Aptauja ilgs līdz 23. oktobrim.
The translation of this document is outdated.
Translation validity: 01.02.2020.–02.10.2023. Amendments not included: 28.09.2023. Decision No. 1/1 of the Board of the Public Utilities Commission Adopted 23 January 2020 Regulations Regarding the System for Input and Processing of Merchant's InformationIssued pursuant
to I. General Provisions1. The Regulation regarding the System for Input and Processing of Merchant's Information (hereinafter - the SIPI) (hereinafter - the Regulation) prescribes the conditions for the receipt and exercising of access rights to the SIPI for the public service provider (hereinafter - the merchant). 2. The following terms are used in the Regulation: 2.1. authentication - the user recognition process in the course of which it is ascertained whether the user is authorised to use the SIPI data and specific SIPI operating modes; 2.2. e-service - a service the type of provision of which ensures the execution of the whole service or of certain phases (steps) necessary for the provision thereof in a remote (off-site) manner, using information technology and communication means; 2.3. user properties - the username and password which is a defined string of symbols that the user uses to authenticate in the SIPI. 3. The operation of the SIPI shall be ensured by the Public Utilities Commission (hereinafter - the Regulator). 4. The merchant shall use the SIPI free of charge. 5. A user of the SIPI (hereinafter - the user) is a representative of the merchant who is a natural person who has been granted the rights to use the SIPI according to the status granted. 6. The SIPI has the following statuses: 6.1. user with signatory rights - a representative of the merchant who has the right (authorisation) to represent the merchant, including to prepare and submit documents to the Regulator, and also to establish users of the merchant with preparation rights; 6.2. user with preparation rights - a representative of the merchant who has the right only to prepare and save information (in the document status "draft") on the SIPI. 7. In accordance with the regulatory framework specified in the Electronic Documents Law, the information submitted by a user with signatory rights shall be deemed to have been signed manually if, when using the SIPI, the information specified in the laws and regulations regarding the operation of the merchant and the calculation of the State fee for governing public services has been submitted. 8. The merchant shall use the available "Interaction Tool" function to resolve: 8.1. the issues in relation to the use of the SIPI which are regarded as informative and any user has the right to use it; 8.2. a matter related to the regulation of public services - a user with signatory rights shall submit a document which has been signed with a secure electronic signature and contains a time stamp. 9. The user shall be bound by the provisions for the use of the SIPI set out in Annex 2 and, when authenticating in the SIPI for the first time, the user shall certify electronically that he or she has read, agrees, and undertakes to comply with the provisions for use of the SIPI. II. Registration and Cancellation of the User10. In order to receive or cancel access to the SIPI, the merchant shall accurately and completely fill in the application for the use of the SIPI specified in Annex 1 to the Regulation (hereinafter - the application) and submit it to the Regulator in one of the following ways: 10.1. by submitting it in person; 10.2. by sending it by post; 10.3. by using the secure electronic signature and time stamp and sending it to e-mail address sprk@sprk.gov.lv. 11. Within 5 working days after receipt of the application the regulator shall: 11.1. establish an account for the user with signatory rights and grant access rights to the SIPI, and send an electronic statement thereon to the e-mail address of the user indicated in the application; 11.2. refuse to establish an account for the user with signatory rights and send information thereon to the e-mail address indicated by the merchant if: 11.2.1. the application has not been filled in completely and mistakes that may delay granting of the access rights have been established therein; 11.2.2. the application has been signed by a person who does not have the right to represent the merchant; 11.2.3. the information included in the application is false; 11.2.4. the application has been submitted by a merchant who has not been registered with or licensed by the Regulator. 