Updated November 01, 2022
This privacy policy (hereinafter the „policy“) explains how CyberWiseSpace OÜ registration number 14999935 registered in Tallinn, Estonia, Mustamäe tee 139, office 81 (hereinafter the „company“ or „we“) collects or processes in any other manner the personal data of its clients and visitors of the website https://cyberwise.space/, (hereinafter the „website“), as well as the personal data of individuals, processing of which is necessary for provision of services to the clients of the company (all such persons, including individual clients or the representatives of legal persons, as well as the visitors of the website are referred to as “you” or the “data subject”). The conditions of our processing of your personal data and your personal rights in this connection are further described below in accordance with the rules of the General Date Protection Regulation (the “GDPR”). This policy describes the processing of personal data (hereinafter the “data”) by the company as a data controller. This means that the company individually or along with others determines the purposes and means of processing of personal data.
CyberWiseSpace OÜ
Registry code: 14999935
Email: [email protected]
The personal data we process include, but is not limited to the following:
Main data: this includes e.g. name and surname, personal identification number, date of birth, citizenship, residency, profession,
your photo or video records which you have provided to us for your identification
Sources of collection of data: we get the data from you, also we get certain Main data from public registries and databases (e.g. Commercial Register).
It cannot be out ruled that your data has been provided to us by a third person in connection with the provision of services by us.
Contact details: this includes e.g. a phone number, an email address and an address.
Sources of collection of data: we collect this data from you when you e.g. enter your contact details (e.g. email address) when filling out a contact form, also we get certain personal data (e.g. email address) from public registries and databases (e.g. Commercial Register). It cannot be out ruled that your data has been provided to us by a third person in connection with the provision of services by us.
Document data: number of an identity document (e.g. a Passport of an ID-card), date of issuance, expiry date and other information related to this, also a photo of your identity document which you have provided to us for your identification.
Sources of collection of data: we get the data from you when you provide us with your identity document, or the data is provided to us by a third person in connection with the provision of legal services by us.
Service data: this includes data which reflect your activities in connection with the services provided by us to you, including the data regarding the content of requested or ordered services, the information regarding the agreements entered into by you and the data regarding a potential breach of the agreement. Also, information concerning client communication related to the provision of legal services (e.g. correspondence related to the provision of legal services).
Sources of collection of data: we get the data from you, as well as via ordering and using the services provided by the company.
Transaction data: the details of transactions made from your payment account, including payer’s name, date of payment, currency, amount of payment and payment details.
Sources of collection of data: we get the data from you, from the third persons in connection with the provision of services or from the financial institution providing the services to our company.
Special categories of personal data: these are the data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Sources of collection of data: the purpose of our company is not to collect the special categories of personal data, but such data can be disclosed to us accidentally, e.g. if such data is disclosed during the client relationship.
Website visit data: this includes the data which is generated as a result of visiting and using the website (e.g. the data regarding how you use the website, browser, location). Please see the explanation in section “Cookies and other web technologies” below.
Sources of collection of data: we get the data when you visit and use the website.
Processing necessary for the fulfilment of the contract
The company processes the personal data on this legal ground if it is necessary for the fulfilment of the contract or for taking measures prior to concluding of such contract based on your request.
Purposes of processing:
• Pre-contractual relations (request of fee quotes and responding to such requests)- Main data, contact data
• Identification of the client - Main data, contact data, document data
• Keeping and development of client relationship (concluding the contract, transferring the information related to fulfilment of the contract, handling the claims) - Main data, contact data, document data, service data
• Calculating and managing service-related charges (including reports on provided services and time records)- Main data, contact data
• Invoicing (making a submission the invoices, the receiving payments)- Main data, contact data, service data, transaction data
• Provision of services- Main data, contact data, service data
Processing necessary for compliance with a legal obligation
The company processes personal data on this legal ground if the legal obligation for processing arises from the law.
Purposes of processing
• Avoidance of conflict of interest - Main data, contact data, service data
• Fulfilment of due diligence obligation - Main data, contact data, document data, service data
• Notification of the client about activities related to the provision of services (information exchange) - Main data, contact data, service data
• Keeping the records of ongoing issues - Main data, service data
• Bookkeeping (including storage of accounting source documents)- Main data, contact data, service data
• Notification and response to the information requests of public authorities and government institutions - Main data, contact data, document data, service data
The legitimate interest means that the company does not have to process your data necessarily for the fulfilment of contract and the company does not have the obligation arising from the law, but processing of personal data is still necessary. This may be necessary, e.g. for preventing fraud, network monitoring, development of services and products provided by the company by improving them for you and to protect the property, clients and employees of the company, as well as for making business decisions.
You have the right to ask clarifications form the company regarding the processing based on the legitimate interest by sending the request to [email protected]. You also have the right to send the objection, if you find that processing of your data for the purposes provided below prejudice your rights.
The overview below regarding processing of data based on the legitimate interest is not exhaustive. The company may process your personal data for other purposes upon reasonable necessity and to the extent provided by the law.
Purposes of processing
• Development of services and products - Main data, contact data, service data, website visit data
• Marketing activities - Website visit data
• Keeping and development of client relationship (answering the requests, general customer service, information exchange)
• Preventing fraud - Main data, contact data, service data
• Network monitoring - Website visit data
In some cases, we need your consent for data processing. Based on your consent we can send you our newsletters, as well as the invitations to the training and other events organized by the company.
