Last update: 16th April 2022
The following phrases are to be understood as follows:
II. WHO CONTROLS YOUR PERSONAL DATA?
In accordance with Article 13 section 1 and 2 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), we wish to inform you that the controller of clients’ personal data is Mobilum OÜ with its registered seat in Tallinn, Parda tn 4, 10151 Tallinn, entered in the Estonian e-Business Register maintained by the Ministry of Justice of the Republic of Estonia under No. 14599147, share capital of EUR 12,000 paid in full, e-mail address: [email protected], telephone: +3726346244 (the “Controller”).
In case of any issues regarding personal data protection please contact the Personal Data Protection Officer appointed by the Controller – e-mail: [email protected], telephone: +3726346244.
III. WHO MIGHT RECEIVE YOUR PERSONAL DATA?
A Client’s personal data might be shared with the Controller’s employees, contractors or associates who are authorised to process the data at the request of the Controller; they might also be shared with entities which the Controller entrusts with the processing of personal data, including entities providing accounting, IT, marketing or organisational services enabling the Controller to provide services, maintain the website, prepare and distribute the newsletter (“Cooperating Entities”). In particular, personal data is entrusted to entities providing Verification services as part of the Know Your Customer process (“KYC”) in accordance with the AML Policy in force in the Controller’s company and due to the obligations introduced by the Estonian Money Laundering and Terrorist Financing Prevention Act.
Your data might be provided to relevant authorities (the Police, Prosecutor’s office, Courts) in line with the jurisdiction of the conducted proceedings within the scope of execution of their statutory tasks, on their demand, reported in compliance with the relevant procedure implementing a final decision, sentence, ruling or other equivalent judgment, maintaining all guarantees ensuring the security of the transferred data.
Your personal data might be transferred to entities from the Controller’s capital group, that is to entities with capital and personal ties to the Controller, especially within the scope necessary for the Controller to provide the services included in the contracts concluded with the Client.
In particular, the Controller exercises due diligence in selecting its Cooperating Entities, and then at the stage of concluding contracts makes sure that these entities guarantee an adequate level of personal data protection.
IV. WHERE DO WE STORE YOUR PERSONAL DATA?
If data are transferred outside of the EEA, also if, at the Client’s request, the product is to be delivered or the services are to be provided outside of the EEA, the Controller uses all the available technical means in respect of the countries, where the European Commission did not determine the right level of data protection and processes the Client’s data only based on their voluntary consent.
V. THE CONTROLLER’S GUARANTEES AND REPRESENTATIONS
The Controller guarantees personal data protection and processing of personal data in compliance with the GDPR. The Controller collects only the data which are necessary for performance of the contract or delivery of ordered services. The Controller does not process data without the Client’s consent outside of the scope which is necessary to execute the contract, provide electronic services or the Controller’s legal obligation without the Client’s prior consent.
The Controller exercises due diligence in order to protect the interests of the data subjects, in particular the Controller ensures that the collected data are processed in compliance with the law; the data are collected for the specified purposes compliant with the law and are not processed further in a way inconsistent with these purposes; the data are relevant and adequate to the purposes for which they are processed and stored in a form which permits identification of the data subjects no longer than it is necessary to achieve the purpose of their processing.
In view of the nature of the Controller’s services, the Controller does not process any data of natural persons which are under 18 years old or which do not have full legal capacity due to a relevant declaration of total incapacitation, or who should act through a statutory representative due to partial incapacitation.
VI. ON WHAT BASIS DOES THE CONTROLLER PROCESS YOUR PERSONAL DATA?
(1) Processing of personal data takes place for the following purposes and is based on the following legal bases:
|OBJECTIVE||BASIS FOR PROCESSING|
Registration on the Controller’s website is compulsory; if you fail to register and provide the data required therein, the Administrator will not provide services to you.
|The processing of your data is necessary for the Controller to fulfil the terms and conditions of the Service Account Agreement governing the use of the Controller’s Website. In order to allow the Customer to register on the Website, the Controller needs to process personal data, otherwise managing the registration and maintaining the Customer’s access to his/her account on the Website would be impossible.|
The aforementioned acts of law oblige the Controller to carry out Verification of the Client – this Verification includes in particular establishing the identity and its proper confirmation, specifying the Client’s address of residence, including the verification of sources used by the Client to finance their business, which is within the scope of the services provided by the Controller.
For the purposes of Verification and making decisions about whether or not to admit a Client to the functionalities of the Controller’s Website, the Controller may use tools that enable automated management of this process. Automated Verification may lead to (1) approval of the Client for admission to the Site and use of the Controller’s services, (2) submission for manual Verification of the Client by the Controller, (3) rejection of the Client.
