This privacy statement determines the manner in which AutoAccount OÜ (the ”Company” or “we”) collects and processes personal data (the ”Personal Data”) while the Company is providing services (the ”Services”) to the Customer (the ”Customer” or “you”) and also when the Customer is using these websites of AutoAccount OÜ.
The Company undertakes to protect Personal Data. The Company shall follow procedures and processes that serve to protect Personal Data in accordance with the requirements of the data protection legislation.
The legal basis for the processing of personal data is the carrying out of functions pertaining to the agreement, as well as the legitimate interest to develop the Company’s business operations to the extent the matter pertains to the development of the Services, customer communications as well as to fulfill the statutory obligations. The processing of personal data may also be based to the consent of the Customer.
We may also be compelled to utilise the data we have collected to prevent and investigate any malfeasance and/or to present or defend against legal claims. In this respect, the processing is either based upon our legitimate interest or the management of statutory obligations.
Processing pursuant to statutory obligations is based upon the necessity of the processing for the purposes of complying with the data controller’s obligations.
Collection of personal data
We collect your personal data through different means. Primarily, we collect and process data, which:
- is provided by you when you communicate with us e.g. via chat or do business with us like subscribe to our newsletter, contact us requesting an offer or provide information to us through forms available at the website;
- is generated when you visit our website or use our services provided therein, e.g. when you download or search information; and
- is obtained from publicly available sources or third parties, where permitted by applicable law, e.g. Trade Register or technical data from analytics providers, advertising networks and search information providers.
We may combine the data collected about you from publicly available sources, and from our different interactions with you e.g. via the website and e-mail.
Purposes of and legal basis for personal data processing
Purpose and legal basis for processing personal data
We only collect and process personal data, which is needed for managing our relationship with you and for other relevant operational or commercial purposes, including the processing of personal data for anonymizing it.
Your personal data is processed for the following purposes:
Customer service, provision and development of services, including customer communications
Fulfilment of our agreements and contractual covenants as well as other obligations
Prevention and investigation of malfeasance and protection of our rights
Management of statutory obligations
What information does the Company collect?
The personal data collected by the Company may be categorised as follows:
Basic details of the data subject, such as their name and identity number
Data subject’s contact details, such as their email address and telephone address
Information concerning the companies and sole proprietors, such as the Business ID and the names of the contact persons
Information concerning customership, contractual partners and agreements, such as information regarding former and valid agreements, correspondence with the contractual partner as well as other contacts, contractual partner’s information submitted into our systems by the contractual partner of their own volition.
Any other information collected upon the consent of the data subject.
Where does the Company obtain information?
We primarily obtain information from the Customers themselves, from the authorities, contact information services providers and from other comparable reliable instances.
We send commercial e-mails that typically include technologies (web beacons, cookies or similar) that allow us to know what you do with the message (open, read etc.) and links you may click.
You may control the use of your personal data for marketing purposes. You can ask us to stop sending you marketing messages by following the opt-out links on any marketing message sent to you or by contacting us at any time. In such case, we will retain minimum personal data to respect your choice in order to avoid contacting you again.
Please note that even though you opt-out of marketing, we may need to contact and communicate with you in connection with the other purposes your personal data is processed for.
For how long are user data retained?
The Company retains Customer´s Personal Data only for as long as they are necessary for the purpose for which they were collected or for the maximum duration permitted by law. Consequently, the duration of the personal data retention period differs depending upon the data in question. This also entails that we may retain Customer´s Personal Data even if the contractual relationship with us has ended, but only for as long as we have a valid reason to do so.
Transfer and disclosure of personal data
For the purposes of providing the service
We do not transfer your data to third parties unless it is required by law or by the nature of the service in question or our contractual obligations.
In case the Customer has granted its consent, we may share the user’s data with selected third parties.
Personal data may be disclosed in accordance with demands presented by competent authorities and statutory requirements.
Legal claims and debt collection
We may process and disclose your personal data to third parties, if this is necessary for protecting the interests of the Company, its employees or for protecting or defending other rights or interests or investigating crimes targeting the Company. Furthermore, we may disclose your personal data to a third party, in case this is necessary for the enforcement of an agreement, collecting of receivables, investigating potential offences or for drafting, presenting or protecting against a legal claim.
Transfer of personal data outside of the EEA
The Company seeks to carry out the Services and to fulfil its contractual obligations and to process Personal Data taking advantage of operators and services located within the EU or European Economic Area.
In the event that the Personal Data of necessity needs to be processed outside of the EU or the EEA, the Company shall ensure an adequate level of Personal Data protection, for instance, by agreeing upon the matter with the Personal Data processor using model contract clauses or other methods provided for under the data protection legislation in relation to the transfer of Personal Data to third countries. The processing of Personal Data outside of EU or EEA may also be due to use of customary cloud-based services like OneDrive, iCloud or Dropbox.
Protection of Personal Data
The Company employs up-to-date procedures to protect Personal Data, including Secure Sockets Layer (“SSL”) or other comparable encryption software.
Amendments to the Privacy Statement
The Company may amend this Privacy Statement from time to time when necessary. We aim to inform of the amendments in good time in advance, so that our Customers are at all times aware of how their Personal Data is being processed.
Right of access
You have the right to inspect which of your Personal Data has been recorded in the register.
Right to rectification
You have the right to require the rectification of inaccurate and erroneous information.
Right to erasure
You may request us to erase your Personal Data from our systems. We shall carry out the procedures you require, provided we have no legitimate reason to abstain from removing such information.
Right to restrict processing of Personal Data
In certain statutory cases, we may restrict the processing of personal data.
The right to object to data processing
You may request restrictions to the processing of your Personal Data, if your Personal Data is processed for purposes other than the carrying out of our Service or for the fulfilment of a statutory obligation. Objecting to personal data processing may result in more limited possibilities to utilise our Service.
Right to withdraw consent
If the processing of your Personal Data is based upon consent, you have the right to withdraw such consent at any time.
Exercising your rights
The Company shall implement the rights mentioned above in the content defined under the General Data Protection Regulation. The scope of the rights is contingent upon the basis for the processing of your Personal Data.
You may exercise your rights by sending a letter or email containing your name, address, telephone number and by presenting a valid identification certificate. We have the right to reject requests that are reiterated with unreasonable frequency, are excessive or unfounded.
Should you feel that the processing of your Personal Data is in conflict with the valid legislation, you may lodge a complaint with the local data protection authority.
Who is the data controller and whom may I contact?
The data controller is:
Registered No: 14507240 / VAT no. EE102118502
Viru Väljak 2-302, Tallinn 10111, Estonia
In matters concerning the register, you may contact: tel. +358 400 602 530, email: firstname.lastname@example.org