DATA PROTECTION TERMS AND CONDITIONS

AS KONESKO

 

This personal data processing document describes Konesko’s personal data processing principles. The purpose of the Privacy Policy is to provide clear and transparent information on how Konesko may process your personal data when you use our services, come into contact with us or visit www.konesko.ee.

If you have entered into an agreement with Konesko, the terms of the concluded agreement may specify the conditions and legal bases for the processing of personal data. In accordance with changes in legislation or practice, Konesko has the right to amend the data protection terms and conditions and they will be published immediately on our website.

If you have any further questions about how we process your personal data or if you wish to make requests to us to exercise your rights concerning the processing of your personal data, please contact us using the contact details provided in the “Contact Us” section below.


1.         TERMS AND DEFINITIONS

 

“Data Subject”

The natural person whose personal data is processed by Konesko.

 

“GDPR”

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

“Personal Data”

Personal information relating to an identified or identifiable natural person (data subject); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 

‘’Applicable law’’

All applicable legislation of the European Union and all applicable legislation of the Republic of Estonia, including, but not limited to, the national implementing legislation of the GDPR that is in force during the validity of these terms and conditions or will be in force after the establishment of the terms and conditions.

 

“Konesko”

AS Konesko, registry code 10047497, address Aiandi Rd. 21 Viimsi rural municipality, Harju County, 74001.

 

‘’ Website’’

 

Konesko’s website at www.konesko.ee

 

‘’Data protection terms and conditions’’

This personal data processing document.

 

‘’Data controller’’

A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For these terms and conditions, Konesko is the controller of personal data.

 

“Authorised Processor”

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

 

 

 

 

2.         WHEN AND FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

 

 

2.1.      Konesko, as a controller, processes personal data for the purposes set out in this Data Protection Policy. Konesko shall process personal data following applicable laws, including the Personal Data Protection Act and other legislation concerning the processing of personal data.

 

2.2.      When processing personal data, Konesko adheres to the principles of personal data protection, including the principle of minimalism, according to which we process only those data that are necessary for the provision of the service and the fulfilment of the purposes.

 

2.3.      Data processing for the performance of the contract. Konesko processes personal data primarily for the provision of services to its customers and for the performance of contractual obligations towards its customers. If Konesko’s customer is a data subject, the legal basis for the processing of personal data is Article 6 (1) (b) GDPR (processing of personal data is necessary for the performance of a contract concluded with the participation of the data subject or for taking measures prior to the conclusion of the contract, as requested by the data subject). If the customer or cooperation partner is a legal person, we process the data necessary to determine the right of representation.

 

2.4.      Data processing for the performance of a legal obligation. Konesko also processes personal data when it is necessary to comply with its legal obligations. For example, if a court requires personal data from Konesko based on a valid court order or court judgment, or if a law enforcement authority requires personal data based on a valid regulation. Furthermore, if Konesko is obliged to store personal data, for example, under the Accounting Act or other applicable legislation. In the case of such processing on a legal basis, Art. 6 (1) (c) GDPR (processing of personal data is necessary for compliance with a legal obligation of the controller).

 

2.5.      Data processing based on legitimate interest. Konesko may also process personal data if it is necessary for Konesko’s legitimate interest. The legal basis for the processing of personal data in this case is Article 6 (1) (f) of the GDPR. Based on a legitimate interest, Konesko processes personal data only if such processing is not overridden by the interests or fundamental rights and freedoms of the data subject, for which the personal data must be protected. Only data obtained from the data subject or generated in the course of the performance of the contract shall be processed based on legitimate interest.

 

Konesko may have a legitimate interest in the processing of personal data if it is necessary for the establishment, exercise, or defence of legal claims. For example, such a need may arise in a situation where the data subject has breached the contract. Konesko may also have a legitimate interest in using security cameras in its territory for processing, more specifically in the chapter “Using security cameras”. The storage of data processed, based on a legitimate interest, is based on a statutory time limit, which is generally 3 years after the provision of the service. For more information on retention periods, see the chapter “Overview of personal data processed”.