Automatic Verification is necessary to enable the Client to use the services and the Site of the Controller. Without automatic Verification, it would not be possible for the Administrator to provide services. The Administrator is technically capable of verifying a decision made in an automated manner and of influencing the content of such decision at each stage of its making.
We believe that we have a legitimate interest to perform necessary verifications to detect and prevent abuse while providing the Client with services. In our opinion, the processing of the data is beneficial for all parties involved in the process of paying for services, in particular for the Client, as it allows us to take relevant measures to protect them from third party abuse attempts.
Moreover, the Controller processes the personal data concerning services provided in the scope necessary to keep the records, in order to demonstrate the facts of purchases made by the Client to the relevant state authorities, and in particular to perform the obligations resulting from the Estonian Value Added Tax Act of 10 December 2003.
When the Client contacts the Controller, especially in order to manage actions relating to the Verification or the product/service purchased via the Website, data processing is necessary for the performance of the service provision contract.
If the Client’s enquiry concerns exercising the rights described later herein, or a complaint about our services, we are authorised to process the Client’s data by the Controller’s obligation to perform its legal obligations.
The Controller has a legitimate interest to conduct Website usability testing and test the Client satisfaction level, as in its opinion, the processing of these data is also beneficial for the Client. It allows for improving the Client’s experience as the user and offering them higher-quality services.
All marketing activities are conducted by the Controller on the basis of your explicit consent with a precise reason for processing.
|The legal basis for processing the Client’s data for marketing purposes is their explicit consent given, for example, while accepting the receiving of information adjusted to your individual preferences through different means of communication or, when you accept the legal basis of participation in a given promotional campaign, or when you accept the settings of third-category cookies collected by the Website.
The Controller’s actions within this scope aim at presenting the Client with an offer to purchase the Controller’s products or services, corresponding to the Clients preferences as much as possible.
The Controller ensures that providing any data is voluntary, but in scopes other than receiving the newsletter or for direct marketing (the grounds for data processing are defined in point 1(4)), providing the data is necessary for creating an account on the Website, concluding the service provision contract and the supply of the services. Failure to provide personal data or demanding their deletion or restricting its processing will render providing the services impossible in the aforementioned scope.
VII. HOW LONG DOES THE CONTROLLER STORE YOUR PERSONAL DATA? (“Processing Periods”)
The Controller stores personal data which are processed in the case of:
VIII. WHAT ARE YOUR RIGHTS?
The Controller stores personal data on secured servers. Only selected employees and associates listed above have access to the data. The place and manner of storing the data are to ensure their full security. The Clients’ rights related to personal data processing are as follows:
To exercise the above-listed rights, the Client should contact the Controller. To make sure that the Controller is contacted by a person authorised to submit an application, the Controller might ask for additional information, which will allow for effective authentication and identification.
Within the scope in which the data are processed on the basis of a consent, the consent can be withdrawn at any time. The withdrawal of the consent does not affect the lawfulness of the processing performed on the basis of the consent before its withdrawal. The consent can be withdrawn by sending a statement about the consent withdrawal to our mailing address or e-mail address.
IX. COOKIES POLICY
|Category||Name||Basis for data processing||Managing||The purpose of data processing|
Withdrawing consent to the processing will result in lack of possibility to ensure correct functioning of the Controller’s Website.
|Technical cookies||Required to allow for performance of the contract or to take actions on the Client’s demand – Article 6 (1) (b) of the GDPR.||Controller||They are necessary for the Controller’s Website to function correctly. They are used to maintain the Client’s session while visiting the website and for logging into the Account.
They ensure that the Website is displayed correctly and adjust technical aspects of the services to the Client’s preferences.
They identify the user’s http session. They are commonly used in all Internet applications in order to identify users’ requests during sessions.
They allow for identifying the user’s navigation status on the Website.
|Second Category||Analytical cookies||Legitimate interest of the Controller – Article 6 (1) (f) of the GDPR.||Google Analytics – Third Party
Controller – within the remaining scope
|This way the Controller measures movement on the website, studies the effectiveness of actions and also improves the website’s functioning, and also prevents undesirable activities (e.g. bot movements, endangering users by exposing them to undesired contents).
|Third category||Marketing cookies||The User’s consent – Article 6 (1)(a) of the GPDR||The Controller and Third Parties||The Controller uses them to personalise the advertisements displayed on the website and on external websites, taking into consideration the Client’s actions and preferences on the Website, adjusting the contents of advertising messages to the Clients’ preferences.|
If you believe that the processing of your personal data violates the provisions of the GDPR, pursuant to Article 56 of the GDPR you have the right to file a complaint to the chief supervisory authority, i.e. the Director General of the Estonian Data Protection Inspectorate, or in the case of processing significantly impacting persons in a different Member State, the supervisory authority relevant for that Member State.