Website’s and service channel’s responsible data processor:
Mainegrupp OÜ Hiiu mnt 22, Käina, Hiiumaa 92101
Phone +372 4636546
Website: www.hiiumaale.ee
Personal data protection
Personal data is data collected for providing services, for personal identification, or for contacting a person to provide services or solve issues.
Sensitive personal data as defined in the General Data Protection Regulation (GDPR or EU Regulation 2016/679) is not processed.
It is our obligation to protect data and privacy of our customers and users. Our online activity is in line with all the relevant processes and EU and Estonian regulations, including the EU Regulation 2016/679. We apply all precautionary measures (incl. administrative, technical and physical) for the protection of personal data. Access to change and process customer data is only allowed to authorised people.
Security
All collected data from web site visits or e-shop purchases is considered confidential. To secure customer’s personal data and bank information, data exchange with banks is organised through an encrypted channel.
Privacy policy principles
apply to collection, processing, usage, publishing, forwarding, changing, forgetting and erasing of personal data.
These principles do not apply to data processing of corporate bodies or other enterprises/institutions, or to data processing on web sites/service channels referring to our web site/service channel (exterior links). A person representing an enterprise (as service subscriber) is not a physical person, but an authorised representative of a corporate body and their personal data is not processed under the EU regulation 2016/679.
1. What kind of data is collected?
– Non-personal technical data is collected when visiting web sites.
– Personal data is collected in service channels to provide services or for personal identification.
– Technical data is limited to computer or network IP addresses, type of web browser and operation system’s software version, time of visit (time of the day, date, year). IP-addresses are not linked to data of personal identification, unless it is a service channel where this is required as an additional security measure.
– Data is collected about web site visits and stay to improve web sites and service channels based on this information and make them more comfortable for the user.
– Personal data is collected in service channels (including e-shop) to implement contracts and identify topics of interest (looking at basket content, preferences, attitudes, behaviour, etc) to improve relevant information transmission when possible, as well as customer experience when consuming our services and aiming direct marketing.
– With natural persons, collected data may include personal identification code for identification, and name, e-mail address, mobile phone, city and country for communication.
With corporate bodies, collected data includes company registration number, VAT number, name, state, address, e-mail for contact and invoice purposes, names, e-mails and phone numbers of contact persons representing the company.
– Information about credit or bank cards when paying for services is processed only by the relevant bank, and they will only share information about successful payments and the last four digits of a bank card.
Consent to processing personal data for the purpose of providing services and related products is given upon subscription. By subscribing to a service, consent is regarded effective with a time stamp.
2. How long is collected data conserved?
– Non-personal technical information collected from web sites and service channels is conserved indefinitely.
– Personal data collected from requests and/or transactions is conserved for up to seven years from last interaction with the service provider as required by the law of accounting to prove transactions. Among others, reactions to direct marketing, like following and clicking attached links, is also considered interaction.
3. Who can collected data be forwarded to?
– Without consent, collected and processed personal data can only be forwarded to institutions or people who have a legal right for it (court or pre-trial proceedings, for example) and a valid reason.
– Client data collected to perform services is regarded confidential and any processing, publishing or forwarding of such data requires consent by the data owner (client).
4. What rights does the person have over collected data?
Right to review, correct and terminate data processing.
– By default, personal data is not made public unless it has been previously approved (for example when participating in trainings/seminars/conferences).
– Everybody has the right to review their personal data in service channels.
– When possible, depending on the service or service channel, data can be corrected immediately.
– When personal data cannot be changed, or it is not available, or made public on the web page or the service channel, you can access and correct it by sending us an application in a way that we can identify your person. When possible, data will be issued or corrected within 7 working days.
– If you wish to give up direct marketing in all or some areas, you can do so immediately by following the link at the bottom of each marketing e-mail sent to you. Change will be effective immediately.
– When legal reasons for processing, publishing or accessing personal data expire, you can require termination of processing or erasing personal data, or termination of access and disclosure of personal data. For that, please send us an application in a way that we can identify your person.
– Application will be disregarded when:
– it harms other people’s rights and liberties
– it hinders providing or not providing services
– it hinders work of legal organisations
– it is technically unnecessary or impossible
– applicant is legally not connected to the data
– it is impossible to identify the applicant.
For example:
– E-mail address cannot be erased if you do not wish to receive any more direct marketing offers. In order to satisfy this request, we need the e-mail address for comparison to make sure it is not contacted.
– Data from CRM cannot be erased when you don’t wish to be contacted anymore. In order to satisfy this request, your data is necessary for comparison to make sure you are not contacted anymore.
Conditions and changes to privacy policy
By using web pages or service channels you confirm you have read the principles and conditions of privacy policy and agreed to them. We reserve the right to change privacy policy conditions when necessary by notifying all relevant people.