Below, you will find all the information regarding Wallenium OÜ’s principles of data processing. Wallenium OÜ aims to be a trustworthy partner and to respect your rights in the processing of personal data.
1. TERMS AND DEFINITIONS
1.1. A data subject is a natural person about whom Wallenium OÜ has information or has information that may be used to identify the natural person. Data subjects are, for example, clients, visitors, business partners or employees who are natural persons or about whom OÜ Wallenium has personal data.
1.2. The privacy terms are this text, which lays down Wallenium OÜ’s principles for the processing of personal data.
1.3. Personal data is any information about an identified or identifiable natural person.
1.4. The processing of personal data is any action performed with the personal data of a data subject. For example, the collection, saving, organisation, storage, alteration or disclosure of, provision of access to, querying or extraction, use, transfer, cross-use, linking, closure, deletion or destruction of personal data, or several of the above actions, regardless of the manner in which the actions are performed or the means used.
1.5 A client is any natural or legal person that uses or has expressed their desire to use the services of Wallenium OÜ.
1.6. A contract is a contract for the provision of a service or other contract concluded between Wallenium OÜ and the client.
1.7. The general terms lay down the general conditions applicable when a contract with Wallenium OÜ is entered into.
1.8. The website is the website of Wallenium OÜ: https://wallenium.ee
1.9. A visitor is a person who uses the website of Wallenium OÜ.
1.10. A child is a person under the age of 13 in the context of the processing of personal data in the Republic of Estonia.
1.11. Services are any services or products provided by Wallenium OÜ.
1.12. Cookies are data files sometimes stored on the device of a visitor to the website.
1.13. The data protection officer of Wallenium OÜ is a person who adheres to the application of the principles for the processing of personal data at Wallenium OÜ and whom a data subject may contact in the event of a complaint.
1.14. Sales channels are means of communication with a data subject used by Wallenium OÜ, a tool created for the sale of goods and the provision of services. They include email, telephone, public and social media, various personalised and interactive advertisements and other similar tools on the website.
1.15. The product portfolio is the various services of Wallenium OÜ, a list of which is available on the website; in the privacy terms, the general terms, and in any communications between the parties, the terms are used within their previously designated meanings.
2. GENERAL PROVISIONS
2.1. Wallenium OÜ is a legal person, registration number 11267344, with offices at Veerenni tn 40a, Kesklinna District, Tallinn 10138, Harju County.
2.2. Personal data may be processed by Wallenium OÜ:
2.2.1. as the controller, determining the purposes and means of processing;
2.2.2. as the authorised processor according to the instructions of the controller;
2.2.3. as the recipient to the extent to which personal data are transferred to it.
2.3. The privacy terms apply to data subjects, and the rights and obligations specified in the privacy terms are adhered to by all the employees and business partners of Wallenium OÜ who come into contact with personal data held by Wallenium OÜ.
2.4. The privacy terms may be supplemented by privacy notices published on the website or on devices, and the privacy terms may also be modified or supplemented with them.
3.1. In the processing of personal data, Wallenium OÜ is always guided by the interests, rights and freedoms of data subjects.
3.2. All actions by Wallenium OÜ in relation to the processing of personal data are guided by the following principles:
3.3.1. Lawfulness. In the event of the processing of personal data, there is a statutory basis for it, for example, consent.
3.3.2. Purposefulness. Personal data is collected for specified purposes and is not subsequently processed in a way that conflicts with these purposes. 3.3.4. Minimisation. Personal data is adequate, relevant and limited to what is necessary in terms of the purpose for the processing of personal data. In the processing of personal data, Wallenium OÜ is guided by the principle of minimum processing, and where personal data is not necessary or is no longer necessary for the purpose for which it was collected, the personal data will be deleted;
3.3.5. Reliability and confidentiality. The processing of personal data is carried out in a manner that ensures the appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by taking reasonable technical or organisational measures. Wallenium OÜ is guided by good practices in the processing of personal data;
3.3.6. Data protection by default and by design. Wallenium OÜ ensures that all the systems used meet the required technical criteria. Suitable data protection measures are planned when each information and data system is updated or designed (eg information systems and business processes have been built based on the assumptions of pseudonymisation and encryption).
3.4. In the processing of personal data, Wallenium OÜ is guided by the objective of being always able to prove compliance with the above principles, and additional information about compliance with these principles may be requested from the data protection officer.
