1. Personal data processing Manager:
1.1. The personal data processing Manager is SIA “Skrivanek Baltic”, reg. No.: 60084150, legal address Viru väljak 2, Tallinn, Estonia, 10111, phone: +372 5622 8190 (hereinafter referred to as “Skrivanek”), website: www.skrivanek.ee.
2. Personal data Processor:
2.1. Skrivanek processes the Customer’s personal data to the extent and in the manner prescribed and permitted by the laws of the Republic of Estonia and the European Union. Other Skrivanek data processors are also eligible to receive and process Customers’ data. For more information about partners, contact Skrivanek using the specified communication channels (see “Contacts” on the Skrivanek website www.skrivanek.ee).
3. Applicable laws:
3.1. Regulation of the European Parliament and of the Council No. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (27 April 2016);
3.2. Personal Data Protection Law.
5. What personal data is processed by Skrivanek?
5.1. The categories of personal data processed by Skrivanek depend on the Services provided to Customers. Skrivanek is entitled to process the following personal data categories for the purposes indicated in paragraph 7 of this Policy:
5.1.1. name, surname, personal identity number/date of birth, correspondence address, telephone number and e-mail address;
5.1.2. bank details;
5.1.3. details of identity documents (document number, date and place of issue, etc.);
5.1.4. data provided by the Customer him/herself to Skrivanek.
5.2. Skrivanek processes such data for use of the Services for the purposes listed in paragraph 7 of this Policy:
5.2.1. Cookies (Web Browsing Data) – Information about the Skrivanek website www.skrivanek.ee, (hereinafter referred to as the “Skrivanek website”) visits.
6. What is the legal basis for Customer Personal Data Processing?
6.1. Customer’s consent – The Customer as a personal data subject him/herself gives consent to the collection and processing of personal data for specified purposes. Customer’s consent is his/her free will and independent decision that can be made at any time, therefore allowing Skrivanek to process personal data for specified purposes. The Customer’s consent is binding if it is provided in writing (by filling out the form at Skrivanek’s office, sending an electronic request after the Customer’s identification or using the webpage www.skrivanek.ee). The Customer has the right at any time to withdraw his/her prior consent using the specified communication channels (see the “Contacts” section of Skrivanek’s website www.skrivanek.ee). The requested changes will take effect within three working days. The withdrawal of consent does not affect the legality of the processing, which was based on the consent before the withdrawal.
6.2. Conclusion and execution of an Agreement – in order to enable Skrivanek to enter into and execute an Agreement with the Customer by providing quality services and servicing the Customer, it must collect and process certain personal data collected before the conclusion of the Agreement with Skrivanek or during the time when Agreement is already in force.
6.3. The legitimate interests of Skrivanek – Skrivanek’s interests are based on the provision of quality services and timely support to the Customer; Skrivanek has the right to process the Customer’s personal data to the extent that it is objectively necessary and sufficient for the purposes specified in paragraphs 7.1 to 7.3 of this Policy. Skrivanek’s legitimate interests include the processing of personal data through direct marketing, as a result of which the Customer is offered new and/or individual Skrivanek service offers (see also Paragraphs 8.2 and 8.3 of this Policy). Given the fact that Skrivanek is a part of SKRIVANEK Holding SE Group (see also Paragraph 12.4 of this Policy), it has a legitimate interest in processing its Customer data by sending it to other companies in the group for internal administrative purposes, including, so that SKRIVANEK Holding SE Group could offer to the Customer services that serve the modern needs.
6.4. Legal obligations – Skrivanek is entitled to process personal data in order to comply with the requirements of regulatory enactments and to provide answers to lawful requests of the state and local governments.
7. What will Skrivanek process Customer Data for?
7.1. Skrivanek processes personal data to ensure the provision of quality services during the period of validity of the Agreement with Skrivanek:
7.1.1. to process customer complaints and provide support (including technical support) for the services provided;
7.1.2. to manage the effective cash flow, including for the administration of the Customer’s payments and debts;
7.1.3. to inform Customers about services provided by other SKRIVANEK Holding SE Group companies.
