Don't be a stranger. Say HI!

Full name(Required)
This field is for validation purposes and should be left unchanged.

Privacy policy

Publication on: 08.06.2020

Here you will find all the information about HÄK OÜ’s data processing policy. HÄK OÜ’s aim is to be a trustworthy partner in the processing of your personal data and to respect your rights.

1. DEFINITIONS

1.1 A data subject is a natural person about whom HÄK OÜ has information or information that makes it possible to identify the natural person. Data Subjects are, for example, natural persons such as Clients, Visitors, cooperation partners and employees about whom HÄK OÜ has Personal Data.

1.2 The Privacy Policy is the text that sets out HÄK OÜ’s Privacy Policy.

1.3 Personal Data means any information relating to an identified or identifiable natural person.

1.4 Processing of Personal Data is any operation performed on the Personal Data of the Data Subject. For example, the collection, storage, organization, retention, modification and disclosure, access, consultation and retrieval, use, transmission, cross-use, interconnection, blocking, erasure or destruction of Personal Data, or any combination of the foregoing, regardless of the means or means used to perform the operations.

1.5 The Customer is any natural or legal person who uses or has expressed a wish to use the Services of HÄK OÜ.

1.6 Contract means a contract for the provision of a Service or other agreement between HÄK OÜ and the Customer.

1.7 The General Terms and Conditions set out the general terms and conditions that apply when entering into a Contract with HÄK OÜ.

1.8 The Website is the website of HÄK OÜ: https://hak.ee.

1.9 Visitor is a person who uses the website of HÄK OÜ.

1.10. In the context of the Processing of Personal Data, a child is a person under 13 years of age in the Republic of Estonia.

1.11. Services means any services and products offered by HÄK OÜ.

1.12. Cookies are data files that are sometimes stored on the Website Visitor’s device.

1.13. The Data Protection Officer of HÄK OÜ is the person who observes the application of the Principles of Processing of Personal Data in HÄK OÜ and whom the Data Subject may contact in the event of a complaint.

1.14. Sales Channels are the means used by HÄK OÜ to communicate with the Data Subject, to sell goods and to provide services. Including e-mail, telephone, public and social media, various personalized and interactive advertisements and other similar tools on the website.

1.15. The Product Portfolio is the various Services of HÄK OÜ, the list of which is available on the Website, the Privacy Policy, the General Terms and Conditions and in the communication between the parties the terms shall have the meanings indicated above.

2. OVERVIEWS

2.1. HÄK OÜ is a legal entity with registration code 12799408, with its registered office at Mustamäe tee 5, Tallinn, 10616.

2.2 Personal data may be processed by HÄK OÜ:

2.2.1. as a data controller by determining the purposes and means of the processing;

2.2.2. as a processor under the instructions of the controller;

2.2.3. as recipient, to the extent to which the Personal Data is transferred.

2.3 The Privacy Policy applies to Data Subjects, and the rights and obligations set out in the Privacy Policy apply to all employees and partners of HÄK OÜ who have contact with Personal Data held by HÄK OÜ.

2.4 The Privacy Policy may be supplemented, amended by privacy notices published on the Website or on the Devices.

3. PRINCIPLES

3.1 HÄK OÜ will always process Personal Data in accordance with the interests, rights and freedoms of the Data Subjects.

3.2 All activities of HÄK OÜ related to the Processing of Personal Data shall be based on the following principles:

3.3.1 Legality. 3.3.O. The processing of Personal Data shall be based on lawful grounds, such as consent.

3.3.2 Purpose limitation. Personal Data are collected for specified purposes and are not further processed in a way incompatible with those purposes.

3.3.4. Minimizing. Personal Data is relevant, relevant and limited to what is necessary for the purposes for which it is processed. When processing Personal Data, HÄK OÜ follows the principle of Minimal Processing and if the Personal Data is no longer necessary or relevant for the purpose for which it was collected, the Personal Data will be deleted;

3.3.5. Reliability and confidentiality. The Processing of Personal Data shall be carried out in a manner that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using reasonable technical or organizational measures. HÄK OÜ will follow good practices in the Processing of Personal Data;

3.3.6. Default and integrated data protection. HÄK OÜ will ensure that all systems used comply with the required technical criteria. Appropriate data protection measures are designed into the upgrade or design of each information and data system (e.g. information systems and business processes are built on the assumptions of pseudonymisation and encryption).

3.4 HÄK OÜ bases the processing of Personal Data on the objective of always being able to prove compliance with the aforementioned principles, and further information on compliance with these principles can be obtained from the Data Protection Officer.

4. COMPOSITION OF PERSONAL DATA

4.1 HÄK OÜ collects, among others, the following types of Personal Data:

4.1.1 Personal Data disclosed to HÄK OÜ by the Data Subject;

4.1.2. Personal Data that arise as a result of the ordinary course of communication between the Data Subject and HÄK OÜ;

4.1.3. Personal Data which are manifestly disclosed by the Data Subject (e.g. on social media);

4.1.4. Personal Data (e.g. time spent on the Website) that arise as a result of visiting and using the Website;

4.1.5. Personal Data received from third parties;

4.1.6. personal data created and combined by HÄK OÜ (email correspondence or order history list within the framework of the customer relationship).

