Eugesta Eesti AS privaatsuspoliitika
EUGESTA EESTI AS websites’ and service environments’ responsible processing party is:
EUGESTA EESTI AS
Taevavärava tee 4a, Lehmja küla
Rae vald, Harjumaa 75306
Personal data protection
Personal data is data that EUGESTA EESTI AS gathers and processes to provide service orderd, to identify parties, to conduct contact to serve or to solve uprising issues that prevent providing service. In general EUGESTA EESTI AS serves only companies, therefore in most cases GDPR does not apply at all.
EUGESTA EESTI AS does not process sensitive personal data as defined in General Data Protection Regulation alias GDPR or EU Regulation 2016/679).
EUGESTA EESTI AS obliges to defend clients’ and users’ personal data and privacy. EUGESTA EESTI AS operations in internet are following rules set by European Union legal acts and Estonia, including General Data Protection Regulation alias GDPR or EU Regulation 2016/679). EUGESTA EESTI AS implements all possible pre-caution methods (including administrative, technical and physical methods) to defend processes personal data. Access to process and change the data is given to authorized personnel only.
All personal data collected during visiting EUGESTA EESTI AS websites, service or purchase environments are dealt as confidential data. Encrypted link with payment channels ensure purchasing parties’ and bank details security.
All given principles do not apply to juridical parties or to other companies/institutions representatives’ data processing, nor apply to personal data processing gathered by 3rd parties’ websites where to EUGESTA EESTI AS my have links to. (external websites)
Person’s data representing an enterprise/company (ordering party) is not protected in a way that is declared in GDPR Regulation 2016/679.
1. What data is been collected and processed?
Impersonal technical data is being collected while users visits web sites.
Service environments collect personal data in addition to identify users.
Technical data contains user computer’s, network name, IP address, browser and OS version, visiting date and time. IP-addresses are not related to visiting parties unless it is required to identify user as an additional security measure.
Data about visiting is collected to provide better service in websites and service environments.
Personal data in service environments (including webshop) is collected to fill contracts and to store preferences (including, shopping basket content, opinions, preferences, behavior, etc) in order to provide expected service and to enhance customer experience in service used and direct marketing.
Data collected from physical parties (private entrepreneurs) are ID codes, VAT no and email address, mobile phone, name, location, city, country, email address for communication and billing.
Data collected from juridical parties (companies, institutions) are reg no, VAT no and email address, mobile phone, name, location, city, country, email address for communication and billing, representative persons’ names, email addresses and mobile phone numbers.
While paying using creditcards, Maksekeskus AS provides limited data of a processing information such as success and last 4 digits from card being used. EUGESTA EESTI AS bank is LHV Pank AS.
Any data (but public) uploaded into EUGESTA EESTI AS service environments is handled as confidential as written in contract which service user agrees while she/he starts using EUGESTA EESTI AS services. All services can be used after agreeing with EUGESTA EESTI AS service contract.
All personnel operation with personal data are trained to follow GDPR or EU Regulation 2016/679 and to use proper precaution in their work with EUGESTA EESTI AS clients data.
Consent to processing personal data related- and required for providing EUGESTA EESTI AS services is given when ordering the service by person authorizing/signing the electronic contract. Consent is considered given at the time of ordering EUGESTA EESTI AS services and agreeing our standard contract.
2. How long is data been stored?
Impersonal data collected from websites and service environments is been stored indefinitely.
Personal data related to inquiries and/or orders of any kind are stored up to 7 years from last interaction due to obligations regulated in accounting law. Interaction is defined also as reacting to direct marketing by viewing or clicking.
3. To whom is data been forwarded to?
Personal data processed by EUGESTA EESTI AS is to be forwarded to third parties only if there is legal obligation or court order like request.
Personal data collected by EUGESTA EESTI AS while processing orders is handled as confidential. The right to process data, publish or forward belongs only to owner of data (the client).
If EUGESTA EESTI AS provides technical help fulfilling the order from EUGESTA EESTI AS client, then it does not change the nature ow data ownership or responsibility.
4. What rights are granted to person who’s data is been processed?
The right to view, to edit data, to end processing data.
By default personal data is not being published, unless there is prior consent (collected during conference, training participation).
All personas are able to view their data in our self-service environments.
There is usually option to review and edit data, that can be updated immediately.
If data cannot be changed, reachable, published in web or in self-service environments, the party should send a request via email to do so, and identifying her/him as well. Data should be updated within 7 working days.
If person wishes to decline receiving any of marketing materials, then proper unsubscribe link is always provided with personalized marketing content. Effective immediately.
If there is no more legal base to process, publish or to give access to personal data, then the person is entitled to request stopping the usage, processing and/or access to the data. The party should send a request via email to do so, and identifying her/him as well.
Request will be defined if:
- it may violate other persons’ rights and/or freedom,
- it may prevent providing or not providing the service,
- it may prevent legal authorities’ work,
- it is not technically necessary and/or possible.
- person’s request is not related to data legally,
- requesting person can not be identified properly.
- Email address cannot be deleted from system raw database, because then it deletes OPT-OUT request.
- All contact data cannot be deleted from CRM if there is a standing request “forget contact”.