Protection of personal data
Personal data is data collected for the provision of a service, identification of a person, contact with a person for the provision of a service or solving a matter.
We do not process sensitive personal data as defined in the Regulation of the EUROPEAN PARLIAMENT AND OF THE COUNCIL REGULATION (EU) 2016/679 (General Data Protection Regulation, GDPR or EU Regulation 2016/679).
We undertake to protect the personal data of our clients and users and their privacy. Our activities on the Internet are in line with all relevant activities and relevant European Union legislation and the laws of the Republic of Estonia, including REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND COUNCIL. We apply all precautionary measures (including administrative, technical and physical measures) to protect personal information collected. Access to data editing and processing is restricted to authorized persons.
What data are collected?
When visiting websites, visitors receive unlisted technical data.
Service environments also collect personal data for the provision of services and identification of individuals.
Specifications are limited to the Internet address (IP address) of the computer or computer network used, the computer browser and the operating system software version, time of visit (time, date, year). IP addresses are not associated with personally identifiable information except for service environments where this is an additional security measure.
Data is collected on the visits and stays of websites to improve web pages and service environments and make it more convenient for visitors.
In service environments (including epochs) personal data is collected for the execution of contracts and data on topics of interest to the person (including the contents of the cart, preferences, attitudes, behaviors, etc.) in order to improve, as far as possible, the forwarding of the expected information and thus improve customer experience in the consumption of services and direct marketing.
As far as natural persons are concerned, the data collected is, if necessary, personal identification code for identifying uniqueness, for communication name, email address, mobile phone, city and state of location.
To process legal entity data, we collect registry number, VAT number, name, country, address, contact emails and invoices, names of contact persons representing the company, their email addresses and contact phone numbers.
Paying for services through a credit card or bank link service, only access to bank card information and bank requisitions is provided by Maksekeskus AS, which only issues the payment of the payment information and the last 4 digits of the card.
Consent for the collection of personal data necessary for a related service and service is provided upon subscription of the service by the subscriber at the time of ordering the service. Subscribing to the service will list the consent with the appropriate time stamp.
How long will the data be stored?
Unbound technical data collected from websites and service environments is retained indefinitely.
Personal data relating to personal queries and / or transactions will be kept for up to 7 years from the last interaction with the service provider in accordance with the obligation under the Accounting Act to prove transactions. Interactions include, inter alia, response to direct marketing by clicking on a view or link.
Who can collect data collected?
Personal data collected and processed without the consent of the person can be forwarded only to the institution or person who has a direct right (for example, a court or a pre-trial prosecutor) and a justified need for it.
Personal data entered by clients in the context of the Service is treated as confidential and the right to process, publish or transmit such data belongs solely to the data owner (customer).
What rights are the data collected by a person?
The right to access, rectify, terminate your processing
The default personal information will not be published, unless the relevant confirmation (participation in training / seminars / conferences) has been obtained.
All persons have the right to access their personal data in service environments.
If the improvement is possible, depending on the service and the service environment, it can be done immediately.
If the personal data are not alterable, accessible, disclosed on the website or in service environments, we should submit an application for obtaining or correcting the data in a way that enables us to identify the person. If available, data will be issued or corrected within 7 working days.
If you want to opt out of direct marketing bids for all or some of the topics, you can do so instantly through any link in the footer of any marketing message you send. The change will take effect immediately.
If there is (no longer) a legitimate basis for processing, disclosure or access to personal data, the termination or deletion of data, the disclosure of information or the termination of access to data may be required. To this end, an application should be submitted to allow identification of the person.
An application will not be accepted if:
- it may harm the rights and freedoms of another person,
- it may prevent the provision of a service or the provision of a service,
- this may hinder the work of law enforcement agencies,
- this is not technically necessary and / or possible.
- the applicant's identity is not legally connected with the data.
- the identity of the applicant can not be identified.