Privacy Policy


Effective from July 10, 2026

1. General Information

1.1. This Privacy Policy explains how SIA “ERKER Real Estate” collects, uses, stores, discloses, and otherwise processes the personal data of natural persons.

1.2. This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the GDPR), the Personal Data Processing Law of the Republic of Latvia, and other applicable laws and regulations of the Republic of Latvia and the European Union.

1.3. This Privacy Policy applies to the processing of personal data in connection with the use of the website erker.lv, its subpages and features, communication with the Company, the provision of real estate brokerage and consulting services, the marketing of real estate properties, customer due diligence, cooperation with business partners, recruitment activities, and other operations carried out by the Company.

1.4. This Privacy Policy applies regardless of how personal data is collected or processed, including through the website, email, telephone, in person, social media, paper documents, electronic systems, or publicly available sources.

1.5. Personal data means any information relating to an identified or identifiable natural person.

1.6. Processing of personal data means any operation performed on personal data, including collection, recording, organization, storage, consultation, use, transmission, disclosure, restriction, erasure, or destruction.

1.7. A Data Subject is a natural person whose personal data is processed by the Company.

1.8. The Company processes personal data lawfully, fairly, and transparently, solely for specified and legitimate purposes and only to the extent necessary to achieve those purposes.

2. Data Controller

2.1. The Controller responsible for the processing of personal data is:

SIA “ERKER Real Estate”
Registration No. 40203323246
Registered and office address: Ģertrūdes iela 10–3, Riga, LV-1010, Latvia
Telephone: +371 20 177 757
Email: [email protected]

hereinafter referred to as the Company, the Controller, or ERKER Real Estate.

2.2. Questions regarding the processing of personal data, as well as requests to exercise data subject rights, may be submitted by email to [email protected], by post to the Company's registered address, or in person at the Company's office.

2.3. When sending a request by email, it is recommended to use the subject line "Personal Data Request".

3. Persons Covered by this Privacy Policy

3.1. The Company may process the personal data of current, former, and prospective clients.

3.2. The Company may process the personal data of property owners, sellers, buyers, landlords, tenants, lessors, lessees, and other persons involved in real estate transactions.

3.3. The Company may process the personal data of representatives of clients and business partners, authorized representatives, contact persons, beneficial owners, and company officers.

3.4. The Company may process the personal data of website visitors, users of contact forms, persons requesting consultations, and individuals communicating with the Company via email, telephone, social media, or other communication channels.

3.5. The Company may process the personal data of job applicants and persons interested in employment or cooperation with the Company.

3.6. The Company may also process the personal data of other individuals where such data appears in documents related to real estate transactions, customer due diligence, authorizations, payments, disputes, or other legal matters.

4. Categories of Personal Data

4.1. Identification data may include first name, last name, personal identification number, date of birth, nationality, identity document details, signature, and other information necessary to identify the client.

4.2. Contact information may include residential or correspondence address, email address, telephone number, preferred communication language, and preferred method of communication.

4.3. Property-related data may include the property address, cadastral number, ownership information, Land Register data, property description, photographs, floor plans, price, permitted use, technical condition, encumbrances, and other information required for the preparation or execution of a transaction.

4.4. Transaction and cooperation data may include information regarding an individual's interests and requirements concerning real estate, offers, negotiations, viewed properties, intended transactions, agreements between parties, contracts, powers of attorney, correspondence, and the progress of transaction execution.

4.5. Financial and payment data may include bank account details, invoices, payment information, transaction amounts, commissions, debt-related information, and other accounting records.

4.6. Data relating to representatives of legal entities may include their position, legal basis of representation, scope of authority, relationship with the legal entity, and information regarding the legal entity's beneficial owner.

4.7. Customer due diligence and sanctions screening data may include identification information relating to the client, their representative and beneficial owner, information concerning the purpose and nature of the transaction, the origin of funds or assets, politically exposed person (PEP) status, sanctions screening results, risk assessments, and other information required by applicable legislation.

4.8. Communication data may include email correspondence, contact form submissions, applications, complaints, information relating to telephone conversations, social media messages, and other communications with the Company.

4.9. Technical website data may include IP address, device type, browser type, operating system, language settings, approximate location, website visit time, pages viewed, referring URL, activities performed on the website, error logs, and cookie identifiers.

4.10. Website preference data may include language preferences, saved favorite properties, cookie preferences, and other user settings.

4.11. Marketing data may include information regarding consent to receive commercial communications, the time consent was given or withdrawn, communications sent, and interactions with those communications.