5. THE CATEGORIES OF PERSONAL DATA AND THE PURPOSES AND BASIS OF THE PROCESSING

5.1 HÄK OÜ Processes Personal Data exclusively on the basis of consent or law. The legal grounds for Processing Personal Data include, among others, legitimate interest.

5.2.On the basis of consent, HÄK OÜ processes personal data precisely within the limits, scope and for the purposes specified by the Data Subject. In the case of consent, HÄK OÜ is guided by the principle that each consent must be clearly distinguishable from other matters, and must be in an intelligible and easily accessible form, in clear and plain language. Consent may be given in writing, electronically or by oral statement. The data subject gives his or her consent voluntarily, specifically, knowingly and unambiguously, for example by ticking a box on the Website.

5.3 In the course of the conclusion and performance of the Contract, the Processing of Personal Data may be further provided for in a specific Contract, but HÄK OÜ may Process Personal Data for the following purposes:

5.3.1. to take measures prior to the conclusion of the Contract at the request of the Data Subject;

5.3.2. to identify the Customer to the extent required by due diligence;

5.3.3. fulfilling its obligations to the Customer in relation to the provision of its Services;

5.3.4. communicating with the Customer;

5.3.5. ensuring that the Customer’s payment obligations are met;

5.3.6. submitting, realizing and defending claims.

For the purposes of the award of an employment contract and on the basis of legitimate interest, HÄK OÜ’s processing of the personal data of an applicant for employment includes the following:

5.4.1. the Processing of the data provided by the job applicant to HÄK OÜ for the purpose of concluding an employment contract;

5.4.2. the Processing of Personal Data received from the person indicated by the job applicant as a recommender;

5.4.3. the Processing of Personal Data collected from national databases and registers and public (social) media.

5.5 Legitimate Interest means the interest of HÄK OÜ in managing and operating its business so as to provide the best possible Services to the market. On the basis of the law, HÄK OÜ will process Personal Data only after a careful assessment to establish that HÄK OÜ has a legitimate interest on the basis of which the processing of the Personal Data is necessary and compatible with the interests and rights of the Data Subject (following the so-called three-step test). In particular, processing of Personal Data on the basis of legitimate interest may be carried out for the following purposes:

5.5.1. to ensure a trustworthy customer relationship, such as Processing of Personal Data strictly necessary to identify the true beneficiaries or to prevent fraud;

5.5.2. to manage and analyze the customer base in order to improve the availability, choice and quality of Services and Products and to provide the best and most personalized offers to the Customer, subject to the Customer’s consent;

5.5.3. Identifiers and Personal Data collected when using the Website. HÄK OÜ uses the collected data for web analytics, performance, improvement, statistics and analysis of the Visitor’s behavior and user experience and to provide a better and more personalized Service;

5.5.4. organizing campaigns, including personalized and targeted campaigns, conducting customer and visitor satisfaction surveys and measuring the effectiveness of marketing activities;

5.5.5. analyzing the behavior of Customers and Visitors on the Website;

5.5.7 Measures taken for network, information and cyber security reasons, such as combating piracy and ensuring the security of the Websites and making and storing back-up copies;

5.5.8. For organisational purposes. In particular, for financial management and the preparation, submission or defence of legal claims.

5.6. In order to comply with its legal obligations, HÄK OÜ processes Personal Data in order to comply with its legal obligations or to implement uses permitted by law. For example, obligations arising from the law for processing payments or complying with money laundering rules.

5.7 If the Processing of Personal Data is carried out for a purpose other than that for which the Personal Data was originally collected, or is not based on the consent given by the Data Subject, HÄK OÜ will carefully assess the permissibility of such new Processing.

6. DISCLOSURE AND/OR TRANSFER OF CUSTOMER DATA TO THIRD PARTIES.

6.1 HÄK OÜ cooperates with persons to whom HÄK OÜ may disclose data relating to Data Subjects, including Personal Data, within the scope and for the purpose of such cooperation.

