about the protection and processing of personal dates of clients (PD)
1. General Provisions
1.1. The Regulation about the procedure for processing and protecting the client's PD (hereinafter referred to as the Regulations) defines a set of organizational and technical measures for ensure the protection of NOSTRIS OÜ clients (hereinafter - the Company) from illegal processing, including loss, illegal or accidental destruction , as well as from illegal access to them.
1.2. The Regulation was developed on the basis of Regulation EC 2016/679 of April 27, 2016 (GDPR)
1.3. The provision is binding for persons who have access to PD and who have process the PD.
1.4. PD are any information or body individual information which is identified or can be specifically identified.
1.5. The PD of the Company's clients are information with limited access. The Company assumed the obligation to protect the personal data of counterparties.
1.6. PD of the Company's clients are processed on electronic media.
1.7. PD processing means any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, renewal, use, depersonalization, destruction of PD
2. Purpose and grounds for processing PD
2.1. Processing of client's PD is carried out with the purpose of maintenance of realization of contractual relations at realization by the Company's economic activities, administrative-legal relations, relations in sphere of the accounting and taxes.
The Company collects PD, because it necessary for perform the concluded clients contract (provision of services in accordance with Article 6 par 1 L. b GDPR), including:
• Registration of the User in the system of orders and User's services maintenance ( including the presentation of the product offer and the execution of the order (in accordance with Article 6 par 1 L b GDPR);
• consideration of complaints and complaints (in accordance with Article 6 par.1 of L with GDPR);
• claims Investigation, which are related to the concluded insurance contract (in accordance with Article 6 para 1 of the L f GDPR), (if the legally justified objective is the right to investigate claims);
• archiving purposes (in accordance with Article 6 para of 1 L c with GDPR);
• statistical purposes (in accordance with Article 6 para 1 of L f GDPR), where the legally justified goal of the administrator is having information about the statistics of our actions, which allows Company to improve the activity.
The first log in to the site is updated every day. (including cookies). The client (visitor) is acquainted with the "OK" button if it comes to the site and see message about cookies using. This message will not appear until the next day. During placing the order client retire his data in the inputsite field such as: first and last name, contact phone number, e-mail. These data (including the order) are send to the manager who processes the order, as an e-letter. The manager has the right to fix this data for the order usability.
Data (login, password, name and surname, contact phone number, e-mail) is preserved if the customer is consciously registered on the site. The operation of collection the PD is carrying out in the input fields of the browser (if the client something entering). The storage of the PD implement on the server side using internal PHP resources in the database. The processing of PD carried out by the manager.
The order registration (or subsequent registration) is possible if the client confirms the fact of acquaintance with the Regulations only and consents PD processing and PD storage.
3. Composition of counterparties PD
3.1. The Company processes PD according to the specific purpose of processing, regulatory legislation, the needs of economic activity.
-name and surname,
This contact information is required solely for convenience, promptness and timeliness of the order, identifying a potential customer.
4. PD working organization
4.1. The Owner appoints responsible persons from his managers for ensure the requirements of the legislation compliance of Estonia, the protection and processing of personal data, the terms of these Regulations.
4.2. The responsible person fulfills his duties in accordance with this Regulation and the norms of Estonian legislation which regard the PD processing and protection.
5. The rights and obligations of counterparties as PD subjects
5.1. The client (as the subject of PD) has the PD protection right in accordance with the GDPR, namely:
- to know about the sources of the collection, the location of PD, the purpose of PD processing, the location or residence (owner) of the PD owner or manager, or to issue the instruction to receive this information by authorized persons, except as provided by law;
- to receive information about PD access conditions, including information about third parties which are received PD;
- to access your PD;
- to receive the answer about PD using no later than ten calendar days from the date of receipt of the request, as well as:
- to receive the contents of such PD;
- to submit a motivated demand to the owner of PD about processing of his PD;
- to submit a motivated demand to change or destroy their PD by any owner and manager of personal data (in case if PD are processed illegally or unreliable);
- to protect their PD from illegal processing and loss accidental, destruction, willful concealment damage, protection from disinformation that is unreliable or discrediting the honor, dignity and business reputation;
- to complain about the PD processing in accordance with the GDPR procedure;
- to apply remedies in case of legislation violate;
- to consent to the PD processing;
- to know the PD processing mechanism;
- protection from auto solution which has legal consequences for him.
6. Clients PD collection
6.1. The collection of clients PD is an integral part of the PD processing . It provide the selection and streamlining activities PD about client.
6.2. The grounds for PD processing are:
• the deal conclusion and execution – if subject of PD is a deal’s party or it is concluded in favor of the personal data subject or for the implementation of activities preceding the conclusion of the transaction by the request of the personal data subject;
• the protect necessity legal interests of the owners of PD and third parties, except for cases when the subject of PD requires the termination of the processing of his PD and the need to protect PD, this interest prevails.
6.3. The fact of client PD protection acquaintance is confirmed by the acceptance of the offer.
6.4. The clients PD are entered into the database "Counterparties" during the offer/contract conclusion.
6.5. The information must be corrected or destroyed in case if it is found to be untrue or is disinformation.
7. PD clients storage and destruction
7.1. The storage of PD includes the ensure their integrity and appropriate access to them.
7.2. Clients PD are processed in a form that allows identification of the individual they are related to and stored in the period no more than necessary in accordance with their legal purpose and the purpose of their processing, unless otherwise provided by legislation in the field of archives and records management.
7.3. Personal data of counterparties are deleted or destroyed in the order established in accordance with the requirements of law.
7.4. Personal data is subject to destruction in the following cases:
• the period of data retention, the consent of the personal data subject to the processing of this data or the law;
• termination of legal relations between the subject of personal data and the Company, unless otherwise provided by law;
• entry into legal force of a court decision on the seizure of data on an individual from the PD base;
7.5. The destruction of PD is carried out in a way that excludes the further possibility of updating such PD.
8. PD Transfer to third parties and access providing
8.1. The clients PD transfer to third parties is determined by the terms of consent to the processing of PD or in accordance with the law requirements.
8.2. The clients PD may be transmitted without the consent of the client following in cases:
• the transfer of PD is expressly provided by Estonian law, national security, economic welfare and human rights;
• receiving a request from state government on order to Estonian law
8.3. Access to PD to a third party is not provided if third party doesn’t agree with GDPR requirements.
8.4. The client has the right to receive any information about himself PD base without purpose of the request.
9. PD Protection during processing
9.1. PD Protection in an automated system:
9.1.1. Company's employees only have the right of access to the automated system. They have written commitment of PD non-disclosure
9.1.2. The automated system is provided by anti-virus protection. The automated system is provided by power supplies of the system elements.
9.1.3. The right of access to client?s PD is provided to third parties in case if they concluded agreement with Company about clients contractual obligations.