4.12. Recruitment data may include first name, last name, contact details, curriculum vitae (CV), education, employment history, language skills, professional qualifications, cover letter, references, and any other information submitted by the applicant.

4.13. As a general rule, the Company does not request special categories of personal data, such as information concerning health, religious beliefs, political opinions, or sexual orientation. Please do not provide such information unless it is objectively necessary and there is an appropriate legal basis for its processing.

5. Sources of Personal Data

5.1. The Company most commonly receives personal data directly from the data subject, for example when a contact form is submitted, an email is sent, a telephone call is made, a consultation is requested, a property is offered, a person participates in preparing a transaction, or submits a job application.

5.2. Personal data may also be obtained from clients, property owners, the other party to a transaction, legal entities, their representatives, authorized persons, or business partners.

5.3. Personal data may be obtained from public registers and information systems, including the Land Register, the State Land Service, the Register of Enterprises, and other databases established under applicable legislation.

5.4. The Company may obtain data from publicly available sources, real estate listing websites, professional directories, websites, and social media platforms where such collection is lawful and necessary.

5.5. Customer due diligence and sanctions screening information may be obtained from public authorities, sanctions lists, public databases, and specialized screening service providers.

5.6. Technical website data is collected automatically from the user's device, browser, server logs, cookies, and similar technologies.

5.7. Where the Company receives personal data from a source other than the data subject, it shall provide the information required by the GDPR within a reasonable period unless the data subject already possesses such information or an exemption under applicable law applies.

6. Purposes and Legal Bases for Processing Personal Data

6.1. The Company processes contact details and the content of inquiries in order to respond to questions, provide requested information, arrange consultations or property viewings, and assess potential cooperation. The legal basis for such processing is taking steps at the request of the data subject prior to entering into a contract and the Company's legitimate interest in ensuring efficient communication and customer service.

6.2. The Company processes personal data in order to prepare, conclude, and perform contracts relating to real estate brokerage, consulting, or other services. The legal basis for such processing is the performance of a contract.

6.3. The Company processes personal data in order to identify suitable real estate properties, prepare and publish property listings, arrange property viewings, communicate with the parties to a transaction, coordinate negotiations, and prepare transaction-related documents. The legal basis for such processing is the performance of a contract, taking steps prior to entering into a contract, and the legitimate interests of the Company or the relevant parties to the transaction.

6.4. The Company processes personal data in order to identify the client, the client’s representative, and the beneficial owner, conduct customer due diligence, assess the purpose of the transaction, the origin of funds, sanctions risks, and politically exposed person status. The legal basis for such processing is compliance with the legal obligations applicable to the Company.

6.5. The Company processes personal data in order to issue invoices, administer payments, maintain accounting records, and comply with tax and financial reporting requirements. The legal basis for such processing is compliance with legal obligations and the performance of a contract.

6.6. The Company processes personal data in order to review applications, claims, and complaints, prevent and resolve disputes, recover debts, protect the rights of the Company, its clients, or third parties, and preserve evidence. The legal basis for such processing is the Company’s legitimate interests and, where applicable, compliance with legal obligations.

6.7. The Company processes technical data in order to ensure the operation and security of the website, prevent fraudulent or malicious activities, diagnose errors, and protect IT systems. The legal basis for such processing is the Company’s legitimate interest in maintaining a secure and functional website.

6.8. The Company may analyse the use of the website in order to understand visitor interests, assess website performance, and improve its services. Where technically non-essential cookies or similar technologies are used for such analysis, the legal basis is the User’s consent.

6.9. The Company may use personal data to send commercial communications, property offers, news, and other marketing information where the person has provided separate consent or where such communication is otherwise permitted under applicable law. The person may opt out of receiving further commercial communications at any time.

6.10. The Company processes job applicant data in order to assess the candidate’s suitability, communicate with the candidate, organise the recruitment process, and, where necessary, prepare an employment or cooperation agreement. The legal basis for such processing is taking steps at the candidate’s request prior to entering into a contract and the Company’s legitimate interest in organising recruitment.

6.11. Where a candidate has provided separate consent for their data to be retained for future vacancies, the Company may also use the candidate’s data to contact them regarding other suitable employment or cooperation opportunities.

6.12. The Company may process personal data for internal administration, quality control, employee training, service improvement, statistical analysis, and business planning. The legal basis for such processing is the Company’s legitimate interest in ensuring effective business management and service quality.

6.13. Where the processing of personal data is based on the Company’s legitimate interests, the Company assesses the relevant interest, the necessity of the processing, and the potential impact on the rights and freedoms of the data subject.