 

2.6.      Konesko may also process personal data in connection with employment relationships or when you apply for a job at Konesko. Konesko has adopted separate personal data processing terms and conditions that apply to employment relationships and that have been disclosed to you when you work at Konesko or apply for a job at Konesko. See also the data protection conditions for employees, which can be found on Konesko’s electronic bulletin board, information boards and lounges.

 

 

3.         OVERVIEW OF PERSONAL DATA BEING PROCESSED

Depending on the specific situation, Konesko may process the following personal data about you:

Purpose

Personal data to be processed

Source of personal data

Legal basis

Retention period

Fulfilment of contracts and negotiation necessary for the conclusion of contracts

Contact details: name,

email address, phone number

 

The data subject itself, a legal entity that is a customer of Konesko or Konesko’s cooperation partner’s ID code

Article 6 (1) (b) of the GDPR, after the termination of the contract Article 6 (1) (f) of the GDPR

Up to 3 years after the termination of the contract (§ 146 (1) of the GPCCA)

Accounting records

Documents needed to comply with a legal obligation

A legal or natural person who is a customer of Konesko

GDPR Article 6 (1) (c)

7 years according to the Accounting Act (subsection 12 (4) of the AA)

Responding to inquiries, questions, or complaints

Depending on the specific query

Data Subject

GDPR Article 6 (1) (f)

Up to 3 years from request resolution

Ensuring security

Read the chapter on using security cameras

Data collected through cookies

Read the chapter on the use of cookies

 

 

 

4.         TRANSFER OF PERSONAL DATA AND USE OF PROCESSORS

 

4.1.      Konesko does not transfer personal data to third parties unless it is legally entitled to do so under applicable law. Konesko does not transfer personal data outside the European Economic Community.

 

4.2.      Konesko may use authorised processors for the processing of personal data. Authorised processors appointed by Konesko that may process personal data in limited cases are, for example, IT service providers (server service providers, IT software developers) or other support service providers.

 

4.3.      As processors, Konesko only uses collaborative partners whose reliability is assured by Konesko and who have undertaken to process personal data following the applicable law.

5.         USE OF COOKIES

 

5.1.      Konesko’s website uses cookies. Cookies are small text files that contain information stored on your computer and are used for tracking or identification purposes.

 

5.2.      The Website uses third-party cookies. We have added videos to the website that will be presented through the YouTube platform. You can review YouTube’s privacy policy and terms and conditions on the website of the cookie manager: https://www.google.com/policies/technologies/cookies/.

 

5.3.      Specifically, we use the following cookies:

  

Cookie

Description

Validity

Type

YSC

A cookie installed on YouTube tracks the number of views of embedded videos

Visit session

Third-party cookie

VISITOR_INFO1_LIVE

A cookie installed by YouTube stores user preferences when playing videos

6 months

Third-party cookie

 

5.4.      You have the right to disable cookies at any time by changing your web browser settings. In this case, please note that not all functions of the web browser may work correctly. Cookies can be disabled by following the instructions in the “help” function of your web browser. You can also find more information on how cookies work or how to disable cookies at www.allaboutcookies.org.

 

 

6.         USING SECURITY CAMERAS

 

6.1.      Under the current law, Konesko has the right to use surveillance equipment for the protection of persons and property. For this purpose, Konesko uses security cameras on its territory, in connection with which we also process personal data.

 

6.2.      The use of security cameras is necessary, in particular, to ensure security on Konesko’s territory, to prevent and handle security incidents, and to ensure the safety of Konesko’s property and people, including employees.

 

6.3.      The legal basis for the use of security cameras is Konesko’s legitimate interest under Article 6 (1) (f) of the GDPR.

 

6.4.      The monitoring/surveillance equipment consists of cameras installed on the territory, which record the territory around the clock (24/7).

6.5.      Security cameras have never been installed in areas where Konesko employees, Konesko customers or other persons who may be caught in the field of view of the security camera may expect complete privacy. For example, cameras are never in changing rooms, toilets, etc.

 

6.6.      When using security cameras, a sign for using the camera is always placed in the surveillance area of the security camera, i.e., a sign with the image of the camera and/or the word “VIDEO SURVEILLANCE”.

