What does the privacy notice entail? The privacy notice:
- explains what we do to protect and respect the privacy of your personal data;
- explains how we collect, use and protect your personal data;
- explains what your rights are regarding your personal data.
When processing your personal data, we comply with Estonian and European Union legislation. We use this data for the purpose for which we collected the data and to the extent necessary to achieve that purpose. Once the objective has been attained, we delete the personal data.
The privacy notice provides you with information and guidelines for when you use our services, applications and e-environments or visit our websites. The privacy statement does not include information concerning the processing of data on the websites of other companies or services provided by them, even if you use those services through Traff OÜ services.
We refer to the privacy statement and enable you to read it at the time of conclusion of a contract, as well as when providing a service and/or use of an e-environment to you. The privacy notice is a document that conveys information to you and is not part of the contract signed with you or of the General Terms and Conditions of Traff OÜ.
What is personal data and what kind of personal data does Traff OÜ process?
Personal data (hereinafter also data) is data that is directly or indirectly linked to you as a private individual. For the sake of clarity, we group your personal data into the following two categories based on their nature and sources. The source of personal data refers to through which channels or through whom the personal data reached Traff OÜ.
Basic data includes, for example: first name, surname, username, personal identification code, date of birth, number of a personal identification documents (e.g., passport, ID-card) and other related information, age, address, e-mail address, information concerning services subscribed to or products purchased (e.g., the composition of the service, additional services, parameters, service address, equipment used, etc.) and the associated static IP address, domain name, invoicing information (invoice address, reference number, invoicing address, etc.), etc.
Data collection sources: we obtain information from you and through your use of services. We also get some basic data from national registers.
Location data refers to information about the geographic location of terminal equipment or the place of service provision. For example: location coordinates (GPS).
The data listed above may be associated with you directly or indirectly. Direct association means that the data refers directly to you as one specific natural person. Indirect association means that the data can be associated with you by using additional information or additional processing.
Location data does not refer to your place of residence, service provision or invoicing address, contact address, etc. That information is part of your basic data.
Data collection sources: We obtain data through your use of services that require the determination of geographic location.
How do we collect your personal data?
We collect personal data in the following ways:
- we receive your data when you order a service or goods, sign up as a client, user of a service or an e- environment, subscribe to a newsletter, send us an information inquiry or complaint, and in other similar situations;
- the data will be generated when you use our services (e.g., communication data will be generated when you use communications services);
- we also receive personal data on a need-basis from other sources (e.g., from other service providers or public registers such as the population register, business register) if this is necessary for the conclusion, performance or enforcement of a contract or for performance of an obligation arising from legislation. In addition, such data processing may also be based on your consent. More information on consent-based data processing can be found down below.
On what grounds and objectives do we process your personal data?
Any kind of processing of personal data must be justified. We have divided Traff OÜ company's legal grounds for processing personal data into four groups: performance of a legal obligation, performance of a contract, legitimate interest of Traff OÜ and your consent.
Similarly, we have grouped all objectives for processing your personal data based on those four legal grounds. Pursuant to this distribution, different storage terms apply to the grounds and objectives, and you have different rights and opportunities to influence and make choices regarding the processing of your personal data.
Performance of a contract
The processing of personal data in order to perform a contract primarily manifests in allowing a certain result for our services and this cannot be achieved by avoiding the processing of personal data. We must use personal data to offer services of the quality specified in the contract, and therefore we can process the client's basic data and location data.
Compliance with an obligation arising from legislation
Compliance with the obligations arising from the law stipulates data processing that we are required to conduct,
as we as a service provider/merchant are required to do so by law.
If data processing is necessary for the performance of an obligation arising from law, we in Traff OÜ cannot decide on the collection and recording of such personal data, nor can you. This includes the following objectives:
- Replying to inquiries from public authorities
- Storing communication data as required by law.
Legitimate interest means that we want to use personal data first and foremost to improve our services and service provision, for the development of services and e-environments, and for the promotion of client communication and business activities, all of which is not strictly necessary for the performance of a contract. This way we can provide our client with services, products, price solutions, servicing, etc. just like clients expect us to do. Additionally, we will be able to compile statistics necessary for making the right business decisions. We also process data on the basis of this ground, if it is necessary for documenting transactions made in the course of a business activity and for other business information exchanges. Based on legitimate interest, we will also process your basic data for the purpose of marketing analysis.