12. After the user has been created, a notification to complete the registration in the SIPI is sent to the e-mail address of the user. 13. The Regulator shall cancel the access rights of the user if: 13.1. the merchant has requested it by submitting the application; 13.2. the user has requested it, indicating the justification in the Interaction Tool of the SIPI; 13.3. the merchant has a cancelled licence or the merchant has been excluded from the register of the Regulator; 13.4. the user, when using the SIPI, has violated the provisions for the use of the SIPI laid down in Annex 2 to the Regulation; 13.5. the user has not carried out the first login to the SIPI within one month of granting of the access rights to the user. 14. The Regulator shall block the access rights of the user if: 14.1. five unsuccessful authentication attempts have been made with the properties of a specific user account (access to the SIPI shall be blocked for 15 minutes); 14.2. the user has not logged in the SIPI for over 12 months; 14.3. if signs of illegal activity have been detected in the activities of the user in the SIPI (for example, attempts to infect the SIPI by means of malware, activities of trying to guess passwords for another user account, specialised tools have been used for obtaining information that is not available thereto, information with inappropriate content has been submitted, etc.), access to the SIPI shall be blocked until the time when the relevant institution or court takes a ruling in relation to the illegal activities identified and it enters into lawful effect. III. Rights and Obligations of the Merchant and the User15. The merchant has an obligation: 15.1. to check the users registered in the SIPI, performing a user review (inventory) not less than once a year ; 15.2. to cancel the properties of a user with preparation rights without delay if: 15.2.1. the legal basis for a user with preparation rights for access to the SIPI (e.g. termination of employment relationships, etc.) has been lost; 15.2.2. it is deemed that continued retention of access for a user with preparation rights may endanger the confidentiality, integrity, or security of the SIPI; 15.3. to submit the application to the Regulator in accordance with the procedures laid down in the Regulation if it is necessary to cancel the account of a user with signatory rights. 16. In the "User Management" section of the SIPI, a user with signatory rights can create an account for a user with preparation rights and also delete it. 17. In activating the link indicated in the electronic message, the user shall create a password that is a string of characters with at least nine symbols and contains: 17.1. at least one digit (0, 1, 2, 3, 4, 5, 6, 7, 8, 9); 17.2. at least one symbol (- = []\; ',./` ~! @ # $% ^ & * () _ + {} |: "< >?); 17.3. at least one capital letter (A-Z) of the Latin alphabet; 17.4. at least one lowercase letter (a-z) of the Latin alphabet. 18. The user shall authenticate in the SIPI, using the SIPI authentication page address: https://iias.sprk.gov.lv and the username (e-mail address), and also a password created according to the Regulation. 19. The user shall become acquainted with the amendments to the conditions for the use of the SIPI electronically, the next time authenticating in the SIPI after entering into effect of amendments. IV. Closing Provisions20. The SIPI user status "Rights Manager" and "User with Viewing Rights" used until the date of coming into force of the Regulation shall correspond to the SIPI user status "User with Preparation Rights". 21. Decision No. 1/8 of the Public Utilities Commission of 7 April 2016, Regulations Regarding the Use of the Input and Processing System (Latvijas Vēstnesis, 2016, No. 2016/70.3.), is repealed. 22. This Regulation shall come into force on 1 February 2020. Acting Chair, Board Member of the Public Utilities Commission I. Mantiņš
Annex 1
APPLICATION
|
Status |
Personal identity number1 |
Given name |
Surname |
E-mail address |
Telephone |
Connection for the control of IP address2 |
Action (allocation/cancellation) |
User with signatory rights | |||||||
User with signatory rights |
By submitting this application, I certify that:
1) the information specified in laws and regulations regarding the activities of the merchant and the calculation of the State fee for the regulation of public services which the user with signatory rights will submit to the Public Utilities Commission (hereinafter - the Regulator), when using the SIPI, will be deemed to have been signed by the merchant in person in accordance with the regulatory framework specified in the Electronic Documents Law;
2) the merchant and the users will use the SIPI and the SIPI Interaction Tool in accordance with the procedures and to the extent provided for in the SIPI regulations of the Regulator;
3) the merchant has a legal basis for the processing of the personal data of the users referred to in the application.
Signature of the official or authorised person3: |
|
Given name, surname: |
|
Position: |
1 The purpose of processing personal data is user identification and the use of the SIPI. Additional information on the processing of personal data performed by the regulator shall be found in the Privacy Policy of the Regulator located on the website of the Regulator at www.sprk.gov.lv.
2 Completion of the field is not mandatory.
3 The authorisation shall be appended to the annex of the application.
Acting Chair, Board Member of the Public Utilities Commission I. Mantiņš
Annex 2
Decision No. 1/1
of the Public Utilities Commission
23 January 2020
1. The conditions for the use of the System for Input and Processing of Merchant's Information (SIPI) (hereinafter - the conditions for the use of the SIPI) prescribe the obligations and rights of the Regulator for ensuring the operation of the SIPI, and also the obligations and rights of the merchant and the user when using the SIPI.