6.2 Such third parties may include HÄK OÜ’s development partners, customer satisfaction survey companies, debt collection service providers and partners of payment default registers, persons, institutions and organisations mediating or providing (e-)mail services, provided that:

6.2.1. the relevant purpose and Processing is lawful;

6.2.2. the Processing of Personal Data is carried out in accordance with good practice;

6.2.3. the details of such processors have been disclosed to Data Subjects;

6.3 HÄK OÜ will only transfer Personal Data outside the European Union if:

6.3.1. the Commission of the European Union has determined that an adequate level of protection exists in that country;

6.3.2. HÄK OÜ has put in place adequate safeguards;

6.3.3 The data subject has given his or her explicit consent to the transfer after having been informed by HÄK OÜ of the potential risks involved in such a transfer due to the absence of an adequacy decision and appropriate safeguards;

6.3.4. where the transfer is necessary for the performance of a contract between the data subject and a controller or for the implementation of pre-contractual measures taken at the request of the data subject;

6.3.5. where the transfer is necessary for entering into, or the performance of, a contract between the controller and another natural or legal person in the interest of the data subject;

6.3.6. the transfer is necessary for compelling reasons relating to the public interest;

6.3.7. the transfer is necessary for the establishment, exercise or defence of legal claims;

6.3.8. the transfer is necessary to protect the essential interests of the Data Subject or of other persons where the Data Subject is physically or legally incapable of giving consent;

6.3.9. the communication shall be made from a register which, in accordance with Union or Member State law, is intended to provide information to the public and is open to consultation either by the public at large or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions for consultation laid down in Union or Member State law are fulfilled in the particular case;

6.3.10. the transfer is not repetitive, concerns only a limited number of Data Subjects, is necessary to protect the legitimate interests of HÄK OÜ, in relation to which the interests, rights or freedoms of the Data Subject do not prevail and where all the circumstances surrounding the transfer have been assessed and appropriate safeguards have been put in place to protect the Personal Data. HÄK OÜ shall notify the Data Protection Inspectorate of the transfer.

7. SECURITY OF PROCESSING OF PERSONAL DATA

7.1 HÄK OÜ only stores Personal Data in a secure environment (see Section 12: Data Protection Guidelines).

7.2 In the event of any incident relating to Personal Data, HÄK OÜ will take all necessary measures to mitigate the consequences and to mitigate relevant risks in the future. Among other things, HÄK OÜ will record all incidents and, where applicable, inform the Data Protection Inspectorate and the Data Subject directly (e.g. by e-mail) or publicly (e.g. through news).

8. PROCESSING OF PERSONAL DATA OF CHILDREN

8.1 HÄK OÜ Services, including information society services, are not directed at Children.

9. EXERCISE OF RIGHTS AND LODGING OF CLAIMS

9.1 Exercise of rights:

9.1.1.1 The Data Subject has the right to obtain the following in relation to the Processing of Personal Data.
9.1.1 The Data Subject has the right, in the event of a question, request or complaint regarding the Processing of Personal Data, to contact HÄK OÜ or the HÄK OÜ Data Protection Officer at the contact details provided in Section 14.

9.2. Submitting complaints:

9.2.1. 10.2.2.2.2.1 The Data Subject has the right to lodge a complaint with the Data Protection Officer of HÄK OÜ and HÄK OÜ, the Data Protection Inspectorate or a court if the Data Subject considers that his or her rights have been infringed during the processing of Personal Data.

9.2.2 Contact details of the Data Protection Authority (DPA) can be found on the DPA website at:
http://www.aki.ee/et/inspektsioon/kontaktid- nouandetelefon.

10. COOKIES AND OTHER WEB TECHNOLOGIES

10.1 HÄK OÜ may collect data about the Visitors of the Websites and other information society services by using Cookies (i.e. small pieces of information stored by the Visitor’s browser on the hard disk of the Visitor’s computer or other device) or other similar technologies (e.g. IP address, device information, location information) and process these data.

10.2 Äripäev uses the data collected to enable the provision of the Service in accordance with the Visitor’s or Customer’s habits; to ensure the best quality of the Service; to inform the Visitor and Customer about content and make recommendations; to make advertisements more relevant and to enhance marketing efforts; to facilitate log-in and data protection. The data collected will also be used to count Visitors and record their usage patterns.

10.3 HÄK OÜ uses session, permanent and promotional cookies. Session cookies are automatically deleted after each visit; permanent cookies are retained upon repeated use of the Website.

10.4 With regard to cookies, Visitors agree to their use on the Website or in the web browser.

10.5. Most browsers allow Cookies. Without fully enabling Cookies, the functions of the Website will not be available to the Visitor. Whether or not to enable or disable Cookies and other similar technologies is under the control of the Visitor through the settings of their web browser.

11. DATA PROTECTION GUIDE

11.1 HÄK OÜ uses password management KeePassX, Scoro work management software to protect personal data and collects only minimal personal data.

11.2 HÄK OÜ uses Google Analytics cookies.

12. CONTACT DETAILS AND INFORMATION

12.1 Contact details relevant for the Data Subject:

12.1.1 HÄK OÜ can be contacted by e-mail at hello@hak.ee and by telephone at 5343 3871 for questions regarding Personal Data.

12.1.2. HÄK OÜ Data Protection Officer is a representative of the company who can be contacted by e-mail at hello@hak.ee.

OTHER CONDITIONS

13.1 HÄK OÜ reserves the right to unilaterally amend these Privacy Terms. HÄK OÜ shall notify Data Subjects of any such changes on the HÄK website, by e-mail or otherwise.