This privacy policy outlines how personal data of users of the website www.kukkumiskaitse.ee (hereinafter referred to as the “Website”) and clients of Kukkumiskaitse OÜ (registry code 12187707, address: Tartu maakond, Kambja vald, Külitse alevik, Kiigemäe tee 3, 61702, hereinafter referred to as “Kukkumiskaitse”) are processed. Personal data refers to information collected by Kukkumiskaitse for the provision of services, identification of an individual, communication with an individual for service provision, problem-solving, or sending marketing content. Kukkumiskaitse does not process sensitive personal data as defined by Regulation (EU) 2016/679 of the European Parliament and Council.

The data controller of personal data is Kukkumiskaitse. Kukkumiskaitse is committed to protecting the personal data and privacy of its clients and users. Kukkumiskaitse’s activities online comply with all relevant activities and applicable European Union legislation and Estonian laws, including Regulation (EU) 2016/679 of the European Parliament and Council. Kukkumiskaitse takes all necessary precautions (including administrative, technical, and physical measures) to protect the collected personal data. Only authorized individuals have access to modify and process the data.

All personal data disclosed during the visit to Kukkumiskaitse’s websites is treated as confidential information. This privacy policy does not cover how other entities process personal data, nor does it cover personal data processing on third-party websites that are linked as external links on the Website.

A representative of a company (as a service purchaser) is not considered a natural person. Instead, they are an authorized representative of a legal entity, and the processing of their personal data is not regulated by Regulation (EU) 2016/679 of the European Parliament and Council.

1. What Personal Data Do We Collect?

When visiting the Website, non-personally identifiable technical data about the visitor is collected.
This technical data includes the internet address (IP address) of the computer or computer network used, the software version of the computer’s web browser and operating system, and the date, time, and location of the visit. IP addresses are not linked to personally identifiable information.
Data is collected about visits and time spent on the Website to improve the Website and services and make them more user-friendly.
To collect the above-mentioned data, we use the automated tool Google Analytics. If you do not wish to share this data, you can disable data collection by Google Analytics at any time, as described here.

For natural persons, the data collected includes personal identification codes for unique identification, names, email addresses, mobile phone numbers, city, and country for communication purposes when necessary.

For legal entities, we process registry codes, VAT numbers, names, countries, addresses, email addresses for contact and invoicing purposes, names of contact persons representing the company, and their email addresses and phone numbers.

For email marketing, we may collect information about your interactions, such as whether you opened an email, which links you clicked, and the devices and technical specifications used for interaction. This information is stored in the contact history.

If you are in Kukkumiskaitse’s contact database, we may process your name, email address, or mobile phone number for marketing purposes on social media platforms (e.g., Facebook, Instagram, Google). Your personal data will be processed for these purposes for up to 5 years from the date of your addition to the contact database. Kukkumiskaitse has a legitimate interest (GDPR Art 6(1)(f)) in sending marketing communications to maintain business relationships.

Personal data processed within Kukkumiskaitse’s services by clients is subject to confidentiality requirements as stated in the service agreement signed by the client. Kukkumiskaitse’s services can only be used upon agreement with the contract. This agreement is verified through software, and in its absence, acceptance of the terms is requested.

The personal data described in this section is accessible only to Kukkumiskaitse employees, who use all necessary security measures when processing your data.

Consent to collect and use necessary personal data is granted by the ordering party when placing the service order. This consent is considered granted with a timestamp at the moment of service order placement.

2. Purpose of Collecting Personal Data

We collect and use personal data to respond to client inquiries, fulfill purchase and sales agreements, communicate with clients, manage the Website and provide services, ensure and enforce terms of service, develop services, and send marketing content.

3. Access to Personal Data

Kukkumiskaitse employees have access to personal data if it is necessary for fulfilling their job responsibilities. Kukkumiskaitse may transfer clients’ personal data to third parties without the client’s consent if it is essential for fulfilling the contract and providing services or if there is a legal obligation to do so.

Personal data processed by clients within Kukkumiskaitse’s services is treated as confidential, and the right to process, disclose, or transfer this data lies solely with the owner of the data (the client).

4. Retention of Personal Data

Non-personally identifiable technical data collected from the Website and service environments is retained indefinitely.

Personal data related to inquiries and/or transactions is retained for up to 7 years from the last interaction with the service provider, as required by the Accounting Act for transaction evidence. Interaction includes responding to direct marketing by viewing or clicking on links.

5. What Rights Do Individuals Have Regarding Collected Data?

Individuals have the right to access their data, request corrections, and stop processing. By default, personal data is not disclosed unless explicit consent has been provided (e.g., participation in training, seminars, or conferences).

If personal data cannot be modified, accessed, or disclosed via the Website or service environments, a request must be submitted in a manner that allows identification of the individual. Where possible, data will be provided or corrected within 7 working days.

To opt out of direct marketing offers, either completely or partially, individuals can do so immediately via the link provided in the footer of every marketing email. Changes take effect immediately.

If there is no longer a legal basis for processing, disclosing, or enabling access to personal data, individuals may request the cessation or deletion of data, as well as the cessation of disclosure or access to the data. To do so, a request must be submitted in a manner that allows identification of the individual.

Requests will not be fulfilled if:

• It may harm the rights and freedoms of another person.
• It may hinder the provision of services or make the provision of services impossible.
• It may hinder the work of law enforcement agencies.
• It is not technically necessary and/or feasible.
• The applicant is not legally associated with the data.
• The applicant’s identity cannot be verified.

Examples:

• An email address cannot be deleted if it is used to opt out of direct marketing offers. To fulfill the request, the email address must remain to ensure that marketing emails are not sent.
• All data in the CRM system cannot be deleted if the individual does not wish to be contacted further. To fulfill the request, sufficient data must remain to ensure no further contact is made.

6. Other Conditions

For questions, requests, or complaints related to personal data processing, please send an email to abi@kukkumiskaitse.ee. Clients also have the right to file complaints with the Data Protection Inspectorate.

Kukkumiskaitse reserves the right to amend its privacy policy at any time, with updates published on the Website.

Last updated: 31.03.2022