1.1. While using the website iphoster.ee which belongs to IPHOSTER OÜ (hereinafter – Company), upon executing registration on the mentioned above website and upon concluding the contract on the service provision by Company, you (hereinafter – User) confirm that you have read this Personal data processing policy (hereinafter – Policy) and agree for your personal data processing in accordance with Policy.
1.2. Policy sets methods of work with personal data which were collected by the Company while using Website and services provision by Company. User agrees for his personal data processing in accordance with Policy and affirms that. In case when the User does not agree with the Policy partially partly or fully, he or she must stop using the Website and the services of Company. All data collected before above-mentioned refusal will be processed in accordance with Policy until the direct User prohibition is received.
2.1. Company – legal entity, which has following details:
2.1.1. company name: IPHOSTER OÜ;
2.1.2. registration country: Estonia
2.1.3. registration number: 14415348;
2.1.4. address: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10126;
2.1.5. e-mail: [email protected]
2.1.6. website: iphoster.ee
2.2. Personal data – any information relating to an identified or identifiable natural person («data subject»);
2.2.1. an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.3. User – natural or legal entity using the Website or services of Company.
2.4. Service – company’s obligation within the framework of the service provision contract, concluded between User and Company.
2.5. Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. PERSONAL DATA AND ITS PROCESSING METHODS
3.1. Company collects personal data in next cases:
3.1.1. when providing Client with services;
3.1.2. during verification of the Client;
3.1.3. when the User uses the functionality of the Company’s website.
3.2. Company processes inter alia next personal data:
3.2.1. identification data (name, surname, personal code, sex, birth date, etc.);
3.2.2. contact details (phone number, e-mail, address and delivery address);
3.2.3. payment data (payer’s bank account number, payer’s bank name, other details);
3.2.4. IP address and cookies;
3.2.5. other data required to provide User with service.
4. TARGETS AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
4.1. Company processes data in accordance with next targets and legal grounds:
4.1.1. to conclude and perform service provision contract;
4.1.2. to provide services in accordance with concluded contract;
4.1.3. to provide User with information related to providing services;
4.1.4. to grant User access to the Company’s services;
4.1.5. to send and display advertisements to the User that are relevant (in the Company’s opinion);
4.1.6. to send commercial offers from Company;
4.1.7. to participate in the contests and campaigns performed by Company;
4.1.8. for the justified interest of Company, for the purpose of fulfilling a contract, including for establishing violations of the contract or legislation, as well as to confirm such violations. In such case, Company has a legitimate interest in protecting its rights;
4.1.9. to collect statistical or technical non-personalized data about the use of the Company’s website and Company’s services;
4.1.10. in order to comply with legal requirements.
4.2. Company can also process data in certain case of necessity to protect interests of Company and Third Parties only if above-mentioned interests do not outweigh User interests in protecting his/her fundamental rights and freedoms.
4.3. If personal data processing is carrying out in accordance with justified Company interests, User has a right to submit objections to such processes.
5. PERSONAL DATA TRANSFER TO DATA PROCESSOR
5.1. Company has a right to use data processors for data processing without User permission. Company is convinced of Processor’s reliability and responsible to the User for their activities.
5.2. Company uses next data Processors:
5.2.1. data processing centers, domain name registrars;
5.2.2. agents, translators, lawyers and other persons through whom the Company provides services.
5.3. User has a right to receive information about data Processors responsible for his/her personal data processing.
6. PERSONAL DATA TRANSFER TO THE THIRD PARTIES
6.1. Company transfers User's personal data to the third parties only in certain cases like:
6.1.1. this obligation follows from the law;
6.1.2. it is required to execute the agreements between Company and User;
6.1.3. Company has a justified interest;
6.1.4. User gave a permission for data transfer.
6.2. Company transfers User’s personal data to the next persons:
6.2.1. to public authorities on the grounds provided by Law;
6.2.2. to auditors, lawyers and other similar persons if it is required for performance of User’s obligations to Company or third parties.
