PRIVACY POLICY |
PRIVAATSUSPOLIITIKA |
1. DEFINITIONS |
1. MÕISTED |
1.1. REACH-U - Reach-U AS, a company registered in the Republic of Estonia with the registry code 10302044.
1.2. Client - Client is any natural of legal person who uses, has used, or has expressed a wish to use the services of REACH-U or is otherwise connected with these. 1.3. Data Controller - REACH-U. 1.4. Data Processor - Data Processor means any natural or legal person who processes personal data on behalf of the Data Controller. 1.5. Data Protection Legislation - all data protection legislation that REACH-U is required to comply with, including the General Data Protection Regulation of the European Union and the national legislation implementing the General Regulation. 1.6. Personal Data - Personal data means any data that REACH-U knows about a person. 1.7. Cookie - https://akit.cyber.ee/term/565-cookie-1 2. GENERAL PRINCIPLES2.1. These principles describe how REACH-U processes personal data. Additional terms and conditions for the processing of personal data may also be described in the contracts and other documents related to the services of REACH-U.
2.2. REACH-U shall ensure the confidentiality of personal data in accordance with Data Protection Legislation and shall take the necessary measures to protect Personal Data against unauthorised access, unlawful processing or disclosure, accidental loss, alteration, or destruction. 2.3. REACH-U uses Data Processors for the processing of Personal Data and ensures that the Data Processors process Personal Data in accordance with the instructions of REACH-U and in compliance with Data Protection Legislation and apply appropriate security measures 3. PROCESSING OF PERSONAL DATA3.1. REACH-U collects Personal Data in the course of customer service, purchasing of services and from external sources, such as public and private registries, and other third parties.
3.2. REACH-U chiefly processes the data of persons who have entered into or have expressed a wish to enter into a contractual relationship with REACH-U. 3.3 REACH-U collects Personal Data from trustees, legal representatives, representatives of undertakings, authorised persons, shareholders, contact persons, members of management board, and beneficial owners. 3.3. REACH-U process the following forms of personal data: 3.3.1. identification and contact details, e.g. Name, personal identification number, date of birth, postal address, telephone number, e-mail address, residency; 3.3.2. data on the tax residency, e.g. data on the country of residence, taxable person, identification number, citizenship; 3.3.3. data relating to services, such as performance or non-performance of contracts, contracts concluded and terminated, applications submitted, inquiries and complaints 4. BASIS AND PURPOSE OF DATA PROCESSING4.1. REACH-U may process personal data on the basis of the consent, the purpose of performance of the contract, the purpose of performance of legal obligations, or a legitimate interest.
4.2. The main purpose for processing personal data is to fulfil and manage the contracts. The purposes for data processing in this regard are, inter alia: 4.2.1. taking the necessary measures before entering into the contract, as well as entering into the contract, performing and terminating the contract that has been entered into; 4.2.2. customer relationship management, ensuring, organising and controlling authorised access to services. 4.3. In addition to the above, REACH-U may process personal data to meet statutory obligations. The purposes for data processing in this regard are, inter alia: 4.3.1. identification and verification of identity and updating and ensuring the correctness of personal data; 4.3.2. detection, investigation, and reporting of money laundering and terrorist financing; 4.3.3. compliance with accounting, tax information exchange and risk management obligations and rules. 4.4. REACH-U processes personal data within the limits of its legitimate interest. Legitimate interest is commercial interest of REACH-U, in the remits of which processing of personal data is necessary, and which is considered to outweigh the right to data protection. The purposes for data processing in this regard are, inter alia:; 4.4.1. protection of the interests of the Client, REACH-U, including the taking of security measures; 4.4.2. prevention, restriction and investigation of the misuse, illegal use, or disruption of services; 4.4.3. ensuring the security of the provision of services, including data related to the services; 4.4.4. improvement, development and maintenance of technical systems and IT infrastructure; 4.4.5. drafting, submitting or defending legal claims and handling complaints. 4.4.6. development, research, and improvement of the customer experience through analysis, statistics, and studies; 4.5. REACH-U may request the Client to consent to the processing of personal data. Consent includes information on this specific processing of data. The Client may always withdraw their consent. 5. TRANSMISSION OF PERSONAL DATA5.1. When processing Personal Data, REACH-U may share personal data with recipients such as public authorities, data processors, and business partners. REACH-U does not disclose Personal Data beyond what is necessary for the purpose of disclosure.
