1. WHAT IS THE PURPOSE OF PRIVACY POLICY?
1.1 This privacy policy describes the processing of personal data by Mainor Ülemiste AS and by Öpiku Majad OÜ (referred to together as Mainor Ülemiste), Mainor Ülemiste’s employees and processors. The purpose of this privacy policy is to inform persons whose personal data may be processed by Mainor Ülemiste; that means primarily contact persons, employees and visitors of Mainor Ülemiste’s corporate clients and business partners. This privacy policy explains which data and for which purpose is processed by Mainor Ülemiste and which rights does a person have in connection with the processing of their data by Mainor Ülemiste.
1.2 This privacy policy meets the obligation to inform arising from Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
2. WHO IS THE DATA CONTROLLER?
The joint controllers are Mainor Ülemiste AS, Valukoja 8, Tallinn 11415; registry code 10348595; and Öpiku Majad OÜ, Valukoja 8, Tallinn 11415; registry code 12804904. The shared e-mail address of the joint controllers is info@mainorulemiste.ee and the shared phone is +37253046992.
3. FOR WHICH PURPOSES AND ON WHICH LEGAL BASIS DOES MAINOR ÜLEMISTE PROCESS PERSONAL DATA?
Services provided by Mainor Ülemiste
3.1 Mainor Ülemiste processes the personal data of its contractual partners and of their employees, representatives and visitors. The personal data processed includes persons’ names, contact details (phone numbers, work addresses, e-mail addresses), information on their position or a company related to them, vehicle registration plates and dates and times of entering and leaving the car park, dates and times of entering and leaving the building and rooms using an access card, video recordings for safety purposes, and information related to marketing activities (for example, person’s attendance at Mainor Ülemiste’s events). Mainor Ülemiste processes the personal data of such persons in order to perform agreements entered into with them or with their employers or contract partners. In exceptional cases the basis for processing may be Mainor Ülemiste’s legitimate interest.
Sending newsletters
3.2 Mainor Ülemiste sends newsletters to persons who have subscribed to the newsletter on Ülemiste City’s web. The basis for such data processing is person’s consent.
Purchase of services and products from suppliers
3.3 Mainor Ülemiste also uses the services of other companies and orders products necessary for its business activities. Such business communication requires the contact details of the supplier’s contact person. The processing of contact details and invoice information is necessary for performing the supply contract.
Recruitment
3.4 Persons applying for a job at Mainor Ülemiste provide the following personal data to Mainor Ülemiste in their application documents: contact details, level of education, qualifications and previous work experience. The processing of such data is necessary for assessing the person’s suitability for the position. Applicants’ personal data is retained for one year as of the announcement of the recruitment decision to the applicant.
4. WHO HAS ACCESS TO PERSONAL DATA?
4.1 Mainor Ülemiste keeps confidential all and any personal data it has in its possession.
4.2 The personal data processed by Mainor Ülemiste can only be accessed by those employees and members of managing bodies who need it in order to perform tasks arising from their position. Mainor Ülemiste may include in the project and give access to personal data to cooperation partners who have the relevant competence. If necessary, Mainor Ülemiste may communicate personal data to Mainor Ülemiste’s group companies. Providers of software solutions may also have access to personal data. If there is an outstanding invoice and it is not possible to solve it otherwise, the invoice information and contact details of a private client may be provided to the provider of debt collection services.
5. HOW LONG DOES MAINOR ÜLEMISTE RETAIN PERSONAL DATA?
5.1 Mainor Ülemiste retains personal data throughout the validity of the agreement which serves as the basis for processing and for no longer than 10 years after the expiry of the agreement. Video recordings are stored for up to 30 days and access systems information for 6 months. Newsletters are sent to a person until they unsubscribe or ask for their e-mail address to be removed from the newsletter database.
5.2 If there is a legitimate interest, Mainor Ülemiste may in certain situations also retain persons’ contact details after the end of the customer relationship or joint project, but for no longer than necessary. Above all, Mainor Ülemiste may retain and subsequently process contact details for the purpose of business development. The suitability of legitimate interest as a legal basis is assessed and explained on each occasion. If Mainor Ülemiste has a legitimate interest in maintaining a business relationship with such persons or the companies they represent, Mainor Ülemiste shall retain contact details for as long as it is necessary based on the legitimate interest or until the person requests that their contact details be erased.
5.3 The data of a supplier’s contact person is not retained for longer than 10 years as of the delivery of products or the provision of services, based on the limitation period of possible legal claims.
5.4 Mainor Ülemiste retains the application documents of job applicants for one year as of the announcement of the recruitment decision to the applicant.
5.5 The data that Mainor Ülemiste is obliged to retain due to a legal obligation (for example, accounting data) is retained by Mainor Ülemiste for as long as the law requires.
6. WHICH RIGHTS DOES A PERSON HAVE IN CONNECTION WITH THEIR PERSONAL DATA?
6.1 According to the GDPR, a person has the right of access to their personal data and to obtain a copy of their personal data, the right to request for their personal data to be transferred to another data controller, the right to request the erasure, rectification or completion of their personal data and the restriction of processing of their personal data. These rights are not unlimited. For example, Mainor Ülemiste does not erase personal data the retention of which is required by law or which is necessary for submitting or defending legal claims.
6.2 For the exercise of these rights Mainor Ülemiste asks you to contact your usual contact person at Mainor Ülemiste or send your request to the e-mail address info@mainorulemiste.ee.
6.3 If a person is concerned about a possible breach of the GDPR or other data protection legislation at Mainor Ülemiste, Mainor Ülemiste asks you to write to the e-mail address info@mainorulemiste.ee. If a person is not satisfied with how Mainor Ülemiste handled their complaint, the person has the right to file a complaint with the Data Protection Inspectorate. The Data Protection Inspectorate’s contact details are as follows: phone +372 627 4135; e-mail address info@aki.ee; mailing address Väike-Ameerika 19, Tallinn 10129.