This document states the data processing principles of the private limited company FINNLOG OÜ, prepared in accordance with regulation (EU) 2016/679 of the European Parliament and of the Council. We wish to process your personal data reliably and respect your lawful rights.
1.1. Data subject is a natural person, on whom Finnlog OÜ possesses information by which the physical person can be identified. Data subjects could be clients who are natural persons, visitors, cooperation partners, or employees, on whom Finnlog OÜ possesses personal data.
1.3. Personal data is any data about an identified or unidentified natural person.
1.4. Processing personal data is any operation performed with the personal data of the Data Subject. For instance, collecting, filing, arranging, maintaining, modifying or disclosing, allowing access, carrying out inquiries or making excerpts, using, transferring, cross-checking, combining, blocking, erasing or destructing personal data, or a number of the aforementioned activities irrespective of the ways or means of performing these operations.
1.5. Client is any natural or legal person who is using or has expressed a wish to use the services of Finnlog OÜ.
1.6. Contract is any agreement to provide services or any other agreement made between Finnlog OÜ and the Client.
1.7. General Terms and Conditions state the general conditions that apply when entering into a contract with Finnlog OÜ.
1.8. Website is any website of Finnlog OÜ: www.finnlog.ee; www.finnlog.lv; www.finnlog.no; www.finnlog.ru; www.finnlog.eu; www.finnloghaus.de; www.finnlog.cz; www.finnlog.cn; www.finnlog.fi.
1.9. Visitor is a person visiting any Finnlog OÜ website.
1.10. Child, in the context of processing personal data in the Republic of Estonia, is a person under 13 years of age.
1.11. Services are any services or products of Finnlog OÜ.
1.12. Cookies are data files that are sometimes saved in the device of the visitor of the website.
2. GENERAL PROVISIONS
2.1. Finnlog OÜ is a legal person with the registry code 12229647 and a location at Keemia 4, 10616 Tallinn. Finnlog OÜ is part of the parent company Finnlog Group OÜ.
2.2. Finnlog OÜ can process the personal data:
2.2.1. as a data controller who determines the purposes and means of processing;
2.2.2. as a data processor under the instructions of a data controller;
2.2.3. as a receiver in the extent to which the data is transferred.
2.2.4. The list of data processors of Finnlog OÜ is available for access (see section 12: Important Documents, Instructions, Procedures).
3.1. When processing personal data, Finnlog OÜ will always follow the interests, rights, and freedoms of data subjects.
3.2. Finnlog OÜ has set a purpose of processing personal data reliably, following the best practices, and always being prepared to demonstrate that the processing of personal data complies with the set purposes.
3.3. All processes, instructions, activities, and operations of Finnlog OÜ for processing personal data will follow these principles:
3.3.1. Lawfulness. Having a lawful basis, such as consent, for processing personal data;
3.3.2. Justice. The processing of personal data follows justice, above all by making sure that data subjects receive adequate information about how their personal data is being processed, for instance through the register of processing operations (see section 12: Important Documents, Instructions, Procedures).
3.3.3. Transparency. The processing of personal data is transparent to data subjects, among other things through the register of processing operations, offering a simple explanation about why, how, and when the personal data are being processed (see section 12: Important Documents, Instructions, Procedures).
3.3.4. Purposefulness. Personal data are collected following accurately and clearly set and lawful purposes, and will not be later processed in a way that contradicts these purposes. Data subjects have the right to always have access to the register of processing operations to see the purpose for which the data is processed (see section 12: Important Documents, Instructions, Procedures).
3.3.5. Minimisation. Personal data are relevant, important, and restricted by what is necessary for processing personal data. Finnlog OÜ follows the principle of minimal processing, and when the personal data are no longer necessary or are no longer necessary for the purpose for which it was collected, the personal data will be erased;
3.3.6. Correctness. Personal data are correct and brought up to date when necessary and all reasonable measures are applied so that all data that are incorrect by the processing purposes will be immediately erased or corrected;
3.3.7. Restriction of maintaining. Personal data are maintained in a way that allows identifying the data subjects only until it is necessary for the purpose for which the personal data are processed. The data that Finnlog OÜ has received from a client or any other such relation is maintained according to best practices, and the data processed under consent will be maintained until the consent is withdrawn. The maintenance periods for various purposes are stated in the register of processing operations (see section 12: Important Documents, Instructions, Procedures);
3.3.8. Liability and confidentiality. Personal data are processed in a way that ensures appropriate security, including protection from unauthorised or unlawful processing, accidental loss, destruction, or harm, using reasonable technical or organisational measures;
3.3.9. Integrated data protection by default. Finnlog OÜ ensures that all used systems are in accordance with the required technical criteria. Appropriate data protection measures are planned for every renewing or designing of information and data systems.