6.14. Where processing is based on consent, the provision of consent is voluntary. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal.

7. Requirement to Provide Personal Data

7.1. In certain cases, the provision of personal data is necessary for the Company to respond to an enquiry, prepare or conclude a contract, provide a service, or comply with obligations imposed by applicable laws and regulations.

7.2. If a person does not provide the requested data or documents, the Company may be unable to provide the requested information, commence or continue cooperation, prepare a transaction, or perform a contract.

7.3. Where applicable laws and regulations require the Company to identify a client or conduct customer due diligence, refusal to provide the necessary information may constitute grounds for refusing to commence cooperation, suspending it, or terminating it.

7.4. Information requested solely for marketing or analytics purposes is provided voluntarily, and refusal to provide such information does not affect the person’s ability to use the Company’s core services.

8. Recipients of Personal Data

8.1. Personal data may be accessed within the Company only by employees, real estate professionals, and authorized persons who require such information for the performance of their employment duties or contractual obligations.

8.2. Personal data may be disclosed to providers of IT infrastructure, website maintenance, hosting, email, data storage, customer relationship management (CRM), document management, cybersecurity, and technical support services.

8.3. Personal data may be disclosed to providers of accounting, auditing, legal, debt collection, translation, insurance, and other professional services to the extent necessary for the provision of the relevant service.

8.4. In the course of preparing or completing a transaction, personal data may be disclosed to notaries, attorneys-at-law, banks, credit institutions, insurance companies, certified property valuers, construction specialists, surveyors, property managers, and other service providers involved in the transaction.

8.5. Personal data may be disclosed to the other party to a real estate transaction, its representative, or its advisor where necessary for the preparation or execution of the transaction and where such disclosure is consistent with the reasonable expectations of the data subject.

8.6. Personal data may be disclosed to state and municipal authorities, courts, law enforcement authorities, the Financial Intelligence Unit, the State Revenue Service, and other competent authorities where required by applicable law or necessary for the protection of the Company's legal interests.

8.7. Providers of analytics, advertising, mapping, social media, and other digital services may receive personal data only in accordance with the User's cookie preferences and the applicable terms of the relevant service.

8.8. The Company provides personal data processors only with the amount of personal data necessary to perform a specific task and contractually requires them to process such data solely in accordance with the Company's instructions, maintain confidentiality, and implement appropriate security measures.

8.9. In certain cases, the recipient of personal data acts as an independent data controller, for example a notary, bank, public authority, or the legal advisor of the other party to a transaction. In such cases, the recipient independently determines the manner in which personal data is processed in accordance with the laws applicable to that recipient.

8.10. In the event of a corporate reorganization, merger, sale of shares, or sale of assets, personal data may be transferred to a prospective or actual successor, subject to appropriate confidentiality and data protection safeguards.

9. Transfers of Personal Data Outside the European Economic Area

9.1. When selecting service providers, the Company gives preference, where reasonably possible, to providers that process personal data within the European Union or the European Economic Area.

9.2. Certain providers of IT, cloud computing, analytics, social media, mapping, or communication services may process personal data in countries outside the European Union and the European Economic Area.

9.3. Where personal data is transferred to a country for which the European Commission has adopted an adequacy decision, such transfer shall be based on that adequacy decision.

9.4. Where no adequacy decision exists, the Company implements the safeguards provided under the GDPR, including the European Commission's Standard Contractual Clauses (SCCs), and, where necessary, applies additional technical and organizational security measures.

9.5. Information regarding the safeguards applicable to a specific international data transfer may be requested by contacting [email protected].

10. Retention of Personal Data

10.1. The Company retains personal data only for as long as necessary to achieve the relevant processing purpose, perform a contract, comply with legal obligations, and protect the legitimate interests of the Company or third parties.

10.2. Information contained in contact forms, emails, and other initial enquiries, where no cooperation is established, is generally retained for up to 24 months after the last meaningful communication, unless there is a legal basis for earlier deletion or longer retention.

10.3. Data relating to the preparation, conclusion, and performance of contracts is retained during the term of the contract and thereafter for as long as necessary to comply with legal obligations and to establish, exercise, or defend legal claims, generally for no longer than 10 years unless a different retention period is required by law.

10.4. Information relating to customer due diligence, identification, transaction monitoring, and the origin of funds is retained for the period required by applicable legislation, generally for five years following the end of the business relationship or the completion of an occasional transaction. The retention period may be extended where required by law or by an instruction from a competent authority.

