This policy describes the processing of personal data (hereinafter the“data”) by the company as a data controller. This means that the company individually or along with others determines the purposes and means of processing of personal data.
Registry code: 14999935
What categories of personal data the company processes?
The personal data we process include, but is not limited to the following:
Main data: this includes e.g. name and surname, personal identification number, date of birth, citizenship, residency, profession, your photo or video records which you have provided to us for your identification.
Sources of collection of data: we get the data from you, also we get certain Main data from public registries and databases (e.g. Commercial Register). It cannot be out ruled that your data has been provided to us by a third person in connection with the provision of services by us.
Contact details: this includes e.g. a phone number, an email address and a home address.
Sources of collection of data: we collect this data from you when you e.g. enter your contact details (e.g. email address) when filling out a contact form, also we get certain personal data (e.g. email address) from public registries and databases (e.g. Commercial Register). It cannot be out ruled that your data has been provided to us by a third person in connection with the provision of services by us.
Document data: number of an identity document (e.g. a Passport of an ID-card), date of issuance, expiry date and other information related to this, also a photo of your identity document which you have provided to us for your identification.
Sources of collection of data: we get the data from you when you provide us with your identity document, or the data is provided to us by a third person in connection with the provision of services by us.
Service data: this includes data which reflect your activities in connection with the services provided by us to you, including the data regarding the content of requested or ordered services, the information regarding the agreements entered into by you and the data regarding a potential breach of the agreement. Also, information concerning client communication related to the provision of services (e.g. correspondence related to the provision of services).
Sources of collection of data: we get the data from you, as well as via ordering and using the services provided by the company.
Transaction data: the details of transactions made from your payment account, including payer’s name, date of payment, currency, amount of payment and payment details.
Sources of collection of data: we get the data from you, from the third persons in connection with the provision of services or from the financial institution providing the services to our company.
Special categories of personal data: these are the data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Sources of collection of data: the purpose of our company is not to collect the special categories of personal data, but such data can be disclosed to us accidentally, e.g. if such data is disclosed during the client relationship.
Website visit data: this includes the data which is generated as a result of visiting and using the website (e.g. the data regarding how you use the website, btowser, location). Please see the explanation in section “Cookies and other web technologies” below.
Sources of collection of data: we get the data when you visit and use the website.
The purpose and the legal grounds for of processing of personal data
The company relies on the following four grounds upon processing of your personal data:
Processing necessary for the fulfilment of the contract The company processes the personal data on this legal ground if it is necessary for the fulfilment of the contract or for taking measures prior to concluding of such contract based on your request.
Processing necessary for compliance with a legal obligation
The company processes personal data on this legal ground if the legal obligation for processing arises from the law.
The legitimate interest means that the company does not have to process your data necessarily for the fulfilment of contract and the company does not have the obligation arising from the law, but processing of personal data is still necessary. This may be necessary, e.g. for development of services and products provided by the company by improving them for you and to protect the property, clients and employees of the company, as well as for making business decisions. You have the right to ask clarifications form the company regarding the processing based on the legitimate interest by sending the request to firstname.lastname@example.org. You also have the right to send the objection, if you find that processing of your data for the purposes provided below prejudice your rights. The overview below regarding processing of data based on the legitimate interest is not exhaustive. The company may process your personal data for other purposes upon reasonable necessity and to the extent provided by the law.
In some cases, we need your consent for data processing. Based on your consent we can send you our newsletters, as well as the invitations to the training and other events organized by the company. You always have the right to withdraw the consent by sending us respective email at email@example.com Withdrawal of the consent does not affect the legality of the processing of your personal data prior to withdrawal.
