Privacy Policy Rovico ADP APP

Welcome to Rovico ADP LV and our iOS and Android mobile application (our “App”). At Rovico, we take the protection of your data very seriously, and in the below we explain what data we collect when you use our App, when you connect your Alcoscan™breathalyzers and how it is used.

General Information

a)     What law applies?
In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular Latvia`s Personal Data Processing Law (the “DPL”) and the EU’s counterpart the General Data Protection Regulation (“GDPR”).

b)     Who is responsible for data processing?
The responsible party within the meaning of the DPL and the GDPR is Rovico Büroo OÜ filiāle „ROVICO LATVIA” of Dārzciema iela 60, Riga, LV-1073 (“Rovico“, “we”, “us”, or “our”). 

If you have any questions or if you wish to exercise your rights, please feel free to email info@rovico.lv, call +37167249628 or write to us at the above address. 

c)     What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. 

d)     What is Special Category Data?
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.

e)     What is processing?
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

f)      What are the legal bases of processing?
In accordance with the DPL and the GDPR, we have to have at least one of the following legal bases to process your Personal Data:

●      you have given your consent,
●      the data is necessary for the fulfillment of a contract / pre-contractual measures,
●      the data is necessary for the fulfillment of a legal obligation, or
●      the data is necessary to protect our legitimate interests, provided that your interests are not overridden. 

Data we collect automatically

a)     Downloading the App
The App can be downloaded from the “Google Playstore” a service offered by Google LLC, or the Apple “App Store” a service of Apple Inc. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

b)     Installing the App 
As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. 

As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store. 

c)     Device information
Google and Apple may collect information from and about the device(s) you use to access the App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.

We may collect information from and about the device(s) you use to access the App or in Pro Mode, allow you to use the Apps external functions via our API. This may include your Phone model information, IP address, device ID and type, device-specific.

d)     Authorisations and Access
We may request permission to access your Geolocation (Latitude, Longitude), Internet Connection, Bluetooth, Microphone and Camera. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.

e)     Uninstall
You can stop all information collection by the App by uninstalling it using the standard uninstall process for your device. If you uninstall the App from your mobile device, the unique identifier associated with your device will no longer be stored.

Data we collect directly

a)     Contacting us
In addition to your name, company name (if any), and e-mail address, IP address or telephone number, if provided, we usually collect the context of your message which may also include certain Personal Data. The Personal Data collected when contacting us is to handle your request and the legal basis is both your consent and contract.

b)     When using our services
We process both Personal Data and Non-Personal Data such as your breathalyzer test result, location and date, involved in your use of our services in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as your consent as applicable.

●      As a Regular User, your Personal Data and Non-Personal Data is stored on your Device only.

●      In Pro Mode, your Personal Data and Non-Personal Data is stored in our Google Could server (European location). Further, and depending on your contractual arrangement with us and your consent, Personal Data and Non-Personal Data will be made accessible on other connected and pre-approved devices using our API and our proprietary back-end. This for example may include your employer if your employer requires you to use an Alcoscan™ breathalyzer.

We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

c)     Face Data
You may take and upload an image of your face to verify that it was you who has taken a breathalyzer test. This feature may be used to ascertain that no other person has taken a particular test. In doing so, we derive facial-related information and biometric templates extracted from these pictures from your uploaded image solely for the purpose of verifying the person taking the breathalyzer test. We do not process, collect or use any facial-related information for any purposes outside of the verification feature.

●      As a Regular User, the provided facial-related information is stored on your Device only.

●      In Pro Mode, the provided facial-related information along with the date and time the picture is taken and the user ID is sent to and stored on our Google Cloud server (European location). This data is stored until your contract with us expires or is terminated and for 12 months after the license expiration. Further, and depending on your contractual arrangement with us and your consent, the verification image will be made accessible on other connected and pre-approved devices using our API and our proprietary back-end. This for example may include your employer if your employer requires you to use an Alcoscan™ breathalyzer.

Please note: Your uploaded photo may be considered as “special” or “sensitive” in certain jurisdictions, as it reveals your racial or ethnic origin and your physical characteristics “biometric data”. By choosing to use the verification feature, you consent to our processing of that data. The legal basis for the data processing is the fulfillment of our legal and contractual obligations as well as your consent. You may withdraw your consent and request us to stop processing your facial-related information by submitting your request to us. 

Principles of processing Personal Data

a)     Storage and Retention
As a Regular User, your Personal Data, Non-Personal Data and Face Data is stored on your Device only. In Pro Mode, your Personal Data, Non-Personal Data and Face Data is stored on Google Cloud server (European location) only to achieve the respective processing purpose or for as long as a legal retention period exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
Here you can see Google Cloud Privacy policy on clicking on this link.
Data is stored in Google Cloud server to ensure the work of APP in Pro mode – be able to identify employee. This data is stored until your contract with us expires or is terminated and for 12 months after the license expiration unless requested otherwise. If employee does not work for you anymore, you are responsible of deletion of employee and its data.

b)     Security
We use SSL or TLS encryption to ensure the security of data processing and to protect the transmission of all content We have also implemented numerous security measures (“technical and organizational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through this website. 

Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.

c)     Special Category Data
Unless specifically required when using our services and explicit consent is obtained for that service, we do not process special category data.

d)     Minors
We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.

e)     Automated decision-making
Automated decision-making is the process of making a decision by automated means without any human involvement. Automated decision-making including profiling does not take place.

f)      Do Not Sell
We do not sell your Personal Data.

g)     Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is i) necessary for the performance of our services including with Employers as necessary and, ii) you have consented to the disclosure, iii) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings including the sale of our business in whole or in part; or proceedings at home or abroad or to fulfill our legitimate interests.

h)     International Transfer
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

Your Rights and Privileges 

a)     Privacy rights 
Under the DPL and GDPR, you can exercise the following rights:
●      Right to information
●      Right to rectification
●      Right to object to processing
●      Right to deletion
●      Right to data portability
●      Right of objection
●      Right to withdraw consent
●      Right to complain to a supervisory authority
●      Right not to be subject to a decision based solely on automated processing.

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.

b)     Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us or use the relevant functions offered in your user account. 

c)     Withdrawing your consent 
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

d)     Access Request 
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

e)     Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in Latvia is the Data State Inspectorate (DSI), their contact details can be found on their website (www.dvi.gov.lv). 

Validity and questions

This Privacy Policy was last updated on Saturday, 16 September 2023, and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary. 

If you have any questions or if you wish to exercise your rights, please feel free to email info@rovico.lv, call +37167249628 or write to us at the above address.