4. CATEGORIES OF PERSONAL DATA
4.1. Wallenium OÜ collects, among other things, the following types of personal data:
4.1.1. Personal data disclosed by a data subject to Wallenium OÜ;
4.1.2. Personal data generated as a result of normal communication between a data subject and Wallenium OÜ;
4.1.3. Personal data made manifestly public by a data subject (eg on social media);
4.1.4. Personal data generated as a result of visiting and using the website (eg time spent on the website);
4.1.5. Personal data received from third parties;
4.1.6. Personal data created or combined by Wallenium OÜ (electronic correspondence conducted as part of a relationship with a client or its order history).
5. PERSONAL DATA CATEGORIES AND PURPOSES AND BASES OF PROCESSING
5.1. Wallenium OÜ processes personal data exclusively on the basis of consent or the law. Statutory bases for the processing of personal data include, among other things, legitimate interest.
5.2. On the basis of consent, Wallenium OÜ processes personal data specifically within the limits, scope and purposes set by the data subject. In the case of consent, Wallenium OÜ is guided by the principle that each consent must be clearly distinguishable from any other questions and in an intelligible and readily accessible form, in clear and simple language. Consent may be provided in writing, electronically or as an oral statement. A data subject provides their consent voluntarily, specifically, knowingly and unequivocally, for example, by marking a box on the website.
5.3 When a contract is entered into and performed, the processing of personal data may be additionally provided for in the specific contract; however, Wallenium OÜ may process personal data for the following purposes:
5.3.1. taking any measures preceding the conclusion of a contract at the request of a data subject;
5.3.2. identifying a client to the extent required by the due diligence obligation;
5.3.3. performing any obligations assumed vis-à-vis a client with regard to the provision of its services;
5.3.4. communicating with a client;
5.3.5. ensuring that a client fulfils its payment obligations;
5.3.6. exercising, enforcing or defending claims.
For the conclusion of an employment contract on the basis of the conclusion of a contract and legitimate interest, the processing of the personal data of a job applicant by Wallenium OÜ includes the following:
5.4.1. processing of any data transferred by a job applicant for the purposes of the conclusion of an employment contract with Wallenium OÜ;
5.4.2. processing of personal data received from a person designated as a referee by a job applicant;
5.4.3. processing of personal data collected from national data repositories or registers or public (social) media.
5.5. Legitimate interest means the interest of Wallenium OÜ in managing and controlling its own company in order to provide the best possible services on the market. On a statutory basis, Wallenium OÜ processes personal data only after a careful evaluation, in order to establish that Wallenium OÜ has a legitimate interest, on the basis of which the processing of personal data is necessary and in accordance with the interests and rights of a data subject (following the performance of the so-called three-stage test). In particular, on the basis of legitimate interest, the processing of personal data may be carried out for the following purposes:
5.5.1. in order to ensure a client relationship of trust, for example, the processing of personal data, which is strictly necessary for the identification of actual beneficiaries or for the prevention of fraud;
5.5.2. Managing and analysing a client base, in order to improve the availability, selection and quality of products and services and provide a client upon its consent with better and more personal offers;
5.5.3. identifiers and personal data collected when the website is being used. Data being collected are used by Wallenium OÜ for web analytics, ensuring operation, improvement, compiling statistics and analysing the behaviour and user experience of a visitor and providing a better and more personal service;
5.5.4. execution of campaigns, including the execution of personalised and targeted campaigns, execution of client and visitor satisfaction surveys and measurement of the effectiveness of marketing activities performed;
5.5.5. analysing the behaviour of a client or visitor on the website;
5.5.7. for network, information and cyber security considerations, for example, measures taken to combat piracy and ensure the security of websites and make and store backup copies thereof;
5.5.8. for organisational purposes. In particular, for financial management and the establishment, exercise or defence of legal claims.
5.6. In order to meet a statutory obligation, Wallenium OÜ processes personal data to meet its statutory obligations or implement uses allowed by law. For example, there are statutory obligations when payments are processed or rules on money laundering are being adhered to.
5.7. In the event that the processing of personal data is carried out for a new purpose other than the one for which the personal data were collected originally or it is not based on consent given by the data subject, Wallenium OÜ carefully evaluates the permissibility of such new processing.
6. DISCLOSURE AND/OR TRANSFER OF CLIENT DATA TO THIRD PARTIES
6.1. Wallenium OÜ collaborates with parties to whom Wallenium OÜ may transfer data related to data subjects, including personal data, within the framework and for the purposes of the collaboration.