You always have the right to withdraw the consent by sending us respective email at [email protected]
Withdrawal of the consent does not affect the legality of the processing of your personal data prior to withdrawal.
Purposes of processing
•Direct marketing (e.g. sending the offers by emails) - Main data, contact data, service data
• Development of products and services - Website visit data
Your personal data are disclosed only in connection with provided services, and only when the company is legally obliged to do so, or when you have given your consent. You can always withdraw your consent by contacting us via the above contact information. Data may be disclosed to the following parties:
• The partners to the case
• Public authorities (such as Data protection inspectorate)
• Supervisory bodies
The company does not transfer your personal data outside Estonia, European Union or European Economic Area, nor to such third country or international organization, the level of data protection of which the European Commission has not considered adequate. If it is still necessary (e.g. for provision of services), such transfer of personal data will take place only upon appropriate legal basis and the company will take appropriate protective measures.
In certain cases, the company also uses data processors located outside the EU/EEA. Below is indicated in what situation transfer takes place, the data processors in question, and the basis of transfer.
In what situation - Cookies
Data processor -Google LLC
Country - USA
Basic of transfer - EU Commission standard contract provisions
You have the right to get additional information about the transfer of your personal data by sending us the request by email at [email protected].
In connection with provided services, the company generally stores your information for five years from the end of the year in which the case was closed, unless otherwise required according to legislation or in case of original documents. If no case for providing service has been created and we have registered information about you only in connection with creating a possible relationship, we will store your information for up to twelve months after ending the correspondence.
As a data subject, you have certain rights according to the GDPR when your personal data are being processed. Below is a specification of your rights when the company processes personal data about you.
Right of access to your data: you have the right to know, whether personal data concerning you are being processed or not, what is the purpose of processing and what are the categories of personal data. Besides, to whom the data is disclosed, for how long the data is retained and what are your rights concerning rectification, erasure and restriction of the processing.
Right of rectification: you have the right to demand rectification of the personal data concerning you if the data are inaccurate or incomplete.
Right of erasure: in some cases, you have the right to demand erasure of the personal data concerning you, for example in case when you withdraw your consent and there are no other legal grounds for the processing of the data.
Right to restrict the processing: some cases, you have the right to restrict processing of the personal data concerning you for a certain time (e.g. if you have objected the processing of personal data).
Right to object: you have the right to object the processing of personal data which is processed based on the legitimate interest, including the profiling. Upon objection, the company will no longer process the personal data unless the company demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Right to data portability: if processing of your personal data is based on your consent or the contract with the company, then you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to claim the company to transmit those data to another service provider if it is technically possible.
If you want to exercise the above-mentioned rights, please send us an email at [email protected].
We use cookies and other tracking mechanisms (collectively ‘cookies’) on our website in order to improve our services and advertisements.
We use cookies in order to function properly. We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for a set period of time or until you delete them).
A cookie is a small text file which is created by the websites you visit and may contain information about webpage visitors such as language, country, time spent on the website. Information from cookies are used to improve the user experience.
We do not collect any personal or identifiable information about website visitors using cookies. We use Google analytics for web analytics service to collect anonymous aggregate data. Information that we collect: location, language, time spent on website and visited pages, how often users return to the website, browser settings and other relevant information needed for proper website functionality.
Personal information via website may be collected only if you use contact forms or chat bot to book consultation. Chat bot is provided by Landbot.io service. Forms are provided by Jotform https://eu.jotform.com.
We always request your prior consent before you submit personal information.
If you do not accept cookies, you can prevent cookies from being saved on your computer by changing the settings of your web browser. You can also delete cookies which have been previously stored. In such cases, please refer to the help section of your internet browser. If you choose not to accept cookies, you can still use our services, but their functionality may be somewhat limited.
The company is active on several social media, including LinkedIn, Facebook, YouTube and Instagram. When you interact with the company on these media, you are making information available to the company and the social media, e.g. when you respond to our postings, comment on or share them, just like we process information that you ‘like’ the company or follow us on the social media. In addition, ordinary information is processed about you in the form of, for example, identification information, contact information, your profile photo, etc. Furthermore, the company will in some cases share, for example, a piece of news in which your identification information (name) is included. In these cases, we always request your prior consent. You can always withdraw your consent by contacting the company via email [email protected]. The purpose of the processing is branding and marketing of the company.
The legal basis for the processing is company’s legitimate interests in marketing as a consultation and services provider on the social media and knowledge sharing in the form of sharing of articles, etc.
All company’s employees are subject to strict confidentiality, including the processing of personal data.
Your personal data will be shared only with employees who are involved in providing consultation or other service for you.
If you find that your rights have been breached, you have the right to turn to the Data Protection Inspectorate (Andmekaitse Inspektsioon) and/or court. The contact details of the Data Protection Inspectorate are available at www.aki.ee.
The company has the right to amend this notice unilaterally. The company will notify of amendment of this policy on its website, by email or in another manner.
If you have any questions or comments about this Privacy Policy, please e-mail us at [email protected]