7.2. Skrivanek processes personal data to promote the development of the industry and offer new services to Customers, including:
7.2.1. the creation of new services and offers about them;
7.2.2. for analysis of the market and development of the business model, Skrivanek customer statistical data processing is carried out.
7.3. Skrivanek processes personal data to build and maintain Skrivanek’s internal processes, to ensure document circulation and other internal processes (for example, archiving of Agreements and other documents) to the extent and amount necessary.
7.4. Skrivanek has the right to process the data below and for other purposes upon receiving freely given and unambiguous consent from the Customer:
7.4.1. verification of Customer’s personal data in debt register databases in order to assess Customer’s ability to fulfil contractual obligations, during the validity period of the Agreement such verification is necessary in order to offer the Customer new and more modern services;
7.4.2. to promote the recognition of Skrivanek image in the market by sending customers good wishes, awarding bonuses, organizing surveys to improve existing services and creating new services.
8. Does the Customer have the right to restrict the processing of his/her data?
8.1. Customer personal data profiling as data processing:
8.1.1. profiling is any type of automated processing of personal data, which is the use of personal data for the purpose of evaluating specific personal aspects of a natural person, in particular analysing or predicting aspects related to the personal preferences, interests, reliability, behaviour, location or movement of that individual;
8.1.2. by processing personal data of the Customer, Skrivanek can perform profiling to formulate and express individual offers. Automated individual decisions are made only for business purposes, and they will not produce legal consequences for the Customer. The Customer has the right at any time to object to the adoption of an automated decision and not to be the subject of such a decision, informing Skrivanek about it (see also the provisions of paragraph 8.3 of this Policy).
8.2. Direct marketing and the basis for sending Commercial Letters to Customers: Skrivanek carries out direct marketing by distributing commercial communications to Customers, so that Customers are always informed about new and/or directly created services for the Customers, as well as special contractual terms (for example, discounts) in accordance with the basis for the processing of personal data referred to in Paragraph 6.3 of this Policy. Customers have the right at any time and free of charge to refuse to receive commercial communications by informing Skrivanek about it (see also the provisions of Paragraph 8.3 of this Policy).
8.3. Customers have the right to object at any time to the profiling of their personal data (see paragraph 8.1) or to refuse to receive commercial communications (see paragraph 8.2), informing Skrivanek verbally (during a telephone conversation, after identification of the Customer, by calling +372 5622 8190) or in writing (by filling out the form at Skrivanek’s office, by sending an electronic request to firstname.lastname@example.org or by visiting the Skrivanek office. The requested changes will take effect within three working days. Changes will not affect the legality of the processing of personal data before the Customer’s objections and/or refusal specified in this clause.
9. What are cookies and how Skrivanek can process them?
9.1. Cookies are small data files that are important for providing certain website features (such as logging in). Cookies allow websites to remember a variety of settings, such as language, fonts and other options that you have chosen to display on webpages. Therefore cookies are stored on your computer. This is how most of the major webpages and service providers work.
9.2. Using cookies, common user behaviour and site usage history is processed, problems and disadvantages are detected on the site, user behaviour statistics are collected, and full and easy use of site functionality is provided.
10. How does Skrivanek acquire Customer Data?
10.1. Skrivanek obtains Customer Personal Data when Customers:
10.1.1. acquire Skrivanek services (at Skrivanek office or remotely with previous Customer identification);
10.1.2. subscribes for news, announcements or other services from Skrivanek;
10.1.3. ask Skrivanek for more information about the service or contact Skrivanek regarding complaints or requests for information, by identifying the Customer;
10.1.4. participate in contests, lotteries or surveys;
10.1.5. visit or browse Skrivanek website;
10.2. Skrivanek may process Customer personal data received from third parties if the Customer has agreed to it (for example, from holders of debt register, etc.).
