Issuing a license to an open Shared Client Research Tool or Closed Shared Client Research Tool Provider

Process description

1. Service requests
   Submission of an application regarding the receipt of a licence
   In order to receive a licence, the capital company shall submit a submission to the State Data Inspectorate. The following information shall be indicated in the application (attaching the supporting documents thereof):
   1. information regarding the applicant (name, registration number, legal address, contact phone and e-mail address of the capital company);
   2. a list of the members of the capital company who own more than five per cent of the capital shares of the capital company and information regarding the true beneficiary of the capital company;
   3. if a member of the capital company is an alien, a statement regarding criminal and administrative criminal records issued by the institution of the country of residence of the person, which maintains information regarding criminal records in accordance with the laws of the State concerned. The certified statement must have been issued not earlier than three months prior to the date of submission of the application licence;
   4. if the submission is submitted by a foreign capital company which has registered a branch in Latvia - a statement certified by the relevant State tax administration authority or the competent authority that the capital company does not have tax debts (including the mandatory State social insurance contribution debt), the total amount of which exceeds EUR 150;
   5. information containing at least the following:
   5.1. a computer network connection scheme for equipment and servers to be used;
   5.2. a list of server data storage equipment and network equipment (specifying model names);
   5.3. a list of software to be used with versions;
   5.4. the address of the location of the equipment;
   6. system security policy, safety and use rules;
   7. a risk assessment document. It shall indicate the following:
   7.1. the scope of the system;
   7.2. the impact of the identified risks on the operation of the system (including evaluating the probability of the occurrence of risks, materials and intangible losses), the impact on the availability of the system, the confidentiality of data;
   7.3. if violations of the safety of the system have occurred, the following information shall be indicated in addition:
   7.3.1. countermeasures to prevent such violations;
   7.3.2. means of protection which will be utilised if the security violations of the information system recur;
   7.3.3. the listed non-eliminated risks;
   7.3.4. an inventory of the necessary improvements (indicating them in priority order);
   8. an audit report;
   9. information attesting the conformity of the capital company with the requirements referred to in Sub-paragraphs 9.1, 9.2 and 11 of these Regulations;
   10. information on the types of information sources of the joint client research tool, in which the capital company intends to obtain customer research information, as well as the categories of recipients;
   11. a statement that the processing of personal data, information systems, equipment and procedures comply with the requirements referred to in these Regulations and the Prevention of Money Laundering and Terrorism and Proliferation Financing Law. The referred to attestation shall be issued by a capital company which determines the purposes and means of processing personal data and is responsible for the processing of personal data;
   12. if a capital company or any of the elements necessary for its operation (for example, equipment or infrastructure) is located outside the Republic of Latvia, a document justifying that it will be possible for the Data State Inspectorate to perform supervision of the provider of the joint client research tool in relation to the activities performed outside the Republic of Latvia, which affect the operation of the joint client research tool in Latvia, or for them, for elements outside the Republic of Latvia.

2. Service Payment:
   In accordance with Section 17.3, Paragraph five of the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing, the provider of the joint client research tool to be licensed for the issuance and re-registration of a licence shall pay the State fee.
   According to Section 40 of the Cabinet Regulation of 5 July 2022, the amount of the State fee for the issuance of a licence for the provision of a common open client research tool and the licensing and supervision of the joint client research tool service provider shall be EUR 10 000. The amount of the national fee for re-registering a licence for the provision of a common open client research tool is EUR 5 000.
   According to Section 41 of the Cabinet Regulation of 5 July 2022, the amount of the State fee for the issuance of a licence for the provision of a joint client research tool and the licensing and supervision of the joint client research tool service provider shall be EUR 5 000. The amount of the national fee for re-registration of a licence for the provision of a common closed client research facility is EUR 2 500.
   
   Payment of the State fee shall be made through a payment service provider who has the right to provide payment services within the meaning of the Payment Services and Electronic Money Act, the payment properties:
   Properties:
   Consignee: Treasury
   Registration No: 90000050138
   Account No: LV89TREL1060190919900
   Recipient BIC: TRELLV22

3. Evaluation of the application
   If all the documents referred to in these Regulations have not been appended to the submission or all the information referred to in Paragraphs 17 and 18 of these Regulations has not been provided, or the information provided is incomplete or inaccurate, or the documents have not been presented in conformity with the requirements specified in regulatory enactments, or additional information is necessary for the taking of the decision, the State Data Inspectorate shall inform the capital company in writing company thereof, specifying the time period, specifying time period, until which capital company has to submit the relevant documents or information and accordingly extend the time period for taking the decision referred to in Paragraph 19 of these Regulations.

4. Decision making
   The decision of the State of Data Inspectorate regarding the issuance of a licence or regarding refusal to issue a licence shall be taken within a period of one month from the date of receipt of the information and documents referred to in Paragraphs 17 and 18 of the Cabinet Regulation regarding the requirements for updating information in the joint client research tool and the licensing and supervision of the provider of the joint client research tool.

5. Notification of the decision
   The decision shall be sent to the capital company at its registered office.
   A licence may be issued in the form of an electronic document if the capital company has made such a request.