This is Digital Priority OÜ’s register and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Prepared on 10.01.2023.
Last modified on 10.01.2023.
1. Controller
Digital Priority OÜ, Pärnu mnt 139e/2, 11317, Tallinn, Estonia.
E-mail: ee.ytiroirplatigid@ofni
2. Contact person responsible for the register
Vesa Nurminen, ee.ytiroirplatigid@ofni
3. Name of the register
Digital Priority OÜ’s Customer Register, Marketing Register, Stakeholder Register, Web Service User Register and Employee Register.
4. Legal basis and purpose of processing personal data
The purpose of processing personal data is to contact customers, maintain customer relations and marketing. The legal basis for processing personal data is the legitimate interest of Digital Priority OÜ to communicate with customers. Once the customer has entered into a contract with Digital Priority OÜ, the legal basis is that contract. Data of representatives of companies and other organisations may be used for marketing purposes in ways that are generally considered to be in the legitimate interests of the data controllers. Data of individuals may be used for marketing purposes if the customer has given consent. In all cases, data subjects have the right to object to the use of their data for direct marketing by electronic means. The data will not be used for automated decision-making or profiling.
5. Data content of the register
.
The data stored in the register includes: name, position, company/organisation, contact details (telephone number, e-mail address, address), website addresses, IP address of the network connection, social media accounts/profiles, information on ordered services and changes thereto, billing information, other information related to the customer relationship and ordered services.
Personal data are processed for the time necessary for the performance of the customer relationship or the contract concluded. For justified reasons, personal data may be kept longer for archiving purposes (e.g. contracts).
The IP addresses and cookies of visitors to the website are processed for legitimate interests, including for security purposes and for the collection of statistical data on visitors to the website where they can be considered as personal data. The use of cookies is explained in more detail, including at the bottom of the website.
6. Regular data sources
.
The information stored in the register is obtained from the customer through, for example, messages sent via web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customer provides his/her information. Information from representatives of companies and other organisations may also be collected from public sources such as websites. Information may also be obtained from directory services and other businesses.
7. Regular disclosures and transfers of data outside the EU or EEA
.
There is no regular disclosure of data to other parties. Data may be published to the extent agreed with the customer. Data may also be transferred outside the EU or EEA (e.g. cloud services) by the controller who has committed to comply with the requirements of the General Data Protection Regulation in ways that ensure an adequate level of data protection for the processing of personal data.
8. Principles for the protection of the register
.
The processing of the register will be carried out with due care and the data processed by the information systems will be adequately protected. Where the data in the register are stored on Internet servers, the physical and digital security of their hardware shall be adequately ensured. Digital Priority OÜ ensures that stored data, server access rights and other information critical to the security of personal data are treated confidentially and only by employees whose job description includes this.
9. Right of inspection and right to request correction of data
Any person in the register has the right to check the information stored in the register and to request the correction of any inaccurate information or the completion of incomplete information. If a person wishes to check or request the correction of data stored about him or her, the request must be sent in writing to the controller. Digital Priority OÜ may, if necessary, ask the person making the request to prove his or her identity. Digital Priority OÜ will respond to the customer within the time limit set by the EU General Data Protection Regulation (as a rule, within one month).
10. Other rights relating to the processing of personal data
A data subject has the right to request the erasure of personal data concerning him or her from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to object to the use of personal data for direct electronic marketing and the right to restrict the use of personal data in specific situations as defined in the General Data Protection Regulation. Requests should be sent in writing to Digital Priority OÜ. Digital Priority OÜ may, if necessary, ask the applicant to prove his or her identity. Digital Priority OÜ will respond to the customer within the time limit set by the EU General Data Protection Regulation (as a general rule, within one month).