Disclosure and transfer of personal data
Your personal data are disclosed only in connection with provided services, and only when the company is legally obliged to do so, or when you have given your consent. You can always withdraw your consent by contacting us via the above contact information. Data may be disclosed to the following parties:
• The partners to the case
• Public authorities (such as Data protection inspectorate)
• Supervisory bodies
The company does not transfer your personal data outside Estonia, European Union or European Economic Area, nor to such third country or international organization, the level of data protection of which the European Commission has not considered adequate. If it is still necessary (e.g. for provision of services), such transfer of personal data will take place only upon appropriate legal basis and the company will take appropriate protective measures.
In certain cases, the company also uses data processors located outside the EU/EEA. Below is indicated in what situation transfer takes place, the data processors in question, and the basis of transfer.
You have the right to get additional information about the transfer of your personal data by sending us the request by email at firstname.lastname@example.org
Retention of personal data
In connection with provided services, the company generally stores your information for five years from the end of the year in which the case was closed, unless otherwise required according to legislation or in case of original documents. If no case for providing service has been created and we have registered information about you only in connection with creating a possible relationship, we will store your information for up to twelve months after ending the correspondence.
Your rights regarding the personal data
As a data subject, you have certain rights according to the GDPR when your personal data are being processed. Below is a specification of your rights when the company processes personal data about you.
Right of access to your data: you have the right to know, whether personal data concerning you are being processed or not, what is the purpose of processing and what are the categories of personal data. Besides, to whom the data is disclosed, for how long the data is retained and what are your rights concerning rectification, erasure and restriction of the processing.
Right of rectification: you have the right to demand rectification of the personal data concerning you if the data are inaccurate or incomplete.
Right of erasure: in some cases, you have the right to demand erasure of the personal data concerning you, for example in case when you withdraw your consent and there are no other legal grounds for the processing of the data. Right to restrict the processing: some cases, you have the right to restrict processing of the personal data concerning you for a certain time (e.g. if you have objected the processing of personal data).
Right to object: you have the right to object the processing of personal data which is processed based on the legitimate interest, including the profiling. Upon objection, the company will no longer process the personal data unless the company demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Right to data portability: if processing of your personal data is based on your consent or the contract with the company, then you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to claim the company to transmit those data to another service provider if it is technically possible.
If you want to exercise the above-mentioned rights, please send us an email at email@example.com
Cookies and other web technologies
A cookie is a small text file which is created by the websites you visit and may contain information about webpage visitors such as language, country, time spent on the website. Information from cookies are used to improve the user experience.
We do not collect any personal or identifiable information about website visitors using cookies. We use Google analytics for web analytics service to collect anonymous aggregate data. Information that we collect: location, language, time spent on website and visited pages, how often users return to the website, browser settings and other relevant information needed for proper website functionality.
Personal information via website may be collected only if you use chat bot to book consultation. Chat bot is provided by Landbot.io service.
We always request your prior consent before you submit personal information.
If you do not accept cookies, you can prevent cookies from being saved on your computer by changing the settings of your web browser. You can also delete cookies which have been previously stored. In such cases, please refer to the help section of your internet browser. If you choose not to accept cookies, you can still use our services, but their functionality may be somewhat limited.
The company is active on several social media, including LinkedIn, Facebook, and Instagram. When you interact with the company on these media, you are making information available to the company and the social media, e.g. when you respond to our postings, comment on or share them, just like we process information that you ‘like’ the company or follow us on the social media. In addition, ordinary information is processed about you in the form of, for example, identification information, contact information, your profile photo, etc. Furthermore, the company will in some cases share, for example, a piece of news in which your identification information (name) is included. In these cases, we always request your prior consent. You can always withdraw your consent by contacting the company via email firstname.lastname@example.org. The purpose of the processing is branding and marketing of the company. The legal basis for the processing is company’s legitimate interests in marketing as a consultation and services provider on the social media and knowledge sharing in the form of sharing of articles, etc.
All company’s employees are subject to strict confidentiality, including the processing of personal data. Your personal data will be shared only with employees who are involved in providing consultation or other service for you.
Amendment of this policy
The company has the right to amend this notice unilaterally. The company will notify of amendment of this policy on its website, by email or in another manner.