I.1. Eesti Maavara OÜ (hereinafter, the “Company”) values and place great store on the personal data protection. Taking into account the obligation to protect personal confidentiality and rights in the personal data processing, the Company has drawn up these data protection terms (the “Confidentiality Policy”) for transparent and clear processing of personal data.
I.2. The Confidentiality Policy sets out, inter alia, the principles based on which the Company processes personal data and the rights of persons during the personal data processing.
I.3. The Confidentiality Policy applies to all individuals (the “Client”) who use the Company’s services and the website, enter into any contract with the Company, conduct preliminary negotiations with the Company or send inquiries to the Company.
I.4. The Confidentiality Policy is based on the general regulation on the protection of personal data approved by the European Parliament (Regulation of the European Parliament and of the Council No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter the “GDPR”) and the effective law of the Republic of Estonia on personal data protection (the “IKS”).
I.5. The Confidentiality Policy is a part of all contracts of the Company. By visiting the website, using the services of the Company, entering into any contracts with the Company, conducting preliminary negotiations with the Company or sending inquiries to the Company, you agree with the terms of the Confidentiality Policy.
II. Personal data and its processing
II.1. Personal data includes any information about an natural person either identified or being under identification, which the Company processes in the framework of the actions specified in Item 2.3 of the Confidentiality Policy.
II.2. If necessary, for the purposes specified in Item 2.4 of the Confidentiality Policy the Company processes, inter alia, the following personal data:
- II.2.2. data on statements, accounts and payment information related to the contract;
- II.2.3. other data that the Company may deem or deems necessary to process in the framework of the actions specified in Item 2.3 of the Confidentiality Policy.
II.3. The Company processes personal data of the Client, inter alia, in the following cases:
- II.3.1. to confirm the identity of the Client or his representative;
- II.3.2. to fulfill the necessary obligations and carry out actions related to the provision of services to the Client or the conclusion of contracts, as well as to advise on the offered services and contracts;
- II.3.3. to conduct preliminary negotiations or transfer information prior to the conclusion of a contract;
- II.3.4. to exchange information related to the provision of services, conclusion of contracts and economic activities, to document commercial activities (including the transfer of information to fulfill the obligations imposed on the Company by legal acts);
- II.3.5. to improve and promote the customer service level;
- II.3.6. to draw up and issue invoices;
- II.3.7. to establish, present and protect the legal requirements of the Company, including for personal data transfer to the legal affairs or attorney’s office and collection firms;
- II.3.8. to communicate with the Client and respond to the Client’s requests;
- II.3.9. in other cases upon the justified interest of the Company, which outweighs the interests or fundamental rights and freedoms of the Client.
II.4. The Company processes personal data primarily for the purpose, which involves providing the Client with the best service, implementing the concluded contract, responding to the Client’s requests and maintaining communication with the Client.
II.5. The Company processes personal data only to the extent that is minimally necessary to achieve the purposes of processing this data.
II.6. The Company processes personal data only as long as it is necessary or until a legal obligation is fulfilled.
II.7. The grounds for data processing are, inter alia, the consent of the Client, the contract or the law.
III. Personal data protection
III.1. The Company values the privacy of the Client and the protection of his personal data.
III.2. The Company considers all personal data of the Client as confidential information.
III.3. The Company guarantees the security of personal data processing in accordance with the applicable legal acts, including the GDPR and the law on personal data protection. Personal data protection in the course of the daily economic activity of the Company is also regulated by the internal security rules of the Company.
III.4. Taking into account the latest achievements in science and technology and the cost of their application, as well as taking into account the type, volume, context and purposes of personal data processing, the Company, in order to ensure the proper level of security, applies technical and organizational measures corresponding to the level of potential threat.
III.5. Access to personal data processing is permitted only for responsible and authorized employee(s), unless the Company has legal obligations other than those mentioned.
IV. Rights of the Client
IV.1. Kliendil on seaduses sätestatud juhtudel mh õigus:
- IV.1.1. to receive information from the Company on the volume of the Client’s data processing and their use;
- IV.1.2. to demand correction and deletion of personal data;
- IV.1.3. to limit the personal data processing;
IV.1.4. to object to the personal data processing;
IV.1.5. to file a complaint with the data protection supervision authority or to apply to the court.
IV.2. In addition to the rights mentioned in Item 4.1. of the Confidentiality Policy, the Client has the right to withdraw his consent to the Client’s personal data processing at any time and for any reason. Withdrawal of consent does not affect the legality of data processing previously performed during the validity of the consent. In case of withdrawal of consent, the Company still has the right to process the Client’s personal data, which is necessary to present legal requirements to the Client or, if the processing of the Client’s personal data is necessary to fulfill the legal obligations of the Company.
IV.3. In order to exercise the rights specified in Items 4.1 and 4.2 of the Confidentiality Policy, the Client must provide an appropriate application in a written form to the Company’s e-mail address at email@example.com.
V.1. If necessary, the Company has the right to amend, supplement or clarify the Confidentiality Policy by notifying about such actions at least 1 month before the changes become effective through the Company’s website at www.eestimaavara.ee.
V.2. In case of any questions regarding the Confidentiality Policy, data processing and rights of the Client, the Company asks to send a request to the e-mail address firstname.lastname@example.org or to call 56993923.
V.3. This Confidentiality Policy becomes effective on May 25, 2018.