10.5. Accounting, tax, invoicing, and payment records are retained for the periods prescribed by applicable legislation, depending on the type of document.

10.6. Personal data processed on the basis of consent for marketing purposes is retained until consent is withdrawn or until the data is no longer required for the relevant purpose. The Company may retain minimal information regarding the withdrawal in order to ensure that no further unsolicited communications are sent.

10.7. Job applicant data is generally retained until the completion of the recruitment process and for up to six months thereafter in order to protect the Company's legitimate interests in the event of a dispute.

10.8. Where the candidate has provided separate consent for future recruitment opportunities, the candidate's data may be retained for up to 12 months or until consent is withdrawn, whichever occurs first.

10.9. Technical and security logs relating to the website are generally retained for up to 12 months unless a longer retention period is required for the investigation of a specific security incident.

10.10. Cookie retention periods are specified in the cookie management tool or in the separate Cookie Policy.

10.11. Where a dispute, investigation, or legal proceeding has commenced, the related data may be retained until the matter has been finally resolved and any applicable limitation periods have expired.

10.12. Upon expiry of the applicable retention period, personal data is securely deleted, anonymized, or destroyed. Data contained in backup copies may remain for a limited period until the relevant backup is automatically overwritten or deleted.

11. Commercial Communications and Marketing

11.1. Completing a contact form, requesting a consultation, or otherwise communicating with the Company regarding a specific service does not in itself constitute consent to receive unrelated advertising or marketing communications.

11.2. Where the Company wishes to use a person's contact details to send regular property offers, news, or other commercial communications, separate and freely given consent will be requested where required.

11.3. Consent to marketing communications shall not be a mandatory condition for receiving a consultation, submitting a contact form, or using the Company's services where marketing is not objectively necessary for the provision of the relevant service.

11.4. A person may unsubscribe from commercial communications at any time by using the unsubscribe option included in the communication or by contacting [email protected].

11.5. Withdrawal of consent does not affect communications that are necessary for the performance of a contract, the provision of services, the organization of a transaction, or compliance with legal obligations.

12. Cookies and Similar Technologies

12.1. The website may use cookies, browser local storage, and similar technologies to ensure the proper functioning of the website, remember user preferences, analyse website usage, and, where the User has given consent, provide personalized content or advertising.

12.2. Strictly necessary cookies are used to ensure the core functionality of the website, maintain security, operate user sessions, remember language preferences, store cookie settings, and provide other functions requested by the User.

12.3. Functional cookies may be used to remember user preferences, such as the selected language or saved favourite properties.

12.4. Analytics cookies may be used to collect statistical information regarding website visits and usage, identify errors, and improve website performance.

12.5. Marketing cookies may be used to evaluate advertising campaigns, build audience segments, or display more relevant advertisements to the User.

12.6. Cookies that are not strictly necessary for the operation of the website are not used until the User has provided consent.

12.7. Users are provided with the option to accept all optional cookies, reject them, or select individual cookie categories.

12.8. Users may change or withdraw their cookie preferences at any time using the cookie management tool available on the website. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

12.9. Detailed information regarding individual cookies, their providers, purposes, and retention periods is available through the cookie management tool or the separate Cookie Policy.

13. Security of Personal Data

13.1. The Company implements technical and organizational measures appropriate to the level of risk in order to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

13.2. Depending on the nature of the processing, such security measures may include access controls, user authentication, encryption of data transmissions, backup procedures, software updates, security incident monitoring, employee awareness measures, and confidentiality obligations.

13.3. Access to personal data is granted only to individuals who require such access for the performance of their employment duties or contractual obligations.

13.4. The Company regularly reviews its security measures and improves them where necessary.

13.5. No method of transmitting or storing data can guarantee absolute security. If a data subject becomes aware of a potential security incident or unauthorized access, they are requested to notify the Company immediately by email at [email protected].

13.6. In the event of a personal data breach, the Company shall take the measures required under applicable law and, where necessary, notify the Latvian Data State Inspectorate and the affected data subjects.

14. Rights of the Data Subject

14.1. The data subject has the right to obtain confirmation as to whether the Company processes their personal data and to request access to the personal data being processed.

14.2. The data subject has the right to request the correction of inaccurate personal data and the completion of incomplete personal data.

14.3. In the cases provided for by the GDPR, the data subject has the right to request the erasure of personal data. The right to erasure is not absolute and may not apply where the retention of personal data is necessary for compliance with a legal obligation, the performance of a contract, or the establishment, exercise, or defence of legal claims.

