AS Oma Ehitaja’s personal data processing policy
The General Personal Data Processing Policy (hereinafter the Policy) explains how AS Oma Ehitaja (registry code 11146149, address Pärnu mnt. 105, 11312 Tallinn) Processes Personal Data in the course of providing its Services.
1. Definitions used in Policy 1.1. AS Oma Ehitaja (registry code 11146149, address Pärnu mnt. 105, 11312 Tallinn) Processes the Personal Data of Users as the controller for the purposes of GDPR in compliance with the Personal Data Processing Policy; 1.2. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); 1.3. Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); 1.4. User means a natural person who visits the Website and requests further information about a specific real estate development and/or future real estate developments; 1.5. Contract means an agreement between AS Oma Ehitaja and the User under which the User will receive further information about a specific real estate development and/or future real estate developments; 1.6. Service means the communication of information about new real estate developments and apartments for sale, including consumer games, promotions and/or raffles for marketing purposes. 1.7. Processing means any operation or set of operations which is performed on Personal Data or on sets thereof, whether or not by automated means, including collection, storage and transmission; 1.8. Website means www.oma.ee, www.madli.ee and other websites related to specific developments and any other websites related to AS Oma Ehitaja.
2. Personal Data and manners of collection 2.1. AS Oma Ehitaja collects Personal Data when entering into a Contract, providing Services and otherwise when the User uses the Website as follows: 2.1.1. The User themselves provides AS Oma Ehitaja with their Personal Data (by enter their name and contact details, using the various functions and Services of the Website); 2.1.2. AS Oma Ehitaja collects data about the User’s behaviour and actions on the Websites (Cookie data). 2.2. AS Oma Ehitaja Processes the following Personal Data: – identification data (name); – contact details (phone, e-mail, address); – IP address and Cookie data.
3. Purposes of and legal basis for Processing Personal Data 3.1. AS Oma Ehitaja processes Users’ Personal Data for the following purposes and on the following legal bases: 3.1.1. For the purposes of entering into or performing a Contract with a User, e.g. – to notify and advise a User who has entered into a Contract; – to ensure performance of a Contract entered into with a User, including the detection and substantiation of any breaches by the User of the Contract or legislation (for example, to bring claims against the User). 3.1.2. Based on the User’s consent, e.g. – to send newsletters to a User, if the User has provided AS Oma Ehitaja with their e-mail address for this purpose; – to conduct raffles and promotions organised by AS Oma Ehitaja, if the User has granted their consent for this. 3.1.3. Based on the legitimate interest of AS Oma Ehitaja, e.g. – to contact a User for direct marketing purposes, if it can be assumed on the basis of a Contract previously entered into with a Client or on the basis of a Service provided to the Client that the User is interested in the relevant offer and the User has not expressed their dissatisfaction or objected to receiving such communications; – to collect information on Website traffic, statistics on the use of Services and other non-personalised technical information on the use of the Website for the purpose of improving the Website and Services. 3.1.4. To comply with the legal obligations of AS Oma Ehitaja, e.g. – the legal obligation to maintain accounting records; – the legal obligation to transmit Users’ Personal Data to competent authorities on the basis of lawful requests.
4. Transmission of Personal Data to service providers (processors) 4.1. AS Oma Ehitaja uses service providers (processors for the purposes of GDPR) to Process Users’ Personal Data and has verified the reliability of such service providers, entered into data processing agreements with them and is responsible for their actions. 4.2. AS Oma Ehitaja uses the following categories of Processor: server and cloud service providers, providers of platforms used for consumer games, raffles and promotions organised by AS Oma Ehitaja. 4.3. Users have the right to request detailed information about the Processors from AS Oma Ehitaja using the contact details provided in clause 10.1.
5. Transmission of Personal Data to third parties 5.1. AS Oma Ehitaja transmits Users’ Personal Data to third parties only if this is required by law, necessary for the performance of a Contract entered into with a User, or if a User has granted their consent for this.