4. NECESSARY ELEMENTS OF PERSONAL DATA
4.1. A detailed list of the personal data being processed by Finnlog OÜ is available in the Finnlog OÜ register of processing operations (see section 12: Important Documents, Instructions, Procedures).
4.2. Among other things, Finnlog OÜ collects the following types of personal data:
4.2.1. Personal data made available to Finnlog OÜ by data subjects;
4.2.2. Personal data received during regular communication between data subjects and Finnlog OÜ;
4.2.3. Personal data created when consuming the services;
4.2.4. Personal data created when visiting and using the website (e.g. time spent on the website);
4.2.5. Personal data created and combined by Finnlog OÜ (electronic correspondence held within customer relations, etc.).
5. NECESSARY ELEMENTS OF PERSONAL DATA AND THE PURPOSES AND BASIS FOR PROCESSING
5.1. Detailed information and list of the ways, purposes, and means by which Finnlog OÜ processes personal data is available in the Finnlog OÜ register of processing operations (see section 12: Important Documents, Instructions, Procedures).
5.2. Finnlog OÜ processes personal data solely based on consent or in accordance with the law. The lawful basis for processing personal data is, among other things, legitimate interest or a contract between the data subject and Finnlog OÜ.
5.3. Based on consent, Finnlog OÜ processes personal data according to the exact restrictions, extent, and purposes set by data subjects. Finnlog OÜ follows a principle that every consent must be distinct from all other matters, and given in an understandable and easily accessible form, using clear and simple language. The consent may be given in written or electronical form, or as an oral declaration. Data subjects give consent voluntarily, concretely, knowingly, and unequivocally, for instance by marking a box on the website.
5.4. When concluding and performing a contract, the processing of personal data may be additionally stated in a specific contract, but Finnlog OÜ may process personal data for the following purposes:
5.4.1. To apply measures before concluding the contract at the data subject's request;
5.4.2. Identifying a client to the extent stated by the duty of diligence;
5.4.3. To fulfil obligations to the client by providing services;
5.4.4. To communicate with clients;
5.4.5. To ensure that clients meet their payment obligation;
5.4.6. To submit, realise, and protect claims.
5.5. To conclude an employment contract based on the conclusion and legitimate interest, Finnlog OÜ processes personal data in regard to the following:
5.5.1. Processing personal data submitted to Finnlog OÜ by an applicant for the purpose of concluding an employment agreement;
5.5.2. Processing personal data submitted by the person the applicant marked down as a recommender;
5.5.3. Processing personal data collected from national databases and registers and public (social) media. If the applicant is not chosen, Finnlog OÜ will maintain the personal data that was collected to conclude a contract for two years to make a job offer for the applicant, should a suitable position open. After two years have passed from the submission of the job application, the personal data on the applicant will be erased.
5.6. Legitimate interest means the interest of Finnlog OÜ in managing the company to provide the best possible services on the market. On a lawful basis, Finnlog OÜ will process personal data only after careful evaluation to verify that Finnlog OÜ has a legitimate interest for processing personal data, and that it is in accordance with the interest and rights of data subjects (after the conclusion of the so-called three-step test). Above all, processing personal data based on legitimate interest can be done for the following purposes:
5.6.1. To ensure reliable customer relations, for instance personal data processing that is strictly necessary for identifying actual beneficiaries or avoiding fraud;
5.6.2. To manage and analyse the customer base to improve the availability, selection, and quality of services and products and to make the best personalised offers based on the consent of the client;
5.6.3. Identifiers and personal data collected when using websites, mobile applications, and other services. Finnlog OÜ uses the collected data for a web analysis or a mobile and information society analysis, for ensuring and improving work, making statistics, analysing visitor behaviour and customer experience, and providing better and more personal services;
5.6.4. To organise campaigns, including personalised and targeted campaigns, customer and visitor satisfaction research, and measuring the efficiency of marketing;
5.6.5. To analyse customer and visitor behaviour on different websites;
5.6.6. For organisational purposes. Above all for financial management and transferring personal data within the Finnlog Group for corporate purposes, including processing the personal data of clients or employees;
5.6.7. To prepare, submit, or defend legal claims.
5.7. Finnlog OÜ processes personal data to perform legal obligations or apply lawful means of use. Legal obligations are applied, for instance, when filing taxes or following money laundering rules.