10.3. Skrivanek may process Customer personal data about the Customer from other companies, SKRIVANEK Holding SE Group companies and affiliates (see Paragraph 12 of this Policy).
11. What is the Customer's personal data processing time?
11.1. Skrivanek will process Customer Data while there is at least one of the following conditions:
11.1.1. the Agreement between the Customer and Skrivanek is in force;
11.1.2. the term for the storage of personal data is specified or arising from the laws of the Republic of Estonia and the European Union;
11.1.3. as much as is necessary for the realization and protection of the legitimate interests of Skrivanek;
11.1.4. until the Customer’s consent to the processing of personal data has been revoked.
12. Customer Data Sharing:
12.1. In order to provide the Services to the Customers, Skrivanek may share personal data with:
12.1.1. SKRIVANEK Holding SE Group companies;
12.1.2. partners or institutions involved in the provision of services ordered or used by the Customer;
12.1.3. debt collection companies, credit information offices, proprietary database holders or other debt recovery organizations;
12.1.4. assignees – In order to ensure efficient cash flow management, Skrivanek has the right to assign a claim to the debtor or debtors.
12.2. Skrivanek has an obligation to provide personal information to the following authorities and services:
12.2.1. law enforcement authorities, the court or other state and local government institutions, if this is evident from the regulatory enactments or at the request of information of the relevant institution;
12.3. Skrivanek will only provide the Customer’s personal data with the necessary and sufficient amount in accordance with the requirements of the regulatory enactments and the objective circumstances of the particular situation.
12.4. Skrivanek reserves the right, if necessary, to transfer Customer personal data to other SKRIVANEK Holding SE Group companies or service providers if this is necessary for the provision of better and high quality services to Customers. For information about SKRIVANEK Holding SE Group companies, debt collection agencies, credit information offices, debt register database holders or other debt recovery organizations, assignees can contact Skrivanek using the specified communication channels (see “Contacts” on the Skrivanek website www.skrivanek.ee).
13. How does Skrivanek protect the Customer's personal data at its disposal?
13.1. Skrivanek provides, continually reviews and improves protection measures to protect the Customer’s personal data from unauthorised access, accidental loss, disclosure or destruction. To ensure this, Skrivanek uses modern technology, technical and organizational requirements, i.e. Using Firewalls, Intrusion Detection, Analysis Software, and Data Encryption.
13.2. Skrivanek carefully scrutinises all service providers that process personal data of the Customer on behalf of and in the name of Skrivanek, as well as assesses whether the cooperation partners (data controllers) are taking appropriate security measures in order to process the Customer’s personal data in accordance with the Delegation of Skrivanek and the requirements of the regulatory enactments. Cooperation partners are not allowed to process the Customer’s personal data for their own purposes.
13.3. Skrivanek assumes no responsibility for any unauthorized access to personal data and/or loss of personal data if it is independent of Skrivanek, for example, due to Customer’s fault and/or negligence.
13.4. In the event of a threat to the Customer’s personal data, Skrivanek will notify the Customer of this.
14. What rights do the Customers have?
14.1. To contact Skrivanek for a copy of personal data at Skrivanek.
14.2. To correct all personal data held by Skrivanek about yourself notifying about changes by sending an e-mail electronically to email@example.com, by calling +372 5622 8190 or at the Skrivanek office.
14.3. Customers have the right to obtain information about those natural or legal persons who have received information about them for a certain period of time from Skrivanek. Skrivanek will not provide the Customers with information about the state institutions that are guiding criminal proceedings, the subjects of the operational activities or other institutions for which the law prohibits the disclosure of such information.
14.4. To request the deletion or limitation of the processing of personal data that is no longer necessary for processing in accordance with the purposes for which they were collected and processed (right to be forgotten).
14.5. To contact the supervising institution of Skrivanek or personal data processing in connection with issues related to the processing of personal data.
14.6. To contact Skrivanek Data Protection Specialist for information on processing and protecting customer’s personal data.