The following are objectives that are linked to using data on the basis of legitimate interest.
- General marketing activities
- Fraud prevention
- Management of client relationships (management of inquiries, communications, customer service), web-chat with Traff OÜ
- Traff.co system development: IT development services for information systems and applications.
Consent based data processing
First and foremost, we ask for your consent for the use of data of communications services, without which we could provide our services, but without which personal service, user experience and convenience, not marketing would be complete or personalized.
You can always withdraw your consent later by submitting a new corresponding application in writing or in a format that can be reproduced
in writing. Application or withdrawal of consent cannot have retroactive effect. Depending on the technical solution, providing and withdrawing
consent in the information system can take up to the 2 days to apply.
Your consent shall be valid until you withdraw it or until all contracts concluded with you expire.
We may use your communication data for marketing purposes, in order to associate this with other data concerning you, which may include
consumption and credit information of our other services and e- environments, usage data from e-Environments, incl. activity logs, your
communication with Traff OÜ, data received from processors or third parties
(e.g. data received from Google Analytics, Facebook, information on creditworthiness).
With your consent, we may, for marketing purposes, transmit communication data to third parties in order to send Traff OÜ marketing messages to you in their applications, e-environments, social media channels, etc. (e.g. in Google applications, on Facebook).
For how long do we store your personal data?
We will store your personal data for the period required to attain the objectives stated in the privacy statement, or until the legal obligation stipulates that we do so.
How do we ensure secure processing of your data?
We implements the necessary organisational and info-technological security measures to ensure the integrity, availability and confidentiality of the data. These measures include the protection of employees, information, IT infrastructure, corporate and public networks.
Our employees are subject to data confidentiality and protection requirements, personal data protection training is provided to them, and employees are liable for fulfilling their obligations.
Our partners are required to ensure that their employees comply with the same rules as we do, and their employees are liable for meeting the requirements for the use of personal data.
What are your rights in relation to your personal data?
The right of access to your data
You have the right to access your personal data that Traff OÜ has at any time. Additionally, you have the right to be informed of the objectives of data processing and the storage terms of the data. Access to the data is possible through the self-service environment. To do this, you need to properly authenticate yourself in advance and submit a corresponding application to us. We have the right to reply to such inquiries within 30 days.
The right to amend personal data
If you have discovered incorrect data when reviewing your data or if your personal data has changed, you can always change it by yourself at our self-service or if you will write us.
The right to be forgotten
In certain cases, you have the right to have your personal data deleted. This applies especially to the processing of data on the grounds of consent and legitimate interest. This includes, for example, marketing profiles and the like. However, the complete deletion of personal data is often not possible, as we use data for other purposes as well, in relation to which the early deletion of such data is not allowed due to contractual or legal reasons.
The right to submit objections
You have the right to object, at any time, to any activity regarding the processing of your personal data that is conducted on the grounds of legitimate interest. When submitting an objection, we will consider legitimate interests and, if possible, will stop processing the relevant data.
This right cannot be used in a situation where we are required to compile, submit or defend a legal claim (e.g., we believe that a person has breached the contract and therefore have to turn to a court or other law enforcement agency to protect our rights).
The right to restrict the processing of your personal data
In certain cases, you have the option of restricting the processing of personal data by explicitly informing us. This right can only be exercised in the following cases:
- to verify the accuracy of personal data when you have challenged their accuracy;
- to record illegal data processing;
- you need personal data for compiling, submitting or defending a legal claim;
- when you file an objection to consider the legitimate interest and you wish to limit the processing of the data in question until a decision has been made.
However, you should take into account that this right requires a very precise formulation of the objective and may, in some cases, result in temporary suspension of services.
The right to turn to Traff OÜ or a supervisory authority
If you would like to receive additional information about the use of your personal data or assistance with exercising your rights on the self-service, you can always contact our customer service at +372 58 907 355 or at firstname.lastname@example.org
If you are concerned that your personal data has been handled with negligence or contrary to the content of the privacy notice, you can always notify our personal data protection expert at email@example.com
On using cookies in our e-environments
Cookies may be disabled in your browser settings, if you have selected this option. Keep in mind that in some cases it may slow down the browsing of a website, reduce the functionality of certain websites or prevent access to them.