6.2. Such third parties may be Wallenium OÜ’s development partners, companies conducting client satisfaction surveys, providers of debt collection services and partners of insolvency registers, persons, institutions and organisations arranging or providing (e)mail services, provided that:
6.2.1. the respective purpose and processing are lawful;
6.2.2. the processing of personal data is carried out in accordance with good practices;
6.2.3. information about such authorised processors has been disclosed to the data subjects;
6.3 Wallenium OÜ transfers personal data outside the European Union only if:
6.3.1. the commission of the European Union has decided that there exists so-called adequate protection in that country;
6.3.2. Wallenium OÜ has adopted sufficient safeguards;
6.3.3. the data subject has explicitly consented to the transfer, after having been informed by Wallenium OÜ of the possible risks of such a transfer due to the absence of an adequacy decision and appropriate safeguards;
6.3.4. the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request;
6.3.5. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
6.3.6. the transfer is necessary for important reasons of public interest;
6.3.7. the transfer is necessary for the establishment, exercise or defence of legal claims;
6.3.8. the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of providing consent;
6.3.9. the transfer is made from a register which according to union or member state law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by union or member state law for consultation are fulfilled in the particular case;
6.3.10. the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by Wallenium OÜ which are not overridden by the interests or rights and freedoms of the data subject, and all the circumstances surrounding the data transfer have been assessed and suitable safeguards have been provided with regard to the protection of personal data. Wallenium OÜ reports the transfer to the data protection inspectorate.
7. SECURITY OF THE PROCESSING OF PERSONAL DATA
7.1. Wallenium OÜ stores personal data only in a secure environment (see item 12: data protection guide).
7.2. In the event of any incident involving personal data, Wallenium OÜ will take all the necessary measures to mitigate the consequences and manage relevant risks in the future. Among other things, Wallenium OÜ records all incidents and notifies the data protection inspectorate and the data subject directly (eg by email) or publicly (eg via the news) in the designated cases.
8. PROCESSING OF PERSONAL DATA OF CHILDREN
8.1. Wallenium OÜ’s services, including information society services, are not aimed at children.
9. EXERCISE OF RIGHTS AND PRESENTATION OF CLAIM NOTICES
9.1 Exercise of rights:
9.1.1. The data subject has the right to contact Wallenium OÜ or the data protection officer of Wallenium OÜ using the contact details set out in item 14 in the event of a question, request or complaint related to the processing of personal data.
9.2. Filing of complaints:
9.2.1. The data subject has the right to file a complaint with Wallenium OÜ and Wallenium OÜ’s data protection officer, the data protection inspectorate or a court if the data subject considers that their rights have been violated in the processing of personal data.
9.2.2. The contact details of the data protection inspectorate (AKI) may be found on the AKI website at: http://www.aki.ee/et/inspektsioon/kontaktid- nouandetelefon.
10. COOKIES AND OTHER WEB TECHNOLOGIES
10.1. Wallenium OÜ may collect data about the visitors of the website and other information society services by using cookies (ie small pieces of information stored by the visitor’s browser on the hard drive of the visitor’s computer or other device) or other similar technologies (eg IP address, device information, location information) and process these data.
10.2. Wallenium OÜ uses data being collected to enable the provision of a service according to the habits of a visitor or a client; ensure the best quality of the service; inform the visitor and the client about content and make recommendations; increase the relevance of advertisements and increase the efficiency of marketing efforts; facilitate login and data protection. The collected data are also used to count visitors and record their user habits.
10.3. Wallenium OÜ uses session, tracking and advertising cookies. A session cookie is automatically deleted after each visit; tracking cookies remain during the repeated use of the website.
10.4. Regarding cookies, visitors consent to their use on the website or in the web browser.
10.5. Most web browsers enable cookies. Unless cookies are fully enabled, the functions of the website will not be available to the visitor. Enabling or disabling cookies and other similar technologies is under the control of the visitor through the settings of their web browser.
11. DATA PROTECTION GUIDE
11.1. Wallenium OÜ uses KeePassX password management, Scoro work management software to protect personal data and only collects minimal personal data.
11.2. Wallenium OÜ uses Google Analytics cookies.
12. CONTACT DETAILS AND INFORMATION
12.1. Contact details relevant for Wallenium OÜ’s data subject:
12.1.1. Wallenium OÜ may be contacted regarding personal data matters at the email address email@example.com or telephone number 5343 3871.
12.1.2. Wallenium OÜ’s data protection officer is a representative of the company who may be contacted by email at firstname.lastname@example.org.
13.1. Wallenium OÜ has the right to unilaterally change these privacy terms. Wallenium OÜ informs data subjects of any change on the Wallenium website, by email or in another manner.