7. PERSONAL DATA TRANSFER TO THE THIRD COUNTRY
7.1. Company transfers personal data to the third countries (in this case third country means the country not included in EEC) only in cases when it is provided on the grounds of Law. In case when recipient country can’t provide required personal data protection measures, Company provide personal data on the condition that required personal data protection measures will be applied for data in accordance with Estonian and EU legal acts.
8. PERSONAL DATA STORAGE
8.1. Company stores User’s personal data while it is necessary to process data, to protect Company interests or on the grounds provided by legal acts requirements.
8.2. Depending on the type of personal data, the Company store data for the following time:
8.2.1. for accounting documents: 7 years from the end of the fiscal year in accordance with the Law;
8.2.2. within the period set by law if any;
8.2.3. in other cases: 5 years after agreement’s termination (including user agreement) between User and Company;
9.1. Company takes organizing, physical measures and IT solutions to provide User’s personal data security.
9.2. Company is not responsible for the User personal data protection measures violations if such violations caused by actions performed by User or third persons.
10. RIGHTS AND OBLIGATIONS OF THE USER
10.1. In accordance with relevant legal acts (primarily - GDPR) User has a right to perform next rights for personal data processing:
10.1.1. request an access to his/her own personal data;
10.1.2. request changes in his/her own personal data;
10.1.3. request removal of his/her own personal data;
10.1.4. submit objections to his/her own personal data processing on any grounds.
10.2. To perform his/her rights User must contact Company using contact details specified in c. 2.1 of the Policy.
10.3. Company has a right to request additional information for User’s identification.
10.4. Company replies on User’s requests and requirements in the 1 month period and notifies about measures took to perform provided requests and requirements. If User’s request or requirement is too complicated or has a large volume Company has a right to prolong the period for reply up to 2 months. If Company did not take any measures to perform User’s request or requirement User is notified about this and he still has a right to ask Data Protection Inspectorate or court to protect his/her rights.
10.5. If the requests or requirements of the User are obviously not justified or excessive, primarily due to their repetitive nature, the Company has the right to:
10.5.1. require a reasonable fee for performing requests or requirements;
10.5.2. refuse performing requests or requirements.
10.6. User has a right to request personal data removal only if one of the following reasons is present:
10.6.1. personal data is not useful anymore for the purpose for which it was collected or was processed using another method;
10.6.2. User revokes his/her agreement for personal data processing and there are no other legal grounds for User’s personal data processing;
10.6.3. User submit objection to personal data processing and this objection has adequate basis to stop personal data processing;
10.6.4. User’s personal data was processed illegally;
10.6.5. personal data must be removed to perform Company obligations on the grounds provided by Law;
10.6.6. in case when personal data of person under the age of 13 the agreement for which processing was obtained previously.
10.7. In case when User require removal of his/her personal data he/she must describe on which condition, specified in clause 10.6. of the Policy he/she requires personal data removal. Company is not obligated to remove personal data if there are no grounds for it or if personal data is required for the following reasons:
10.7.1. exercise of freedom of speech and information;
10.7.2. performing obligations on the grounds provided by Law;
10.7.3. personal data is required for Company rights protection;
10.7.4. Company has other following from the Law grounds for personal data processing.
10.8. In case when personal data is processing by User’s agreement he/she always has a right to revoke his agreement. If User revokes his/her agreement for personal data processing all the data processing performed before revoke considers to be legitimate and lawful.
10.9. User must notify Company about changes in his/her contact details to keep them up to date.
10.10. In case of User’s rights violation User has a right to ask Personal Data Protection Inspectorate or court to protect his/her rights.
11. POLICY CHANGING
11.1. Policy can be changed to comply with changes in Law, personal data processing or under instructions of supervisory authorities. In this case Company updates Policy provided on the website and notifies User with whom Company concluded valid at the moment of changes service provision contract.