5.2. Recipients of Personal Data may process Personal Data as data processors or data controllers. If the recipient processes Personal Data in their own name as a data controller, the recipient shall be liable for providing information on the processing of such personal data. 5.3. REACH-U shares Personal Data e.g. with the following recipients: 5.3.1. public authorities (e.g. law enforcement agencies, enforcement agents, notaries, tax authorities, supervisory authorities, and the Financial Intelligence Unit); 5.3.2. auditors, legal and financial advisers, or other data processors of REACH-U; 5.3.3. other persons involved in the provision of REACH-U’ services, such as archiving and postal service providers. 6. GEOGRAPHICAL AREA OF DATA PROCESSING6.1. Generally, Personal Data are processed in countries of the European Union or the European Economic Area, but in some cases these are transferred to and processed in countries outside the European Union or the European Economic Area.
6.2. Personal Data may be transferred to and processed in countries outside the European Union or the European Economic Area, provided that there is a legal basis for doing so and one of the following conditions is met: 6.2.1. there is an adequate level of data protection in the country outside the European Union or the European Economic Area where the recipient is located, in accordance with a decision of the European Commission; 6.2.2. the Data Controller or the Data Processor has put in place appropriate safeguards, such as the introduction of standard European Union contract terms and conditions or other terms and conditions, approved codes of conduct or certification mechanisms; 6.2.3. exceptions are in place for specific situations, such as the express consent, the performance of a contract entered into with the Client, or conclusion or performance of a contract entered into in the interests of the Client, use or defence of legal claims, overriding reasons due to public interest. 7. DATA RETENTION7.1. Personal Data are not retained longer than is necessary for the purposes for which the Personal Data were processed or longer than is required by data protection law.
8. RIGHTS OF THE DATA SUBJECT8.1. The data subject has the following rights pursuant to Data Protection Legislation:
8.2. request the correction of their data if these are insufficient, incomplete, or incorrect; 8.2.1. object to the processing of their Personal Data if the use of Personal Data is based on a legitimate interest; 8.2.2. request the erasure of personal data, e.g. if their personal data is processed with their consent and they have withdrawn their consent. This right does not apply if the Personal Data concerned are also processed on other grounds, such as under a contract or for the performance of legal obligations; 8.2.3. restrict the processing of their Personal Data; 8.2.4. receive information on whether REACH-U processes their personal data and, if so, to gain access to the aforementioned data; 8.2.5. receive their data, which they have provided and which are processed under a consent or for the performance of a contract, in writing or in a publicly available electronic format; 8.2.6. withdraw their consent to the processing of their Personal Data. 8.3. The data subject has the right to submit complaints regarding the use of data to the Estonian Data Protection Inspectorate (www.aki.ee), if they find that the processing of their data infringes their rights and interests under data protection law. 9. CONTACT DETAILS9.1. REACH-U may be contacted in connection with inquiries and withdrawal of consent, and the data subject may also demand the exercise of their rights in the processing of Personal Data and file complaints regarding the use of Personal Data.
9.2. REACH-U requests the data subject to contact us by e-mail at [email protected] in case of any issues related to the matters regulated in these Principles. 10. VALIDITY AND AMENDMENT OF THE PRINCIPLES10.1. REACH-U may unilaterally change these Principles as necessary (e.g. if the purposes of data processing change, new types of data are going to be collected).
10.2. The latest (valid) version of the Principles is available on the website www.reach-u.com. These REACH-U Principles for the Processing of Personal Data are valid from 13.05.2022.
|
1.1. Reach-U – Eesti Vabariigis registreeritud äriühing AS Reach-U registrikoodiga 10302044.
1.2. Klient – Klient on iga füüsiline või juriidiline isik, kes kasutab, on kasutanud või on avaldanud soovi kasutada Reach-U teenuseid või on mingil muul viisil nendega seotud. 1.3. Vastutav töötleja – Reach-U. 1.4. Volitatud töötleja – Volitatud töötleja on iga füüsiline või juriidiline isik, kes töötleb isikuandmeid vastutava töötleja nimel. 1.5. Andmekaitse õigusaktid – kõik andmekaitsealased õigusaktid, mida Reach-U on kohustatud jälgima, sh Euroopa Liidu isikuandmete kaitse üldmäärus ja riigisisesed õigusaktid, mis seda määrust rakendavad. 1.6. Isikuandmed – Isikuandmed on igasugune teave, mis Reach-U’l on füüsilise isiku kohta teada. 1.7. Cookie - https://akit.cyber.ee/term/565-cookie-1 2. ÜLDPÕHIMÕTTED2.1. Põhimõtted kirjeldavad, kuidas Reach-U töötleb isikuandmeid. Isikuandmete töötlemise täiendavad tingimused võivad olla kirjeldatud ka lepingutes ja muudes Reach-U teenustega seotud dokumentides.
