Data Processing Terms
Entered into force 16th of December 2022
These Data Processing Terms (hereinafter referred to as the Terms) describes the principles of processing personal data in RunProperty LTD (registry code 16263894, VAT no EE102388507), located in Tallinn, Estonia (hereinafter referred to as the Service Provider) and the rights of natural persons (hereinafter referred to as You) in relation to their personal data.
Understanding these Terms is important because you, by communicating with the Service Provider and/or using the services of the Service Provider, agree to the terms and conditions for the collection, processing, transfer and storage of personal data specified in the Data Protection Terms without exception.
These data protection conditions do not cover the processing of data: of legal persons and institutions; natural persons working for the Service Provider; by third parties to whose websites are directed (external links).
1. Principles for processing personal data. The purpose of data protection is to protect the fundamental rights and freedoms (including the right to privacy) of a natural person with regard to the processing of personal data. When processing personal data, the Service Provider and its partners (hereinafter referred to as processors) comply with the European Union General Data Protection Regulation (hereinafter referred to as the GDPR), Personal Data Protection Act and other legislation regulating the field.
2. Depending on the situation, the Service Provider may be the controller or an authorized processor of personal data.
2.1. As the controller, the service provider determines the purposes and means of processing the personal data collected. In doing so, your personal data will be processed if:
you visit the website of the Service Provider or the pages of the social network, including, but not limited to, Facebook and LinkedIn pages (the website and social networking pages contain links to websites belonging to third parties, for which we are not responsible for the principles of processing personal data);
you are applying for a job at the Service Provider or you have previously worked at the Service Provider;
you contact the Service Provider's customer service;
we want to advertise or sell the product to you.
2.2. As an authorized processor, the Service Provider stores and processes Your personal data entered into the Platform by the users of its Clients. Here the purposes and means of processing personal data are determined by the Clients. You can read more in the Terms and Conditions of the Service. Employees of the service provider have access to personal data in connection with performing their duties.
3. Contacting customer service. When contacting us by phone, we may record the phone call, if you are notified during the call. The purpose of recording is to ensure the quality of service and improve services. You can cancel the call if you do not want to be recorded. The recordings shall be kept for at least 6 months. The destruction of recordings is carried out automatically by the recording system after a certain period of time.
4. Collecting your messages, feedback and statistics. Your feedback is important to us and helps to improve our services and service quality. The service provider collects statistics related to the use of customer service, services, websites, social media platforms, etc., analytics of the use of the service, feedback and correspondence in order to improve and further develop their quality.
We store feedback, correspondence and related statistics from our customers for up to 5 years.
5. Applying for a job or traineeship. When applying to a service provider's company, we collect the data published by you and data found in public sources (including social networks, blogs, public register data, including criminal records, business register, court decisions, etc.). We use the collected data to communicate with you, assess your skills, qualifications and suitability, prepare tests, tests or other practice materials for you, decide on hiring and prepare employment documents. Candidates have the right to know the data collected about them and to explain or object to them. With regard to the referees nominated by the candidate, we assume that the candidate and the referee have both agreed to contact the referee and ask questions about the candidate.
We store correspondence and documents related to job applications, employment relations and other personnel issues for 1 to 5 years in order to forward job offers to the candidate in the future and resolve possible legal disputes.
6. Your rights regarding your personal data. You have the right to: access your personal data at any time; to request at any time the correction or completion of inaccurate personal data; to object to the processing of personal data at any time, e.g. when working with personal data for direct marketing purposes; to withdraw consent to the processing of personal data at any time, this does not affect the lawfulness of the processing carried out before the withdrawal; in certain cases, prohibit or restrict the processing of personal data for a certain period of time; in certain cases, to request the erasure of personal data ("right to be forgotten") if you withdraw your consent to the processing of personal data or if there is no legal basis for processing personal data; to request a one-off transfer of personal data in a commonly used machine-readable format; to lodge complaints regarding the processing of personal data. In order to exercise your rights, please send a corresponding request to the Service Provider's e-mail address email@example.com. We will respond by e-mail as soon as possible, but not later than within one month of receiving the application. Before issuing your personal data, we need to verify your identity, which is why we recommend that you digitally sign the application and attach it as a file to the e-mail. Depending on the complexity and volume of the application, we may extend this period, if necessary, by notifying you in advance. We will issue the data collected about you electronically. We have the right to charge a reasonable fee for completing the request. According to the legislation, we have the right to refuse to release data in justified cases.
Sometimes we need to make an inquiry to a third party (e.g. our Clients) to respond to you, in which case we will only disclose your personal data to the extent strictly necessary. If the Service Provider detects that it is the processor of the dataset containing your personal data and not the controller, the Service Provider will forward your request to its Client and notify You thereof. The Client is then obliged to answer You himself.
7. Retention of personal data. We will retain your personal data for as long as is necessary to achieve the purposes set out in the Data Protection Terms and for as long as required or maximally permitted by law. Upon expiry of the retention period, we will permanently delete personal data.
The Service Provider may extend the term of storage of personal data or refuse to delete them if this is necessary for the performance of the legal obligations of the Service Provider, the exercise of the right to freedom of expression and information, the establishment, exercise or defence of legal claims or in the public interest.
8. Disclosure of personal data to third parties. Your personal data may be transferred to third parties if they have the right to receive the data arising from legislation, including a court, investigative and supervisory authorities, or the transfer is necessary to achieve the objectives of these Terms, including persons belonging to the same group as the Service Provider and the authorized processors of the Service Provider.
9. Geographical area of processing of personal data. We provide services in countries of the European Economic Area (EEA) and process personal data mainly in European Union countries. If we or our processors transfer personal data outside the EEA, then the European Union General Data Protection Regulation (GDPR) and other legislation regulating the field will be followed.
10. Security of personal data, handling of related breaches and notification of breaches. The Service Provider has implemented measures (including organisational, technical and physical) to protect Personal Data from unintentional or unauthorised processing, access and misuse and to ensure their secure collection, processing, transmission and storage.
In the event of a breach in the processing of personal data, we will make all reasonable efforts to terminate it and deal with the mitigation of the consequences. Proper documents are drawn up of the violation.
We will notify the Data Protection Inspectorate of a breach in accordance with the General instructions for Personal Data Processors, if the breach is likely to result in a threat to your rights and freedoms. We will also inform You if the violation is likely to result in a serious threat to your rights and freedoms so that you can take the necessary measures.
11. Invalid provisions. If any provision in these Terms proves to be null and void, invalid, illegal or unenforceable, it will not affect or impair the validity, legality or enforceability of the remaining Terms.
12. Applicable law and resolving disputes. These Terms are governed by the laws of the Republic of Estonia. If you are dissatisfied with the Service, the activity of the Service Provider or if any other question arises, please contact the Service Provider first to resolve the situation through negotiations. In case of failure to reach an agreement, you have the right to file a complaint or complaint against the actions of the Service Provider to the Data Protection Inspectorate or appeal to the Harju County Court.
13. Amendment of Terms. The Service Provider has the right to amend or supplement the Terms at any time. The current Terms are available on this page. If you do not agree to the new Terms or any specific changes, you will not be able to continue using the services of the Service Provider.
14. Contact details. If you have any questions about these Terms, would like to review previous versions, or would like to ask a question or send a notice related to the processing of personal data, please contact our Data Protection Officer by e-mail at firstname.lastname@example.org