2. Obligations and rights of the Regulator:
2.1. to ensure the operation of the SIPI so that the user can perform data input, submission, storage, processing, and analysis;
2.2. to ensure the maintenance and management of the operation of the e-service;
2.3. to ensure that the SIPI improvement measures are taken in order to develop the operation of the e-service;
2.4. to ensure the management of the user rights in accordance with the conditions defined in the Regulation;
2.5. to ensure the protection of the SIPI against potential external hazards by providing an opportunity for the merchant to submit information electronically and to communicate with the Regulator in a safe manner, using the SIPI Interaction Tool;
2.6. to ensure the sending of a reminder notification to the user two weeks following allocation of the user access rights if the user has not made the first-time login to the SIPI;
2.7. to provide the following in relation to the handbooks for the use of the SIPI:
2.7.1. accessibility to facilitate the use of the SIPI functions by the user;
2.7.2. updating by publishing the current version on the website of the Regulator, in the section "For merchants/SIPI";
2.8. to ensure the monitoring of the activities of the SIPI and the activities performed by the user, if necessary, by taking measures to block or cancel the rights of the user in cases provided for in the Regulation;
2.9. in using the website of the Regulator and the SIPI authorisation page, to announce improvements to the SIPI, the planned outages, and other issues affecting the use of the SIPI;
2.10. to ensure the maintenance of the account of a user with signatory rights for a period of ten years after blocking the relevant user account, deleting the relevant user account after reaching the relevant deadline;
2.11. to ensure the deletion of the account of a user with preparation rights one month after blocking the relevant user account;
2.12. to process the personal data of the user for identification and use of the SIPI in accordance with Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). The personal data processing process of the Regulator can be consulted in more detail in the Privacy Policy of the Regulator.
3. The Regulator shall not assume responsibility for:
3.1. the losses caused to the merchant as a result of the use of the SIPI, including if, as a result of negligence or deliberate activity of the user, third parties have been able to act on their behalf;
3.2. the possible inaccuracies or errors in the electronic documents of the merchant if they have not occurred due to the fault of the Regulator.
4. Obligations and rights of the merchant:
4.1. to ensure the submission of information, using the SIPI, and the updating thereof in accordance with the procedures laid down in laws and regulations;
4.2. to create and cancel a user of the SIPI with preparation rights;
4.3. to inform the Regulator of the need to change or cancel a user with signatory rights;
4.4. to ensure the functioning of the e-mail address and the ability to receive messages sent by the SIPI;
4.5. to obtain the necessary additional information on the use of the SIPI from the Regulator.
5. Obligations and rights of the user:
5.1. when commencing the use of the SIPI, to undertake to comply with the Regulation and to use the SIPI for the purposes specified in laws and regulations;
5.2. to ensure all possible measures for the protection of their user properties (for example, to ensure that they are not available at the workplace of the user or may otherwise become known to the third party);
5.3. to assume responsibility for all activities performed in the SIPI, including all activities performed by the third parties in the SIPI if these persons access the SIPI, using the user properties acquired by them either with the permission of the user or as a result of the carelessness of the user;
5.4. to inform the Regulator without delay if the user properties have become known to the third parties or the user has lost them or in any other way has lost the ability to use the user properties;
5.5. to not perform activities directed against the security and stability of the SIPI, nor to create an ineffective (inappropriate) load, thereby overloading the SIPI;
5.6. to not use equipment or software to perform activities that could weaken the security of the SIPI, including the guessing of passwords, security vulnerability analysis, decoding of coded files, not using the computer network surveillance software, etc.;
5.7. to notify the Regulator immediately by e-mail sprk@sprk.gov.lv of all suspicions or facts related to the failure to comply with the Regulation and the conditions for the use of the SIPI, unauthorised use of the SIPI, any unauthorised infringement of software usage, modification, or copying rights;
5.8. to receive additional information on the functionality and operation of the SIPI and the e-service by contacting the Regulator;
5.9. to send recommendations or objections regarding the operation of the SIPI, and also to notify of problems which have occurred in the course of the use of the SIPI:
5.9.1. using the SIPI Interaction Tool;
5.9.2. by sending an e-mail to the address: sprk@sprk.gov.lv;
5.9.3. by calling the telephone numbers indicated on the website of the Regulator.
6. Unauthorised interference with the functioning of the SIPI in order to damage or disrupt it will be considered to be deliberate damage to the integrity of the SIPI which may result in setting in of criminal liability.
7. When authenticating in the SIPI and consenting to the conditions for the use of the SIPI, the user shall certify that they have been informed that the Regulator is the manager of the data existing in the SIPI, and also that the processing of personal data is necessary for identification of the user and use of the SIPI. Additional information on the processing of personal data performed by the Regulator shall be found in the Privacy Policy of the regulator located on the website of the Regulator at www.sprk.gov.lv.
Acting Chair, Board Member of the Public Utilities Commission I. Mantiņš
Translation © 2023 Valsts valodas centrs (State Language Centre)