2.2. Reach-U tagab andmekaitse õigusaktide raames isikuandmete konfidentsiaalsuse ning rakendab vajalikke meetmeid isikuandmete kaitsmiseks loata juurdepääsu, ebaseadusliku töötlemise või avalikustamise, juhusliku kaotsimineku, muudatuste või hävitamise eest. 2.3. Reach-U rakendab isikuandmete töötlemiseks volitatud töötlejaid ja tagab, et volitatud töötlejad töötlevad isikuandmeid Reach-U juhiste kohaselt ja kooskõlas andmekaitse õigusaktidega ning kasutavad nõuetekohaseid turvameetmeid. 3. ISIKUANDMETE TÖÖTLEMINE3.1. Reach-U kogub isikuandmeid klienditeeninduse ja teenuse ostmise käigus ning välistest allikatest, näitaks avalikud ja eraõiguslikud registrid ning muud kolmandad isikud.
3.2. Reach-U töötleb peamiselt selliste isikute andmeid, kes on astunud või avaldanud soovi astuda Reach-U’ga lepingulisse suhtesse. 3.3. Reach-U kogub isikuandmeid usaldusisikutelt, seaduslikelt esindajatelt, ettevõtete esindajatelt, volitatud isikutelt, aktsionäridelt, osanikelt, kontaktisikutelt, juhatuse liikmetelt ja tegelikult kasusaajatelt. 3.3. Reach-U töötleb järgmist liiki isikuandmeid: 3.3.1. Isiku tuvastamise ja kontaktandmed, nt nimi, isikukood, sünniaeg, postiaadress, telefoninumber, e-posti aadress, residentsus; 3.3.2. Andmed maksuresidentsuse kohta, nt andmed elukohariigi, maksukohustuslase, identifitseerimisnumbri, kodakondsuse kohta; 3.3.3. Teenustega seotud andmed, nt lepingute täitmine või täitmata jätmine, sõlmitud ja lõppenud lepingud, esitatud avaldused, päringud ja kaebused. 4. ANDMETE TÖÖTLEMISE ALUS JA EESMÄRK4.1. Reach-U võib isikuandmeid töödelda saadud nõusoleku, lepingu täitmise eesmärgi, seadusjärgse kohustuste täitmise eesmärgi või õigustatud huvi alusel.
4.2. Isikuandmete töötlemise peamine eesmärk on sõlmitud lepingute täitmine ja haldamine. Andmete töötlemise eesmägid on antud juhul muuhulgas: 4.2.1. Enne lepingu sõlmimist vajalike meetmete võtmine, samuti lepingu sõlmimine, sõlmitud lepingu täitmine ja lõpetamine; 4.2.2. Kliendisuhete haldamine, teenustele volitatud ligipääsu tagamine ja korraldamine ning kontrollimine. 4.3. Lisaks eeltoodule võib Reach-U töödelda isikuandmeid seadusest tulenevate kohustuste täitmiseks. Andmete töötlemise eesmärgid on antud juhul muuhulgas: 4.3.1. Isikusamasuse tuvastamine, kontrollimine ning isikuandmete ajakohastamine ja korrektsuse tagamine; 4.3.2. Rahapesu ja terrorismi rahastamise tõkestamise avastamine, uurimine ja vastavatest juhtumitest teatamine; 4.3.3. Raamatupidamise, maksuteabe vahetamise ja riskijuhtimisega seotud kohustuste ja reeglite järgmine. 4.4. Reach-U töötleb isikuandmeid oma õigustatud huvi raamides. Õigustatud huvi on Reach-U ärihuvi, mille raames isikuandmete töötlemine on vajalik ning mis kaalub üles õiguse andmete kaitsele. Andmete töötlemise eesmärgid on antud juhul muuhulgas: 4.4.1. Kliendi ja Reach-U huvide kaitsmine, sealhulgas turvameetmete rakendamine; 4.4.2. Teenuste väärkasutuse, ebaseadusliku kasutamise või häirimise tõkestamine, piiramine ja uurimine; 4.4.3. Teenuste osutamise, sh teenustega seotud andmete turvalisuse tagamine; 4.4.4. Tehniliste süsteemide ja IT-infrastruktuuri täiustamine, arendamine ja hooldamine; 4.4.5. Õigusnõuete koostamine, esitamine või kaitsmine ning kaebuste käsitlemine; 4.4.6. Kliendikogemuse arendamine, uurimine ja parendamine analüüside, statistika ja uuringute koostamise kaudu; 4.5. Reach-U võib küsida kliendi nõusolekut isikuandmete töötlemiseks. Nõusolek sisaldab teavet selle konkreetse töötlemise kohta. Klient saab nõusoleku alati tagasi võtta. 5. ISIKUANDMETE EDASTAMINE
|