Information on processing of personal data

AS BlueOrange Bank (hereinafter referred to as the Bank) hereby notifies its clients – natural persons and business partners that it performs processing of personal data in accordance with the GDPR and other personal data protection laws and regulations of the Republic of Latvia and the European Union.

More detailed information about the processing of personal data in the Bank is provided in the Bank’s Personal Data Processing Policy. Introduction of the Personal Data Processing Policy manifests the Bank’s responsible approach to data protection with a priority set on protecting the data of the Bank’s clients.


What is GDPR?

GDPR or General Data Protection Regulation is the name of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The aim of the GDPR is to protect privacy of individuals in the European Union and to harmonise the national legislation of the European countries.

As of 25 May 2018, the GDPR is directly applicable and fully binding for data processing and protection throughout the European Union and in Latvia.

GDPR was developed with the aim to harmonise the differences in requirements to the processing of personal data between Member States, allowing EU citizens to have better control of their own personal data, including easier access, awareness in case of identity theft, establishment of clearer rights to erasure of personal data (the “right to be forgotten”), the right to object etc.


Who is the controller of personal data processing and what are the contact details?

The controller of personal data processing is AS BlueOrange Bank, unified registration No. 40003551060, registered office: Smilšu iela 6, Rīga, Latvija, LV-1050, www.blueorangebank.com

The Bank has appointed a Data Protection Officer who organizes, monitors and supervises the compliance of personal data processing carried out by the Bank as a controller with the requirements of personal data protection regulations of the European Union and the Republic of Latvia. For matters related to the processing of personal data, please e-mail the Data Protection Officer at datuaizsardziba@blueorangebank.com.


Clients or other natural persons may submit their requests for information and complaints in relation to processing of personal data in the following ways:

- in writing, by visiting the Client Service Centre (Jēkaba iela 2, Rīga, LV-1050, Latvija) in person and presenting an identity document;

- electronically, by signing with a secure electronic signature and sending an e-mail to datuaizsardziba@blueorangebank.com;

- by sending a message via the Bank’s Internet Bank https://ib.blueorangebank.com.


Clients or other natural persons may submit a complaint to the following authorities if they believe that the processing of their personal data in the Bank is not in compliance with the regulatory requirements:

- Data State Inspectorate, website: www.dvi.gov.lv
 address: Blaumaņa iela 11/13-15, Rīga, LV-1011
phone: 67223131, e-mail: info@dvi.gov.lv

- The supervisory authority in a Member State, in which their permanent place of residence or workplace is located, or where the alleged offence took place. Information on other supervisory authorities is available here.  

Recommendations developed by the Association of Latvian Commercial Banks regarding the application of the General Data Protection Regulation for credit institutions can be found here

The General Data Protection Regulation is available here.  

Information on the Bank’s Cookie Policy is available here.