5.8. If personal data is processed for a purpose other than what they were collected for, or the processing is not based on the consent of the client, Finnlog OÜ will thoroughly evaluate the eligibility of such new processing. New purposes for processing are always publicly stated in the register for processing operations (see section 12: Important Documents, Instructions, Procedures). To make sure that processing for the new purpose is in accordance with the purpose for which personal data was collected, Finnlog will consider, among other things:
5.8.1. Connections between the purposes for which personal data was collected, and the purposes for the planned processing;
5.8.2. The context of collecting personal data, above all the connection between the data subject and Finnlog OÜ;
5.8.3. The type of personal data, above all if processing is done on various types of personal data or if the personal data are connected to a criminal conviction for offence or to an offence;
5.8.4. The possible consequences for data subjects following the planned processing;
5.8.5. The availability of appropriate protection methods.
6. DISCLOSING CUSTOMER DATA AND/OR TRANSFERING TO THIRD PARTIES
6.1. Finnlog OÜ cooperates with persons to whom Finnlog OÜ might transfer data related to data subjects within and for the purpose of that cooperation.
6.2. Such third persons could be persons of the same group as Finnlog OÜ (Finnlog Group OÜ), sales, advertising, or marketing partners, companies conducting customer satisfaction research, debt collectors, credit registers, IT partners, persons mediating or providing (electronic) postal services, companies, and organisations under the following conditions:
6.2.1. The respective purpose and processing are legal;
6.2.2. Personal data are processed under directions by Finnlog OÜ, and under a valid contract;
6.2.3. Data about such authorised employees is available to data subjects (see section 12: Important Documents, Instructions, Procedures).
6.3. Finnlog OÜ will transfer personal data outside the European Union only if:
6.3.1. The European Commission has stated that a respective country can provide adequate protection;
6.3.2. Finnlog OÜ has implemented adequate defence measures;
6.3.3. A data subject has given their clear consent after Finnlog OÜ has informed them of the potential threats that might derive from the lack of adequate defence decisions and relevant defence methods;
6.3.4. The transmission is necessary to perform a contract between a data subject and a data controller, or to apply pre-contractual measures by a request of the data subject;
6.3.5. The transmission is necessary to conclude of perform a contract between a data processor and another natural or legal person in the interests of a data subject;
6.3.6. The transmission is necessary to prepare, submit, or defend legal claims;
6.3.7. The transmitting is necessary for protecting important interests of data subjects or other persons, should a data subject be physically or legally incapable of giving their consent.
7. SAFETY OF PERSONAL DATA PROCESSING
7.1. Finnlog OÜ maintains personal data in the strictly necessary minimal amount. Information about the maintenance period of personal data is available on the register of processing operations of Finnlog OÜ (see section 12: Important Documents, Instructions, Procedures). The data that has exceeded the maintaining period will be destroyed using the best practices in accordance with the regulations of Finnlog OÜ.
7.2. Finnlog OÜ has established instructions and procedure rules on how to ensure the safety of personal data by using organisational and technical measures (see section 12: Important Documents, Instructions, Procedures). Detailed information about the safety measures of Finnlog OÜ is available at Finnlog OÜ.
7.3. In the case of any incident related to personal data, Finnlog OÜ will implement all necessary measures to ease the consequences and manage the relevant risks in the future.
8. PROCESSING THE PERSONAL DATA OF A CHILD
8.1. The services of Finnlog OÜ, including services of the information society, are not meant for children.
8.2. Finnlog OÜ knowingly does not collect information about persons under 13 years of age, i.e. children, and if choosing to do so knowingly, we base our operations on the wishes of a parent or a guardian (including consent on sending magazines to the child's name).
8.3. If Finnlog OÜ should find out that the collected personal data belongs to or is about a child, Finnlog OÜ will do their best to stop processing such personal data.