 

6.7.   As a rule, Konesko does not transfer camera recordings to third parties, unless Konesko is entitled or obliged to do so under applicable law. For example, Konesko may transfer recordings to the authorities under applicable law, if it is necessary for authorised persons under applicable law such as the Police and Border Guard Board, to investigate offences committed or other incidents.

 

6.8.      Konesko will keep the security camera recordings for 60 days after the recording has been made, unless proceedings have been initiated during this time to investigate an offence or other incident committed during the same period, in connection with which it is necessary to keep the specific recording for a longer period. A retention period of 60 days is necessary to detect or investigate possible incidents or violations during this period. Thus, potential damages related to the offence at Konesko will, as a rule, be discovered up to 60 days after the infringement has occurred. In order for Konesko to be able to take legal action against the offender in case of infringement and to protect its rights, we must keep camera recordings for up to 60 days after the recording has been made.

 

6.9.      All Konesko employees, Konesko customers or other third parties who have been on Konesko’s premises and whose image has been recorded by Konesko have the right to examine the recording containing his image. Konesko cannot release a camera recording to an employee or a third party if the recording has been deleted by the time the request for access to the recording is received. In addition, please note that to protect the rights and interests of others who remain on the recording, we need to change their image so that they cannot be identified (blurring the image), which is why we cannot provide access immediately.

 

 

 

 

7.         RIGHTS OF THE DATA SUBJECT

 

7.1.      Konesko guarantees all the rights of the data subject arising from the applicable law.

 

7.2.      Each data subject has, inter alia, the following rights:

 

7.2.1.   right of access: the right to ask at any time whether or not Konesko has personal data about them and to receive information about what personal data Konesko processes about them.

7.2.2.   right to rectification of personal data: the right to request Konesko to clarify or rectify your personal data if they are inadequate, incomplete, or incorrect.

7.2.3.   right to object: the right to object to Konesko’s processing of its personal data, for example, when the use of personal data is based on Konesko’s legitimate interest.

7.2.4.   right to request the erasure of personal data: the right to request the erasure of personal data, for example where personal data are processed with the consent of the data subject and the data subject has withdrawn his or her consent.

7.2.5.   right to restrict processing: the right to require Konesko to restrict the processing of personal data based on applicable law, for example, if Konesko no longer needs the personal data for processing or if the data subject has objected to the processing of personal data.

7.2.6.   right to withdraw the consent given for the processing of personal data: if the processing of personal data is based on the consent given by the data subject, the data subject has the right to withdraw the consent given to Konesko at any time.

7.2.7.   right to data portability: the right to obtain from Konesko personal data that the data subject has provided to Konesko and that is processed based on the data subject’s consent or for the performance of a contract concluded with the data subject in writing or a commonly used electronic format and, if technically possible, to require Konesko to transfer these data to another controller.

7.2.8.   right to lodge a complaint: If the data subject considers that his or her rights have been violated in the processing of his or her personal data, he or she always has the right to address a claim or complaint to the Data Protection Inspectorate – Tatari 39, 10134 Tallinn, info@aki.ee, www.aki.ee.

 

7.3.      The rights of the data subject listed in this chapter concerning the processing of their personal data are not full rights. In certain cases, the rights of other data subjects or Konesko’s legal obligations may limit the rights of the data subject.

 

7.4.      To exercise the rights associated with the processing of personal data or to submit requests related to the processing of personal data, please contact the contact details provided in the “Contact” section below.

 

8.         PERSONAL DATA SECURITY

 

8.1.      Konesko undertakes to ensure the security of the processing of personal data in order to protect personal data against unintended or unauthorized processing, disclosure, or destruction.

 

8.2.      Considering the latest developments in science and technology and the costs of implementation, as well as the nature, scope, context, and purposes of the processing of personal data, as well as the risks of varying likelihood and magnitude for the rights and freedoms of data subjects arising from the processing, Konesko shall implement appropriate technical and organisational measures to ensure the security of personal data when processing personal data.

 

9.         CONTACT

 

9.1.      For questions related to the processing of personal data or submitting requests related to the processing of personal data, please contact Konesko at the following contact details:

 

The contact details of Konesko are:

PLC KONESKO

Aiandi Rd. 21, Viimsi municipality, Harju County 74001

info@konesko.ee