1.1. The Data Protection Terms and Conditions (the “Data Protection Terms and Conditions”) set out the principles on the basis of which Finestmedia AS (the “Company”) protects personal data in connection with the provision of services and the purposes for which the Company processes personal data.
1.3. The Data Protection Terms and Conditions are based on the EU General Data Protection Regulation (Regulation No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, “GDPR”) and specifies the principles for its implementation by the Company.
2.1. Person means a Customer, Associated Person or Visitor, where Customer means a person or his/her representative who uses the Company’s service; Associated Person means a person whose data is processed by the Company for the performance of a contract; Visitor means a person who visits the Company’s website.
2.2. Data means Personal Data of a Person that becomes known to the Company in connection with the Customer’s use of or inquiries about the Company’s services.
2.3. Website means the Company’s website.
2.4. Services means the services provided by the Company.
2.5. Contract means a contract entered into with the Customer for the provision of a Service.
2.6. All of the terms mentioned in the singular also apply to the plural.
3. THE PURPOSES FOR WHICH THE COMPANY PROCESSES PERSONAL DATA
3.1. The Company processes personal data in order to provide the best Services to Customers, to perform the contract for the provision of the Services and to respond to requests for information about the Services. When collecting customer data, the Company will limit itself to the minimum necessary for the purposes for which it is processed.
3.2. The company collects personal data:
3.2.1. When ordering and using the Company’s services and entering into a Contract;
3.2.2. When registering as a user on the company website;
3.2.3. When sending a request for information to or through a company.
3.3. The processing of data is necessary for the Company to be able to provide Services to the Customer and to respond to requests for information.
3.4. Processing of data is based on the consent of the Data Subject, a Contract or the law.
4. WHAT THE COMPANY USES PERSONAL DATA FOR
4.1. The Company may use the Customer’s Data and the Data of a person associated with the Customer for the performance of a contract under the law without the consent of the person in the following cases:
4.1.1. Identification of the customer or his/her representative for the purposes of concluding the contract.
4.1.2. to carry out activities necessary for the provision of the Services to the Customer and to provide advice in relation to the Services;
4.1.3. To create and maintain logs, troubleshooting, maintenance and development of the Company’s website and electronic solution, to store and maintain data related to the Contract (including through cloud services);
4.1.4. To improve the Services and the Customer’s and Visitor’s user experience, to provide information related to the use of the Services and to perform other activities necessary to provide the Services;
4.1.5. To prepare and issue invoices;
4.1.6. To exchange information related to the provision of services and business, to document business activities (e.g. the provision of information to the Company to comply with its legal obligations, etc.) and to assess and prevent business risks and losses;
4.1.7. To send information about the Services to the Customer by e-mail;
4.1.8. To improve and develop the quality of customer service, measure usage activity and customer satisfaction;
4.1.9. To protect the infringed or contested rights of the company and to recover debts, including the transfer of data to legal or law firms and debt collection agencies;
4.1.10. To enable and control Customer and User access to Digital Channels to improve the user experience of Digital Services and to adapt views to the device, as well as to prevent unauthorised access and misuse of Digital Channels, ensuring information security, to enhance technical systems, information technology architecture and to develop Services through testing and improvement;
4.1.11. Otherwise to perform, assist in entering into and performing the Contract, to provide the Services or to defend your rights.
4.2. The Customer is not able to refuse the processing of the Data for the purposes of clauses 4.1.1 – 4.1.11 to the extent that this would make it impossible to provide the Service to him.
5. WHAT PERSONAL DATA THE COMPANY PROCESSES ABOUT ITS CUSTOMERS
5.1. For the purposes set out in Sections 4.1.1 – 4.1.11, the Company processes the following Data:
5.1.1. Customer’s name, e-mail address, postal address, telephone number, bank account number, billing and payment details, electronic solution username and password;
5.1.2. Name, e-mail and/or postal address of the person associated with the customer;
5.1.3. Data about the Customer’s use of the Company’s Services: data about the start and period of use of the Services, data about the Customer’s orders, data about statements of intent, billing and payment information related to the Agreement, data about registration, username and password on the Company’s electronic channels, data about choices, performances and logs made on the electronic channels, data collected through cookies and other Data about the use of the Company’s Services.
5.1.4. Other Data that the Company may process to the extent and in the composition reasonably necessary for the performance of the Contract.
6. HOW THE COMPANY PROTECTS PERSONAL DATA
6.1. We attach great importance to the privacy and protection of an Individual’s Data, and we will use our best efforts to keep Data secure and protected.
