SIA "AI Consulting Solutions" (BalticAI) PERSONAL DATA PRIVACY POLICY

Last updated: February 24, 2026

CONTROLLER INFORMATION AND CONTACT DETAILS

[1] The controller of personal data processing is SIA "AI Consulting Solutions" (hereinafter – BalticAI), Reg. No. 40203566336, legal address: Mārupes nov., Babītes pag., Brīvkalni, Kalna iela 24, LV-2107

[2] Contact information for matters related to personal data processing (GDPR matters): a) By email: [email protected] b) By phone: +371 25 142 421 c) By post: Mārupes nov., Babītes pag., Brīvkalni, Kalna iela 24, LV-2107

GENERAL INFORMATION

[3] The purpose of this Privacy Policy is to provide individuals (hereinafter – Data Subject) with information about the purposes of personal data processing, legal basis, scope, protection and retention periods when obtaining and processing the Data Subject's personal data.

[4] This Privacy Policy applies to ensuring privacy and personal data protection in relation to: a) BalticAI clients (including potential, former and current) and client representatives; b) BalticAI website visitors (including account users, if the website has a "Login" area); c) persons who communicate with BalticAI (email, phone, forms, chat, etc.); d) contact persons of BalticAI cooperation partners and suppliers; e) candidates for job/internship positions (where applicable).

[5] This Privacy Policy applies to data processing regardless of the form or medium in which the Data Subject provides personal data (in person, on the website, by email, in paper format or by phone).

[6] BalticAI respects Data Subjects' rights to lawful personal data processing in accordance with applicable legislation – Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Personal Data Processing Law and other applicable regulatory enactments.

[7] In its operations, BalticAI implements appropriate administrative, technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration or destruction.

CONTROLLER AND PROCESSOR ROLE (IMPORTANT FOR AI/IT PROJECTS)

[8] Depending on the type of cooperation, BalticAI may be: a) Controller – for example, when processing website visitor data, requests, contract conclusion, payments, client relationship management; b) Processor – when BalticAI processes data on behalf of a client (e.g., developing AI solutions, automation, integration, data analytics, maintenance). In such cases, the Client is typically the controller, and data processing is governed by a contract / data processing agreement (DPA).

PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING

[9] BalticAI processes personal data for the following purposes: a) Provision of services and performance of contract (GDPR Article 6(1)(b)): i) identification of client/representative; ii) processing of requests and preparation of offers; iii) preparation, conclusion and performance of contracts; iv) project management, communication and support; v) ensuring quality of services. b) Compliance with legal obligations (GDPR Article 6(1)(c)): i) accounting, tax and legal obligations; ii) responses to lawful requests from public authorities. c) Legitimate interests (GDPR Article 6(1)(f)): i) IT system security, incident prevention/investigation; ii) improvement of services and website; iii) administration of disputes, claims and debts; iv) internal quality control and business process optimization. d) Where consent is given (GDPR Article 6(1)(a)): i) marketing communications/newsletters (if the person has subscribed); ii) certain cookies (e.g., analytics/marketing) where consent is required under applicable law.

[10] Where processing is based on consent, the Data Subject has the right to withdraw it at any time by contacting BalticAI at [email protected].

SCOPE OF INFORMATION COLLECTED

[11] BalticAI may process the following categories of personal data: a) first name, last name; b) contact information (email, phone, address); c) company, position, professional information; d) correspondence and communication content (requests, comments, chat messages); e) contract and payment data (to the minimum extent necessary); f) technical data (IP address, browser/device data, logs, cookie identifiers); g) account data (if an account is created).

[12] BalticAI generally does not require processing of special category personal data (e.g., health data, etc.). If such data is received within a project on behalf of a client, it is processed only in accordance with the client's instructions and applicable legal bases.

COOKIES, TRACKING TECHNOLOGIES AND GOOGLE TAG MANAGER (GTM)

[13] To ensure website functionality, security and improved user experience, BalticAI may process technical data about website visits (e.g., IP address, access time, pages visited, device/browser information).