9. THE RIGHTS OF A DATA SUBJECT
9.1. Rights related to consent:
9.1.1. Data subjects have the right at any time to inform Finnlog OÜ of withdrawing their consent on processing personal data;
9.2. With processing personal data, data subjects have the following rights:
9.2.1. The right to information, i.e. the right of a data subject to receive information about personal data that has been collected on them. Among other things, such data is available at the register of processing operations of Finnlog OÜ (see section 12: Important Documents, Instructions, Procedures), where additional information about implementing the right for information is also available;
9.2.2. The right to access data, including the right of data subjects to receive copies of the processed personal data (see section 12: Important Documents, Instructions, Procedures);
9.2.3. The right to correct inaccurate personal data (see section 12: Important Documents, Instructions, Procedures);
9.2.4. The right to erase files, i.e. in certain cases, a data subject has the right to demand that their personal data be erased, for instance if processing is done only with consent;
9.2.5. The right to demand restriction on processing personal data. This right is implemented in certain cases, including when processing personal data is against the law, or if a data subject should protest the accuracy of personal data. The data subject has the right to demand a restriction on processing personal data for a time that enables a data controller to confirm the accuracy of personal data, or in case the processing of personal data is illegal, but the data subject has not applied for erasing of personal data;
9.2.6. The right to transfer personal data, i.e. the right of data subjects in certain cases to collect their personal data in a machine-readable form, or to transfer them to another data controller.
9.2.7. The right related to automatic processing, meaning among other things that in certain situations, a data subject has the right to protest the personal data processing that is based on automatic decisions. In the interest of clarity – Finnlog OÜ has the right to process personal data to make automatic decisions that advance our business (including segmenting visitors in a marketing context, addressing their personalised messages, in the context of work relations, and for ensuring that employees follow internal security regulations). You have the right to avoid any decisions based on automatic processing of personal data, if it can be classified as profiling;
9.2.8. The right to receive evaluations from supervisory authorities on the lawfulness of processing personal data;
9.2.9. The right for compensation if processing personal data has caused harm on the data subject.
10. IMPLEMENTING RIGHTS AND FILING COMPLAINTS
10.1. Implementing rights:
10.1.1. Data Subjects have the right to address Finnlog OÜ for any questions, applications, or complaints regarding the processing of personal data, using contact information stated in section 15.
10.2. Filing complaints:
10.2.1. Data Subjects have the right to file a complaint to Finnlog OÜ, the Data Protection Inspectorate, or the court, should the data subject find that their rights were violated;
10.2.2. The contact information of the Estonian Data Protection Inspectorate is available at their website: http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.1. Finnlog OÜ can collect data on visitors of our websites and other information society services by using cookies (small pieces of information saved by the visitor's browser on the hard drive of the computer or other device of the visitor) or other similar technologies (e.g. IPaddresses, device information, location data) and process such data.
11.2. Finnlog OÜ uses the data they collected to provide services based on the habits of a visitor or a client; to guarantee the best quality for our services; to inform visitors or clients of content, and to make recommendations; to make advertising more relevant and improve marketing efforts.
11.4. Visitors agree on the usage of cookies on the website.
11.5. Most browsers allow cookies. Without allowing cookies to the full extent, the functions of the website are not available to the visitor. The visitor can control the allowing of cookies or other similar technologies through the settings of their own web browsers, the settings of information society services, and by enhancing such privacies.
11.6. Strictly necessary cookies are always related to using the website. If a user declines, there is no way of knowing how the website continues to function. By erasing or blocking cookies, you might lose access to some functions and subsites of the Finnlog OÜ website. Changing the settings of cookies influences all websites that you visit. It is important that if you use a link for declining of a third person to block the cookies, they might not be erased from your browser, but just blocked for future use. If you are determined to erase the cookies, it must be done form your own browser.
12. IMPORTANT DOCUMENTS, INSTRUCTIONS, PROCEDURES
12.1.1. Register of processing operations that states all purposes and ways of processing personal data, the types and categories of personal data being processed, and respective bases for the processing;
12.1.2. Principles of Finnlog OÜ for implementing organisational and technical measures, which state various measures that Finnlog OÜ applies to always keep personal data confidential and secure;
12.1.3. All About Cookies: descriptions of cookies and other web technologies that Finnlog OÜ uses;
12.1.4. Your Online Choices; About Ads; Network Advertising: a platform for inspecting and monitoring cookies and other web technologies, where data subjects can modify and inspect the way personal data are being used and collected.
13. CONTACT INFORMATION
13.1. Important contact information for data subjects of Finnlog OÜ:
13.1.1. If you have any questions about personal data, contact Finnlog OÜ at firstname.lastname@example.org or by phone at +372 622 5845.
14. OTHER CONDITIONS
Publication: 20 May 2018
In force for existing visitors and clients: 20 May 2018
In force for new visitors and clients: 20 May 2018