Last updated: May 19, 2026
Izlūks is operated by Partners F&E ("we", "us", "our"). We are the data controller for the personal data described in this Privacy Policy. You can reach us at [email protected].
When you register, we collect your name and email address. You may optionally provide a Latvian personal identification code or a company registration code for identity verification. If you provide a personal code, we store it as a one-way hash that links your account to your own registry profile and is never displayed.
We log login, signup, and password change events — including IP address and browser user agent — to protect against unauthorized access and brute-force attacks.
We do not store your credit card details. Payments are processed by Stripe, which handles your payment information in accordance with PCI DSS standards. We store a Stripe customer identifier, transaction amounts, and credit pack details to maintain your account balance.
When you use the AI analytics chatbot, we log the query text, the generated database query, execution time, and result count for audit and quality improvement purposes. No personal account data is included in the chatbot context sent to AI providers.
We may collect standard usage data such as pages visited, features used, and interaction patterns through analytics tools. See our Cookie Policy for details.
When you submit feedback, a feature request, or a bug report through our contact form, we collect:
If you are logged in at the time of submission, your feedback is linked to your user account. Guests may submit feedback without creating an account.
Most of the content on the Service is derived from publicly maintained Latvian and EU registers. This means we routinely process personal data about natural persons who are not users of the Service — most often officers, board members, shareholders, beneficial owners (UBOs), prokurists, parties to commercial pledges, persons in insolvency proceedings, parties to marital property contracts, and beneficial owners of mass media. This section explains what we do with that data and your rights if you are one of those individuals.
We obtain this personal data from:
Depending on the data subject's role we may process: name and surname; the masked Latvian personal identification code (DDMMYY-*****) or, where lawfully permitted and necessary, the full code; year and month of birth or country code; country of citizenship; role designation (e.g., board member, supervisory board member, prokurist, beneficial owner); appointment, resignation, and removal dates; shareholding metrics; beneficial-ownership control evidence; commercial pledge involvement; insolvency case identifiers within the public-access window; marital property contract identifiers; and sanctions list designation.
We process this data under Article 6(1)(f) of the GDPR — our and our users' legitimate interest in counterparty due diligence, anti-money-laundering and counter-terrorist-financing screening, sanctions compliance, fraud prevention, and lawful business intelligence. That interest is supported by the Latvian Sanctions Law (Starptautisko un Latvijas Republikas nacionālo sankciju likums) and the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing, both of which require every legal person to verify counterparties. The Law on the Register of Enterprises designates the relevant register entries as public and intended for third-party reliance. A Legitimate Interests Assessment is documented internally and available to data subjects on request.
We mirror the publication choices made by the Register of Enterprises. The full Latvian personal identification code is never shown to anonymous visitors or free-tier users; in those contexts only the masked form (DDMMYY-*****) is displayed. The full code may be shown to authenticated paid-tier users where its processing is necessary for unambiguous identification in an AML, KYC, or due-diligence workflow, subject to per-record access logging and a contractual prohibition on redistribution. We do not display residential addresses, identity-document numbers, the full date of birth, or any data we have received that originates from the non-public part of the Register or from registers that are not open to the public — for example, the Population Register or the civil-status register.
Registry data is refreshed on a rolling basis from the source authorities. A record is updated, suppressed, or removed when the source authority does the same. We do not retain registry data after it has been withdrawn at source, except in audit logs necessary to demonstrate the lawful basis of past processing.
If you appear on the Service because of a registry entry, you may contact us at [email protected] to:
We respond within thirty (30) days. You may also lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija, dvi.gov.lv).
We process your personal data to:
Under the General Data Protection Regulation (GDPR), we process your personal data on the following bases:
We do not sell your personal data. We share data only with the following categories of service providers, who process it on our behalf:
We do not share personal data about registry data subjects with any third party other than the authenticated user viewing the profile they have requested. Onward sharing by users is restricted by our Terms of Service.
We may also disclose data where required by law, regulation, or court order.
We use essential cookies to operate the Service. For full details on the cookies we use and how to manage them, please see our Cookie Policy.
We retain your account data for up to five (5) years from the date of your last account activity. This includes account data, authentication event logs, payment records, chatbot query logs, and feedback submissions.
Personal data about registry data subjects is retained only for as long as the source authority publishes it (see §3.6). Audit logs of access to such data are retained for five (5) years to support our accountability obligations under Article 5(2) of the GDPR.
For feedback submissions, IP addresses and user agent data used for rate limiting are retained alongside the feedback message for the same period and are used solely for abuse prevention.
If you request account deletion, we will anonymize or delete your personal data within thirty (30) days, except where retention is required for legal or regulatory purposes (for example, financial record-keeping obligations).
Under the GDPR you have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected]. We respond within thirty (30) days.
You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija, dvi.gov.lv), the supervisory authority for data protection in Latvia.
The Service is not intended for individuals under sixteen (16) years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
Some of our service providers (Google, OpenAI, Stripe) may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as the Standard Contractual Clauses approved by the European Commission or the provider's participation in recognized data protection frameworks.
We implement technical and organizational measures to protect your data, including:
While we take reasonable precautions, no system is completely secure. We encourage you to use a strong, unique password for your account.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or by a prominent notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
For any privacy-related questions or to exercise your data rights, contact us at [email protected].
See also: Terms of Service · Cookie Policy