Personal data is data that tartuvalgus.ee collects in order to provide a service, identify a person, contact a person to provide a service or resolve issues.
tartuvalgus.ee does not process sensitive personal data as defined in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (General Data Protection Regulation or GDPR or EU Regulation 2016/679).
tartuvalgus.ee undertakes to protect the personal data of customers and users and their privacy. The activities of tartuvalgus.ee on the Internet are in accordance with all relevant activities and the relevant legislation of the European Union and the laws of the Republic of Estonia, including REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. tartuvalgus.ee applies all precautionary measures (incl. administrative, technical and physical measures) to protect the collected personal data. Only authorized persons have access to change and process the data.
All personal data that has become known during visits to tartuvalgus.ee websites and purchases made in service environments is treated as confidential information. An encrypted data communication channel with banks ensures the security of the purchaser's personal data and bank details.
These principles do not apply to the processing of data of legal entities and other companies / institutions, nor does it cover the processing of personal data on the websites / service environments to which our websites / service environments refer (external links).
The person representing the company (as the contracting authority) is not a natural person, it is an authorized representative of a legal person whose processing of personal data is not regulated by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.
1. What data is collected?
When visiting websites, non-personalized technical data about the visitor is collected. In service environments, personal data is also collected for the provision of services and the identification of persons. The technical data is limited to the Internet address (IP address) of the computer or computer network used, the software version of the computer's web browser and operating system, the time of the visit (time, date, year). IP addresses are not associated with personally identifiable information, except in service environments where it is an additional security measure.
Data is collected on website visits and stays in order to improve websites and service environments and make them more convenient for visitors.
In service environments (incl. Epoes), personal data is collected for the performance of contracts and data on topics of interest to individuals (incl. Shopping cart content, preferences, attitudes, behaviors, etc.) to improve the delivery of expected information and thereby improve customer experience in services and direct marketing.
In the case of natural persons, the data to be collected are, if necessary, the personal identification code to identify uniqueness, the name, e-mail address, mobile phone, city and country of location for communication.
To process the data of legal entities, we collect the registration number, VAT number, name, country, address, e-mail addresses for contacting and sending an invoice, the names of the contact persons representing the company and their e-mail addresses and contact telephone numbers.
When paying for services through a credit card or bank link service, only Paypal has access to bank card information and bank details, which only issues information about the success of the payment and the last 4 digits of the card to tartuvalgus.ee. For other banking services, our partner is Swedbank AS.
The personal data processed by tartuvalgus.ee customers uploaded to the tartuvalgus.ee environment within the service is protected by the confidentiality requirement, which applies when the customer signs the service agreement. tartuvalgus.ee services can be used only after agreeing to the contract. Acceptance of the agreement is checked by software, in its absence, acceptance is requested.
All tartuvalgus.ee service providers in contact with personal data are trained to comply with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL and to use security measures in their work concerning the service of tartuvalgus.ee customers.
Consent to the collection of personal data related to and related to the service is given when ordering the service by the person of the subscriber at the time of ordering the service. By ordering the service, the consent is given with the corresponding time stamp.
2. How long is the data collected stored?
Non-personalized technical data collected by websites and service environments will be stored indefinitely.
Personal data related to personalized inquiries and / or transactions are stored for up to 7 years after the last interaction with the service provider due to the obligation to certify transactions in the Accounting Act.
Interaction is considered, among other things, responding to direct marketing by viewing or clicking on a link.
3. To whom can the data collected be passed on?
Personal data processed by tartuvalgus.ee may be transferred without the consent of the person only to an agency or person who has a direct right arising from law (for example, a court or pre-trial proceeding) and a justified need.
The personal data processed by the customers within the tartuvalgus.ee service are treated as confidential and the right to process, issue or transmit these data belongs only to the responsibility of the data owner (customer).
tartuvalgus.ee provides technical assistance in data processing at the request of the customer, but this does not change the ownership and responsibility relationship of the data.
4. What rights does the person have to the data collected?
The right to inspect, correct and terminate the processing of your data
By default, personal data will not be published unless confirmed (participation in trainings / seminars / conferences). All persons have the right to access their personal data in service environments.
If improvement is possible, depending on the service and service environment, it can be done immediately.
If personal information is not editable, accessible, disclosed on a website or in service environments, we should be provided with a personally identifiable request to obtain or correct the information.
If possible, the data will be issued or corrected within 7 working days.
If you wish to opt out of direct marketing offers for all or some of the topics, you can do so immediately via the link in the footer of each marketing email you send. The change will take effect immediately.
If there is (no longer) a legal basis for processing, disclosing or providing access to personal data, termination or deletion of the use of the data, disclosure of the data or termination of access to the data may be required. To that end, an application should be made in a way that enables identification.
The application shall not be granted if:
- it may prejudice the rights and freedoms of another person,
- it may hinder the provision or non-provision of the service,
- it may hamper the work of law enforcement agencies,
- it is not technically necessary and / or possible.
- the identity of the applicant is not legally bound by the data.
- the identity of the applicant cannot be identified.
You can't delete an email address if you no longer want to receive direct marketing offers. In order to fulfill the requirement, you only need to have an e-mail address to compare with - so that no letter is sent.
- It is not possible to delete all data from the CRM unless more contact is recommended. In order to meet the requirement, there must still be enough data to compare - so that no contact is made.