6.2. We protect personal data with security and confidentiality rules, under which measures are put in place to mitigate the risks of data leakage and loss and to prevent risks.
6.3. We ensure the security of data processing in accordance with legislation (e.g. the General Data Protection Regulation “GDPR”) and good business practices.
6.4. Data protection in day-to-day operations is governed by the Company’s internal security rules, under which employees are responsible for implementing data protection measures. Access to Personal Data is restricted to employees who have the need and the right to process the Data to the extent necessary for the performance of their duties.
6.5. The protection of data by the Company’s processors is governed by a cooperation agreement with the processor, which requires processors to comply with and be responsible for compliance with the Data Protection requirements.
7. HOW THE COMPANY USES DATA FOR MARKETING
7.1. The Company has the right to use Customer Data under the Agreement for marketing and statistical analysis of the Services and the service environment (e.g. typical behaviour and usage patterns), combining data from external sources with internal data in order to identify a person’s usage needs and preferences.
7.2. The Company has the right to provide and forward to Clients and other persons, on the basis of the Agreement or with their consent, electronic and other offers prepared by the Company or a partner of the Company, with the purpose of ensuring that the information on the services provided by the aforementioned persons reaches the addressee better and faster.
7.3. An individual may opt-in, opt-out or withdraw consent to receive marketing offers from the Company electronically, other personalised marketing offers, as well as marketing offers based on profiling, by notifying the Company using the contact details on the website. Offers based on profiling can be based on the services a person uses, how they use them and how they navigate digital channels.
7.4. Offers may be made to the Customer on the basis of the Agreement, consent and the legitimate interest of the Company, unless the Person has opted out of marketing offers. By entering into the Agreement, the Customer consents to the sending of the offers referred to in clause 7.3. The consent shall remain valid until it is withdrawn or until the expiry of the Contract.
7.5. An individual may contact the Company at any time using the contact details provided on the website to indicate their wish not to receive personalised offers and to withdraw their consent.
8. WHEN THE COMPANY SHARES DATA
8.1. The Company shares Data in the following cases:
8.1.1. At the request of public authorities (e.g. law enforcement authorities) in cases provided for by law;
8.1.2. companies involved in the provision of the Service, where this is necessary for the performance of the Contract;
8.1.3. Legal and financial advisors, collection agencies and other processors, where necessary for the provision of the Service, the performance of the Company’s obligations and the protection of rights.
9. TRANSFER OF DATA TO A PROCESSOR
9.1. The Company processes the Data of Clients and persons associated with Clients as a data controller by establishing a Data Processing Policy.
9.2. The Company will transfer the Data to authorised processors within the same group of companies where this is necessary for the performance of the Contract. Authorised processors are the Company’s partners whose services are brokered by the Company, companies that provide web management services to the Company.
9.3. The Company grants the right to process the Data to processors on the basis of a contract, whereby the processor is obliged to ensure and be responsible for the processing of the Data in accordance with the legislation, ensuring compliance with data protection requirements in accordance with the legislation of the European Union (General Data Protection Regulation “GDPR”) and Estonian legislation and to be responsible for the security of the Data.
10. FOR HOW LONG THE COMPANY KEEPS THE DATA
10.1. The Company will not process Data for longer than necessary. The Company will retain the Data until the purpose for which it is used has been fulfilled, usually until the expiry of the Contract, and thereafter on the basis of its legitimate interest and for the performance of its obligations under the law (e.g. accounting obligations, private law grounds, etc.).
11. WHAT RIGHTS TO PERSONAL DATA THE COMPANY GUARANTEES
11.1. The Customer and the person associated with the Customer have the right under the law to:
11.1.1. To obtain information from the Company about the scope and use of its Data Processing;
11.1.2. Require the Company to cease using the Data, and to correct and delete the Data;
11.1.3. Consent or withdraw consent to the use of the data for direct marketing or other marketing purposes;
11.1.4. Contact the Data Protection Supervisor to protect your data or take your case to court;
11.1.5. Claim compensation for the reasoned and proven damage caused to him/her as a result of the use of the data in breach of the law;
11.1.6. Insist that decisions based solely on automated processing should not be taken against them.
12. COMPANY CONTACTS
12.1. The company’s contact for notifications, enquiries and letters of intent is firstname.lastname@example.org.
14.1. The Company reserves the right to change the Data Protection Terms by giving at least one (1) month’s notice through www.finestmedia.ee.
Data protection terms and conditions in force from 24.05.2018