14.4. In the cases provided for by the GDPR, the data subject has the right to request the restriction of the processing of personal data.

14.5. The data subject has the right to object to the processing of personal data based on the legitimate interests of the Company or a third party. The Company shall cease such processing unless it demonstrates compelling legitimate grounds for continuing the processing or where the data is necessary for the establishment, exercise, or defence of legal claims.

14.6. The data subject has the right to object at any time to the processing of personal data for direct marketing purposes. Upon receipt of such an objection, the personal data will no longer be used for direct marketing purposes.

14.7. Where personal data is processed on the basis of consent, the data subject has the right to withdraw that consent at any time.

14.8. Where processing is based on consent or a contract and is carried out by automated means, the data subject has the right, in the cases provided for by the GDPR, to receive the personal data they have provided in a structured, commonly used, and machine-readable format and to request that such data be transmitted to another data controller.

14.9. The data subject has the right to lodge a complaint with the Latvian Data State Inspectorate if they believe that the processing of their personal data violates their rights or applicable data protection laws.

15. Handling of Data Subject Requests

15.1. To exercise their rights, the data subject may submit a written request by email to [email protected], by post to the Company's registered address, or in person at the Company's office.

15.2. The request should include sufficient information to enable the Company to identify the requester, understand the nature of the request, and provide an appropriate response.

15.3. In order to prevent unauthorized disclosure of personal data, the Company may request additional information or documents to verify the identity of the requester.

15.4. The Company shall respond without undue delay and, in general, no later than one month after receiving the request.

15.5. Taking into account the complexity or number of requests, the response period may be extended by up to two additional months. The data subject will be informed of the extension and the reasons for it within one month of receipt of the request.

15.6. Exercising the rights of the data subject is generally free of charge. However, where a request is manifestly unfounded or excessive, particularly because of its repetitive nature, the Company may charge a reasonable fee or refuse to act on the request as permitted by applicable law.

15.7. If the Company is unable to fully comply with a request, it shall provide the data subject with the reasons for the refusal or limitation to the extent that disclosure of such information is not prohibited by applicable law.

16. Automated Decision-Making and Profiling

16.1. The Company does not make decisions concerning individuals based solely on automated processing of personal data that produce legal effects concerning the individual or similarly significantly affect them.

16.2. Website analytics or marketing tools may categorize users according to general interests or activities where the User has consented to the use of the relevant cookies. However, the Company does not use such information to make automated decisions that produce legal or similarly significant effects.

17. Personal Data of Minors

17.1. The Company's services are primarily intended for adults.

17.2. The Company does not knowingly request personal data from minors for the purpose of entering into a real estate transaction or contract without the involvement of a parent, guardian, or other legal representative.

17.3. If the Company becomes aware that personal data of a minor has been submitted without an appropriate legal basis, it will take reasonable steps to delete such data.

18. Third-Party Websites and Services

18.1. The website may contain links to third-party websites, social media platforms, mapping services, video platforms, or other external services.

18.2. The Company does not control the processing of personal data carried out by independent third parties. Before using such services, Users are encouraged to review the privacy policy and settings of the relevant service provider.

18.3. Where a User communicates with the Company through a social media platform, personal data may also be processed by the operator of the relevant social media platform in accordance with its own privacy policies and terms.

19. Amendments to this Privacy Policy

19.1. The Company reserves the right to periodically review and amend this Privacy Policy to reflect changes in the Company's operations, website functionality, services used, or applicable legislation.

19.2. The current version of this Privacy Policy is published on the website together with its effective date or the date of its most recent update.

19.3. Where significant changes are made, the Company may provide additional notice on the website or by another appropriate means of communication.

19.4. This Privacy Policy may be available in multiple languages. In the event of any inconsistency or discrepancy between language versions, the Latvian version shall prevail unless otherwise required by applicable law.

20. Complaints and Contact Information

20.1. If you have any questions regarding the processing of personal data or the application of this Privacy Policy, please contact:

SIA "ERKER Real Estate"
Registration No. 40203323246
Address: Ģertrūdes iela 10–3, Riga, LV-1010, Latvia
Telephone: +371 20 177 757
Email: [email protected]

20.2. The Company encourages individuals to contact the Company first so that any questions or concerns can be resolved as quickly as possible.

20.3. The data subject has the right to lodge a complaint with the supervisory authority of the Republic of Latvia:

Data State Inspectorate (Datu valsts inspekcija)
Address: Elijas iela 17, Riga, LV-1050, Latvia
Telephone: +371 67 223 131
Email: [email protected]