Privacy Policy

AGroup SIA

Effective date: 24 February 2026 (replacing version effective 20 December 2021)

AGroup SIA (“AGroup”, “we”, “us”, “our”) operates the websites www.agroup.lv and hrbportal.eu (together, the “Websites”).

This Privacy Policy explains how we process personal data when you visit our Websites, contact us, request a demo, or interact with us in a B2B context.

  1. Business Use Only (B2B)

Our Websites and services are intended exclusively for business users. We do not offer our services to consumers.

  1. Data Controller

AGroup SIA, registration No.: 40003986259, registered address: Duntes str.3, Riga, Latvia, LV 1013, email: info@agroup.lv.

  1. Definitions

Personal data: any information relating to an identified or identifiable natural person.

Special categories of data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, sex life or sexual orientation.

Processing: any operation performed on personal data, such as collection, storage, use, disclosure, deletion.

GDPR: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC” (General Data Protection Regulation).

  1. What Data We Collect and Why

    4.1 Website usage and device data (analytics / security)

When you visit our Websites, we may collect: IP address (and/or truncated/anonymized IP where available), device identifiers, browser type and version, operating system, referring page, pages visited, clicks, scrolling, timestamps and session duration, approximate location (derived from IP, not precise GPS).

The purpose is to measure and improve website performance and user experience, understand which content is useful, ensure security and prevent abuse.

The legal basis is consent and/or legitimate interests (Article 6(1)(f) GDPR) in ensuring the security, stability, and proper functioning of our Websites and in maintaining B2B business relationships. Non-essential cookies (e.g., analytics) are activated only based on your consent where required by applicable law. You can withdraw consent at any time via the cookie settings tool.

4.2 Demo booking and inquiries

When you submit a form or book a demo, we may collect: name, surname, business email, phone number, company name, website, job title, number of employees (if provided), message content and requested details.

The purpose is to schedule and conduct a demo, evaluate your request and potential cooperation, communicate with you about your inquiry.

The legal basis is pre-contractual measures (Article 6(1)(b) GDPR) where you request a demo or proposal, and/or legitimate interests (Article 6(1)(f) GDPR) in managing and responding to B2B communications and developing business relationships.

4.3 Sales, proposals, and contracting

During sales discussions we may process: business contact details, meeting notes, correspondence, proposals, negotiation history.

The purpose is to  manage our sales pipeline, prepare and negotiate offers and contracts, document business communications, and maintain ongoing professional relationships.

The legal basis is pre-contractual measures at your request (Article 6(1)(b) GDPR), performance of a contract (Article 6(1)(b) GDPR), and/or our legitimate interests (Article 6(1)(f) GDPR) in managing B2B relationships and conducting our commercial activities.

4.4 Marketing Communications (B2B)

We may send business-related communications, such as product updates, service information, industry insights, and event invitations, to business representatives if the client consents.

The legal basis is our legitimate interests (Article 6(1)(f) GDPR) in promoting and developing our B2B services and maintaining professional relationships, and/or your consent where required under applicable e-privacy or electronic communications laws.

You may object to receiving marketing communications at any time. Each marketing email includes an unsubscribe link, and you may also contact us directly to opt out.

4.5 HRB Portal services: controller vs processor

When providing HRB Portal to our clients: the client is typically the Data Controller (for their employees/candidates/users), AGroup acts as a Data Processor on the client’s instructions. In such cases, processing is governed by the client agreement and a Data Processing Agreement (DPA).

  1. Cookies and Similar Technologies

We use cookies and similar technologies. Some are necessary for website operation; others are used for analytics and improvement. You can manage cookie preferences via: your browser settings, and (if implemented) our cookie banner / cookie preferences tool. If you disable certain cookies, parts of the Websites may not function properly.

  1. Third-Party Tools We Use

We use Google Analytics to understand traffic and website usage patterns. We use Microsoft Clarity for user experience analytics (e.g., heatmaps and session interaction insights). We store B2B contact and relationship data in HubSpot CRM, including: contact details and company details you provide, communication history, form submissions, website interaction events (where enabled), notes added by AGroup representatives.

These providers may process data in the United States or other countries outside the EU/EEA. Where applicable, transfers are based on Standard Contractual Clauses (SCCs) and/or participation in the EU–US Data Privacy Framework.

We may analyze business interactions to better understand customer needs and improve our services. We do not use automated decision-making that produces legal or similarly significant effects.

  1. Sharing and Disclosure of Personal Data

We may share personal data with: hosting and IT service providers, analytics providers (Google, Microsoft) as configured, HubSpot, professional advisors (legal/accounting) when necessary, competent authorities where legally required. We do not sell personal data.

  1. International Data Transfers

Some of our service providers may process data outside the EU/EEA. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards, such as: the European Commission Standard Contractual Clauses (SCCs), and/or other lawful transfer mechanisms under GDPR. You may request information about the safeguards used by contacting us.

  1. Data Retention

We keep personal data only as long as necessary for the purposes described: Website analytics data: up to 26 months. Demo requests and inquiries: typically, up to 24 months after last interaction. Sales correspondence and proposals: typically, up to 5 years after last interaction (to manage relationships and defend legal claims). Contract-related data: retained according to applicable legal/accounting requirements. Retention may be longer if required by law or necessary to establish, exercise, or defend legal claims.

  1. Your Rights Under GDPR

You have the right to: access your personal data, rectify inaccurate data, erase data (where applicable), restrict processing, object to processing (especially direct marketing), data portability (where applicable), withdraw consent (where processing is based on consent).

Marketing opt-out: You can unsubscribe via the link in emails (where provided) or contact us. We may request reasonable information to verify your identity before fulfilling your request.

Response time: We respond without undue delay and typically within one month (GDPR Art. 12), extendable in complex cases.

  1. Security

We apply appropriate technical and organizational measures to protect personal data, including: access controls and role-based permissions, encryption in transit (HTTPS/TLS), security monitoring and backups (where applicable), limited access to systems by authorized personnel. No method of transmission or storage is 100% secure, but we work to protect data using measures appropriate to the risk.

  1. Children

We do not knowingly collect personal data from minors.

  1. Complaints

If you have concerns, please contact us first. You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Latvia, this is the Data State Inspectorate (Datu valsts inspekcija).

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will publish the updated version on our Websites and update the effective date.