6. Storage of Personal Data 6.1. AS Oma Ehitaja stores Users’ Personal Data for as long as it is necessary to fulfil the purpose for which they were collected, to protect the rights of AS Oma Ehitaja or as required by legislation. 6.2. Depending on the type of Personal Data, AS Oma Ehitaja stores Users’ Personal Data as follows: – Accounting records: 7 years from the end of the relevant financial year, subject to the legal requirement; – Personal Data related to the Contract: 10 years from the expiry of the Contract, subject to the maximum limitation period in case of intentional breach; – Cookie data: in compliance with the Cookie Policy.
7. Security 7.1. AS Oma Ehitaja implements the necessary organisational, physical and IT security measures to ensure the security of Users’ Personal Data. 7.2. AS Oma Ehitaja is not liable for security breaches caused by the actions of a User.
8. Rights and obligations of User 8.1. To the extent covered by relevant legislation (GDPR in particular), Users have the right to exercise the following rights in relation to the Personal Data Processed by AS Oma Ehitaja: – request access to their Personal Data; – request the rectification of Personal Data; – request the erasure of Personal Data; – object to the Processing of Personal Data, specifically if AS Oma Ehitaja is processing them on the basis of legitimate interest; – request the transmission of Personal Data. 8.2. Users wishing to exercise their rights must contact AS Oma Ehitaja using the contact details provided in clause 10.1 of the Policy. 8.3. AS Oma Ehitaja has the right to request additional information needed to identify a User. 8.4. AS Oma Ehitaja will respond to a User’s request within 30 days and inform the User as to whether and what measures AS Oma Ehitaja has taken to resolve the User’s request. 8.5. Where requests from a User are manifestly unfounded or excessive, in particular because of their repetitive nature, AS Oma Ehitaja may either: – charge a reasonable fee; – refuse to act on the request. 8.6. Users have the right to request the erasure of their Personal Data when one of the following grounds applies: – the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise Processed; – the User withdraws the consent on which the Processing of Personal Data was based and there is no other legal basis for the Processing of Personal Data; – the User objects to the Processing of Personal Data where this is based on the legitimate interest of AS Oma Ehitaja and there are no overriding legitimate grounds for the Processing; – the User objects to the Processing of Personal Data for direct marketing purposes; – the Personal Data have been unlawfully Processed; – the Personal Data have to be erased for compliance with a legal obligation of AS Oma Ehitaja; – the Personal Data are that of a child under the age of 13 and are Processed on the basis of consent. 8.7. If a User requests the erasure of Personal Data, they must state in their respective request which of the grounds set out in clause 6 of the Policy they are basing their request on. AS Oma Ehitaja is not required to erase Personal Data if there is no basis for such erasure or if the Processing of Personal Data is necessary for: – exercising the right of freedom of expression and information; – compliance with a legal obligation of AS Oma Ehitaja; – the establishment, exercising or defence of legal claims; – other cases where AS Oma Ehitaja has other legal bases for Processing Personal Data. 8.8. If a User’s Personal Data are Processed on the basis of the User’s consent, the User has the right to withdraw their consent at any time. Withdrawing consent does not affect the lawfulness of Processing based on consent prior to its withdrawal. 8.9. In the event of a Personal Data breach relating to a User which AS Oma Ehitaja believes is likely to pose a significant risk to the rights and freedoms of the User, AS Oma Ehitaja will notify the User without undue delay using the contact details provided by the User to AS Oma Ehitaja or, if this is not possible, publicly. 8.10. To make sure Users’ Personal Data are kept up to date, Users are required to notify AS Oma Ehitaja of any changes to their Personal Data. 8.11. If a User’s rights have been infringed, the User has the right to lodge a complaint with the Estonian Data Protection Inspectorate or to take legal action to defend their rights.
9. Amendment of Policy 9.1. AS Oma Ehitaja may need to amend the Policy following changes in legislation, AS Oma Ehitaja’s procedures for Processing Personal Data or instructions from supervisory authorities or courts. In this case, AS Oma Ehitaja shall give Users reasonable advance notice prior to the implementation of such changes.
10. Contact details 10.1. Users can use the following contact details to exercise their rights, withdraw their consent, obtain further explanations or lodge a complaint against AS Oma Ehitaja: – E-mail: ehitaja@oma.ee – Postal address: Pärnu mnt 105, Tallinn.