1.4. The Controller observes the principles relating to data processing provided by legislation and, among other things, processes personal data in a lawful, fair and secure manner. The Controller is able to declare that personal data have been processed in accordance with the provisions of legislation.
2.1. The personal data collected, processed and stored by the Controller have been collected electronically, mainly via the website and e-mail.
2.4. The Controller is not liable for any damage or loss caused to the data subject or a third party as a result of the submission of false data by the data subject.
3.1. The Controller collects client data mainly from the client themselves (e.g. from petitions, applications, in the course of the client relationship) and in the course of the client’s use of the services (e.g. making of transfers, performance of contracts).
3.2. The Controller also obtains client data from third parties:
3.2.1. From persons related to the client (e.g. the person who submits a loss notice or another person related to the contract) upon submission of petitions and applications;
3.2.2. From cooperation partners and persons related to the provision of services to clients (e.g. resellers). We can obtain such data, above all, if the client has granted their prior consent to the cooperation partner or if the Controller has legitimate interest in obtaining the data. We can obtain data, above all, in the course of providing a service, upon placing and confirming an order;
3.2.3. From public and private registers (e.g. population register, register of taxable persons, Tax and Customs Board). The Controller uses the data mainly for checking and specifying client data;
3.3. The Controller processes client data in order to perform its legal obligations arising from legislation (national laws, supervision guidelines, regulations and European Union legislation) as well as to perform the contract entered into with the client. For example in order to process the petition submitted by the client and prepare the entry into the contract, on the basis of the consent of the client as well as to protect the legitimate interests of the Controller.
3.4. The legitimate interests of the Controller manifest themselves in the first place in promoting the Controller’s business activities upon providing clients with better services and products, in developing the Controller’s products, in ensuring data and information security, in debt management as well as in protecting themselves in the case of legal disputes.
3.5. Client data are processed for performing the contract entered into with the participation of the data subject.
3.6. The Controller has the right to share the personal data of clients with third parties such as processors, accountants (Directo OÜ), transport and courier companies (Ball Transport OÜ, Bestway Grupp OÜ, HRX AS), companies providing transfer services (TransferWise Ltd, AS LHV Pank).
3.7. The Controller processes and stores personal data of the data subject, implementing the organisational and technical measures to ensure that the personal data are protected against any accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3.8. The client grants their consent for the processing of client data by placing an order (order application) that provides the client with an opportunity to grant their consent voluntarily.
3.9. In their activities, the Controller processes the following types of client data:
3.9.1. Personal data (name);
3.9.2. Contact details (e-mail, telephone, installation address);
3.9.3. Data on the residence for tax purposes (residence for tax purposes);
3.10. Purposes for which the Controller processes client data:
3.10.1. Client relationship management and verification of the data provided by the client and, where necessary, rectification or modification of the data. The processing takes place for performing the contract or for taking measures prior to entry into the contract as well as on the basis of a legitimate interest for managing the client base, improving the services provided to the client, incl. for eliminating errors;
3.10.2. Exercise of the rights of the Controller in connection with legal requirements as well as the certification and protection thereof in or outside court. The processing takes place on the basis of the legitimate interest of the Controller for the purpose of protecting themselves in legal disputes;
3.10.3. Conduct of consumer surveys, examination of consumer habits. The processing takes place on the basis of the legitimate interest of the Controller in order to obtain client feedback and opinion about their satisfaction with the services and products provided by the Controller and therethrough develop the existing and new products and services.
3.10.4. To perform the burden of proof in the case of possible disputes, the Controller may also collect information on the receipt of letters of mandatory content that are sent out (e.g. the recipient of the letter, the date of sending, information about arrival). The processing takes place on the basis of the legitimate interest of the Controller for the purpose of protecting themselves in legal disputes.
4.1. The Controller processes client data proceeding, among other things, from data minimisation and storage limitation principles.
4.2. The Controller stores client data until the purposes of the processing have been achieved or the obligations arising from legislation have been performed.
4.3. The Controller stores the client data constituting personal data as a maximum for ten years of the termination of the client relationship. The reason and legal ground for storage of client data constituting personal data after the termination of the client relationship arise either from the statutory obligation to store data or from the Controller’s legitimate interest in ensuring necessary information and possible supporting documents for resolving disputes or managing other risks arising from contracts entered into with clients.
4.4. The Controller stores the client data constituting personal data taking also into consideration the rights of other clients on the principle that the data to be erased may not adversely affect the interests and rights of other clients.
5.1. The data subject has the right to gain access to and examine their personal data.
5.2. The data subject has the right to obtain information on the processing of their personal data.
5.3. The data subject has the right to modify or rectify inaccurate data.
5.4. If the Controller processes the personal data of the data subject based on the consent granted by the latter, the data subject has the right to withdraw their consent at any time.
5.5. To exercise their rights, the data subject can address the client support at firstname.lastname@example.org.
6.1. A cookie is a small text file that a website transfers to the hard drive of your computer in the form of a browser cookie file in order for the website to remember information about you. Cookies themselves cannot be used for establishing your identity.
6.2. Our website uses the Google Analytics software that saves only anonymous and impersonalised information about the use of the website.
6.3. A cookie file usually contains the name of the domain from which the cookie file came, the ‘lifespan’ of the cookie and its value, usually a randomly generated number.
6.4. More detailed information about the cookies used is set out below:
Names of cookies Purpose When do these cookies expire?
_ga To distinguish between the different website visitors.Two years.
_gid To distinguish between the different website visitors.One day.
_gat_organizer One minute.
Cookies can be permitted or denied in the pop-up window that opens upon the first use of the website. Later, preferences can be changed in the window that opens through the ‘cookie’ icon located in the bottom left-hand corner of the homepage of the website.
You can disallow cookies used through the following link https://www.nerostein.ee/en/module/lgcookieslaw/disallow?token=3a1a2caaf79390e515c0c6e018a2d3af
7.1. These data protection terms and conditions have been prepared in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and legislation of the Republic of Estonia and the European Union.