All of the personal data received from you is stored as long as you use our services or until you revoke your consent, if your data is being processed based on your consent.

Personal data may be stored for longer in order to meet the requirements of normative acts regarding minimum terms for storage of documents and information or in order to protect our legal interests.

After this period has elapsed we will securely delete or archive your personal data. We retain the right to delete or irreversibly anonymise your data if the legal basis for its use no longer exists or it is no longer required for further provision of services.

We shall not be responsible for storage and deleting of data located in your end device (use the appropriate settings in your internet browser software to delete cache and cookies).

 

How do we protect your personal data?

We ensure and continuously review and improve protective measures with the aim of protecting your personal data from unauthorised access, unintentional loss, disclosure or destruction. In order to ensure this, we use modern technologies, technical and organisational requirements, including firewalls, intrusion detection, analysis software and data encryption.

However, we recommend you to follow general computer and internet security rules, as well as the protection and storage requirements for your private data and we shall not be responsible for unauthorised access to your personal data and/or loss of data caused by your fault or negligence.

 

What are your rights?

As a data subject you have general rights stipulated by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and other normative acts including the following:

a)    Access to personal data

You have the right to request a verification from us whether we process your personal data and in such cases request access to this personal data or information regarding personal data if direct access is not provided for.

b)    Correction of personal data

You have the right to request us to correct or supplement the information if you consider that it is inaccurate or incomplete.

c)    Withdrawal of consent

As far as we process your personal data based on your consent, you have the right to withdraw your consent to processing of personal data at any time. Withdrawal of consent does not affect the legality of processing of personal data based on consent provided prior to withdrawal, as well as processing of personal data on a different legal basis.

d)    Objection to processing based on legal interests

You have the right to object to processing of personal data the we process based on our legal interests. However, we shall continue to process your data even in case you object, if we have justified reasons to continue to process your data. In order to invoke the aforementioned right, please submit a written application to us or our data protection specialist.

e)    Deletion

In certain circumstances you have the right to request us to delete your personal data. However, it is not applicable to cases where data storage is stipulated by normative acts. In order to invoke the aforementioned right, please submit a written application to us or our data protection specialist.

f)    Limitations to processing

In certain circumstances you have the right to limit processing of your personal data. Please note that if you request limiting the processing of your personal data, it may affect your ability to receive our services. In order to invoke the aforementioned right, please submit a written application to us or our data protection specialist.

 

Which legal acts regulate operation of our website?

Operation of the website, as well as all relations between you and the Agency are regulated by the legal acts of the Republic of Latvia, as well as the relevant applicable legal acts of the European Union.

 

What regulates data processing on other websites linked from the Agency’s website?

Agency’s website may contain links to third party websites (homepages) subject to their own conditions for use and personal data protection for which the Agency shall not be responsible.

 

Who can I contact in case of queries?

If you have any questions, comments or requests related to the privacy policy or processing of your personal data, please contact us via e-mail at info@ zva.gov.lv.

If you are not satisfied with the response, you are entitled to submit a complaint to the supervisory institution “Data State Inspectorate” (www.dvi.gov.lv).

 

Contact information of the personal data manager and data protection specialist

Contact us regarding your data management at info@zva.gov.lv.

Contact information of data protection specialist: advokats.andersons@inbox.lv


Last reviewed: 19.07.2019