Protection of personal data
Personal data is data
collected for the provision of a service, identification of a person, contact
with a person for the provision of a service or solving a matter.
We do not process
sensitive personal data as defined in the Regulation of the EUROPEAN PARLIAMENT
AND OF THE COUNCIL REGULATION (EU) 2016/679 (General Data Protection
Regulation, GDPR or EU Regulation 2016/679).
We undertake to
protect the personal data of our clients and users and their privacy. Our
activities on the Internet are in line with all relevant activities and
relevant European Union legislation and the laws of the Republic of Estonia,
including REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND COUNCIL. We
apply all precautionary measures (including administrative, technical and
physical measures) to protect personal information collected. Access to data
editing and processing is restricted to authorized persons.
What data are collected?
When visiting
websites, visitors receive unlisted technical data.
Service environments
also collect personal data for the provision of services and identification of
individuals.
Specifications are
limited to the Internet address (IP address) of the computer or computer
network used, the computer browser and the operating system software version,
time of visit (time, date, year). IP addresses are not associated with
personally identifiable information except for service environments where this
is an additional security measure.
Data is collected on
the visits and stays of websites to improve web pages and service environments
and make it more convenient for visitors.
In service
environments (including epochs) personal data is collected for the execution of
contracts and data on topics of interest to the person (including the contents
of the cart, preferences, attitudes, behaviors, etc.) in order to improve, as
far as possible, the forwarding of the expected information and thus improve
customer experience in the consumption of services and direct marketing.
As far as natural
persons are concerned, the data collected is, if necessary, personal
identification code for identifying uniqueness, for communication name, email
address, mobile phone, city and state of location.
To process legal
entity data, we collect registry number, VAT number, name, country, address,
contact emails and invoices, names of contact persons representing the company,
their email addresses and contact phone numbers.
Paying for services
through a credit card or bank link service, only access to bank card
information and bank requisitions is provided by Maksekeskus AS, which only
issues the payment of the payment information and the last 4 digits of the
card.
Consent for the
collection of personal data necessary for a related service and service is provided
upon subscription of the service by the subscriber at the time of ordering the
service. Subscribing to the service will list the consent with the appropriate
time stamp.
How long will the data
be stored?
Unbound technical data
collected from websites and service environments is retained indefinitely.
Personal data relating
to personal queries and / or transactions will be kept for up to 7 years from
the last interaction with the service provider in accordance with the
obligation under the Accounting Act to prove transactions. Interactions
include, inter alia, response to direct marketing by clicking on a view or
link.
Who can collect data
collected?
Personal data
collected and processed without the consent of the person can be forwarded only
to the institution or person who has a direct right (for example, a court or a
pre-trial prosecutor) and a justified need for it.
Personal data entered
by clients in the context of the Service is treated as confidential and the
right to process, publish or transmit such data belongs solely to the data
owner (customer).
What rights are the
data collected by a person?
The right to access,
rectify, terminate your processing
The default personal
information will not be published, unless the relevant confirmation (participation
in training / seminars / conferences) has been obtained.
All persons have the
right to access their personal data in service environments.
If the improvement is
possible, depending on the service and the service environment, it can be done immediately.
If the personal data
are not alterable, accessible, disclosed on the website or in service
environments, we should submit an application for obtaining or correcting the
data in a way that enables us to identify the person. If available, data will
be issued or corrected within 7 working days.
If you want to opt out
of direct marketing bids for all or some of the topics, you can do so instantly
through any link in the footer of any marketing message you send. The change will take effect immediately.
If there is (no
longer) a legitimate basis for processing, disclosure or access to personal
data, the termination or deletion of data, the disclosure of information or the
termination of access to data may be required. To this end, an application
should be submitted to allow identification of the person.
An application will
not be accepted if:
- it may harm the
rights and freedoms of another person,
- it may prevent the
provision of a service or the provision of a service,
- this may hinder the
work of law enforcement agencies,
- this is not
technically necessary and / or possible.
- the applicant's
identity is not legally connected with the data.
- the identity of the
applicant can not be identified.
Privacy Policy Terms and Conditions
By using the web pages
and / or service environments, you have read and agreed to these Terms and
Conditions. We reserve the right to change the general terms and conditions of
the Privacy Policy if necessary, informing all related parties.