[14] BalticAI uses cookies and similar technologies on its website. The legal basis for cookie use is: a) necessary cookies – performance of contract/user request and website operation (GDPR 6(1)(b)) and/or legitimate interests (GDPR 6(1)(f)); b) analytics/marketing cookies – consent (GDPR 6(1)(a)), where required.

[15] Google Tag Manager (GTM): BalticAI uses Google Tag Manager code to manage website tags and improve website operation and user experience. GTM itself typically does not collect personal data, but it may load third-party tags (e.g., analytics tools) that may process technical data (e.g., IP address, device information, cookie identifiers, usage events). Use of such technologies is in accordance with the user's cookie preferences.

DATA USE AND DISCLOSURE CONDITIONS

[16] Personal data is used: a) for provision of BalticAI services and company operations; b) for communication with clients and processing of requests; c) for website security and improvement; d) for compliance with legal obligations.

[17] BalticAI may transfer personal data to third parties only when necessary and to the minimum extent required, for example: a) IT/infrastructure and cloud service providers, email, hosting, CRM, analytics and other tool providers; b) accounting and legal service providers; c) subcontractors, if involved in project execution; d) public authorities – in cases specified by law.

[18] If a third party processes data on behalf of BalticAI, it is considered a processor, and a contract is concluded with it providing for confidentiality, security and processing only for specified purposes.

TRANSFER OF DATA TO THIRD COUNTRIES

[19] If BalticAI uses service providers outside the European Economic Area, BalticAI ensures appropriate safeguards (e.g., European Commission Standard Contractual Clauses and/or other legally permissible mechanisms).

PERSONAL DATA RETENTION PERIOD

[20] BalticAI retains personal data as long as at least one of the following criteria exists: a) while contractual obligations are being performed and thereafter – within applicable limitation periods (where applicable); b) while there is a legal obligation to retain data (e.g., accounting documents); c) while a request/application is being considered and for a reasonable period thereafter; d) while consent is in effect, if processing is based on consent.

[21] When conditions are met that determine that further retention is no longer necessary, personal data is deleted or anonymized.

ACCESS TO PERSONAL DATA AND DATA SUBJECT RIGHTS

[22] The Data Subject has the right to request access to their personal data, as well as to request rectification, erasure, restriction of processing, to object to processing (where based on legitimate interests), and the right to data portability where applicable.

[23] Requests to exercise your rights may be submitted: a) by email: [email protected] b) by post: Mārupes nov., Babītes pag., Brīvkalni, Kalna iela 24, LV-2107

[24] BalticAI has the right to verify the identity of the requester to prevent disclosure of data to unauthorized persons.

[25] If the Data Subject has objections regarding BalticAI's data processing, the Data Subject has the right to lodge a complaint with the supervisory authority – the Data State Inspectorate (Latvia).

CHANGES TO THE PRIVACY POLICY

[26] BalticAI reserves the right to make changes to the Privacy Policy at any time. The current version is always available on the BalticAI website, indicating the date of last update.

Company Details:

SIA AI Consulting Solutions
Reg. No.: 40203566336

Address:

Maza Nometnu Street
65B, Agenskalns

+371 25 142 421
Privacy PolicyTerms of UseCookie Policy
BalticAI™ is a trademark of AI Consulting Solutions SIA. All rights reserved.
SIA "AI CONSULTING Solutions" has concluded a 2025 contract No. 9.4-1-L-2025/93 with the Investment and Development Agency of Latvia for receiving support within the framework of the measure "Support for the digitalization of processes in commercial activities", which is financed by the European Union's cohesion policy programme for 2021–2027. · The project "Purchase of a server with software for ensuring data security and storage" is implemented with the support of the European Union and the Investment and Development Agency of Latvia. · Read more about the project (Latvian PDF)