Our principle in collecting and using personal data is to be transparent about the reasons and ways in which they are processed. We operate in accordance with the relevant legislation of the European Union and the laws of the Republic of Estonia.
Personal data are any information about an identified or identifiable natural person. Personal data are also different types of data that in an aggregated form enable to identify a specific person without doubt.
Our policy is to collect only personal information that is necessary for specific, pre-defined purposes, and we ask our customers to share their personal information with us only to the extent strictly necessary for those purposes.
Forms of collecting personal data:
- by providing contact details (including name, personal identification code, postal address, telephone number, e-mail address, preferred method of contact) on our website or elsewhere (e.g. at customer events, meetings, etc.);
- by e-mail (sender’s name, recipient’s name, date and time) and calendar systems (organizer’s name, participant’s name, event date and time) or communication with third parties;
- via business relationship management, contract fulfilment, by using the services of our suppliers and, where necessary, providing services to customers;
- by cookies when using the website;
- when concluding a service contract through contact details.
Use of personal data
We use personal data for following purposes:
- Provision of professional services. We provide a variety of professional services. Some services require the processing of personal information in order to provide advice and service outputs.
- Management, administration and development of our business and services. We process personal data to keep our business running, including for: customer relationship management; business and service development (e.g. identifying customer needs and improving service delivery); management and operation of IT systems; organization or facilitation of events and management and administration of our website, systems and applications.
- Compliance with law, regulation or professional association requirements. Like all other professional service providers, we have legal, regulatory and professional obligations. We have an obligation to retain certain information to prove that our services are provided in accordance with applicable requirements and such information may contain personal information.
Processing of personal data
We mainly process personal data as an authorized processor. We receive data from our customers with whom we have concluded a service agreement or to whom we provide a service on the basis of one-time assignments. We process the data of customers as natural persons and persons who have made an enquiry on our website as a data controller.
Transfer of personal data
We may transfer your personal data to third parties, such as an auditor, a legal aid provider or any other person who provides a service to us. We have made every effort to ensure that the aforementioned third parties guarantee the confidentiality and security of personal data.
Retention of personal data
Your personal data will be kept for as long as is necessary for the performance of the service contract and at least for as long as we are required to do so by the legislation governing our activities. Your personal data to be processed with your consent will be processed and stored until you withdraw your consent.
Protection of personal data
We take the necessary organizational, physical and IT security measures to protect your personal information from any misuse, unauthorized access, disclosure, alteration or destruction. The systems are protected from unauthorized access by firewalls, passwords, other technical tools and organizational means. Access to personal data is granted only if it is necessary for the processing of the data. All processors of personal data are bound by a confidentiality agreement. Access to personal data is based on a role-based user management process in which each employee is granted access only according to the assignment and relevance.
The customer has the right to demand the termination of the processing of the customer’s data, information on the use of the data and the transfer of the data to the customer or a third party in a publicly available format. In order to prevent the misuse of customer data and rights, applications may only be submitted in a form where the applicant’s identity can be identified (digitally signed or personally signed at the office). We have the right to respond to such requests within 30 days.
You are always entitled to contact the Data Protection Inspectorate or a court for protecting your data. The Data Protection Inspectorate is a state agency that can also be contacted for consultation or assistance on issues related to the protection of personal data.