2. WHEN AND FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

2.1.  Connecto processes personal data primarily for the purpose of providing services to its customers and cooperation partners and for the performance of contractual obligations on behalf of its customers and cooperation partners. If Connecto’s customer or cooperation partner is a data subject, the legal basis for the processing of personal data is Article 6(1)(b) of the GDPR – processing of personal data is necessary for the performance of a contract entered into with the data subject or in order to take steps at the request of the data subject prior to entering into a contract with the data subject. If the customer or cooperation partner is a legal person, we process the data necessary to establish the right of representation.

2.2.  Connecto may also process personal data if this is necessary to comply with a legal obligation to which Connecto is subject. For example, if Connecto requests personal data from a court on the basis of a valid court order or ruling, or if personal data is requested by a law enforcement authority on the basis of a valid order. Similarly, if Connecto is required to retain personal information under, for example, accounting law or other applicable law. The legal basis for the processing of personal data for such processing is Article 6(1)(c) GDPR – processing of personal data is necessary for compliance with a legal obligation to which the controller is subject.

2.3.  In certain cases, Connecto may also process personal data where this is necessary for Connecto’s legitimate interest, unless such interest is overridden by the interests of the data subject or by fundamental rights and freedoms for the protection of which the personal data must be protected, in particular if the data subject is a child. The legal basis for the processing of personal data in such a case is Article 6(1)(f) GDPR.

2.4.  Depending on the legal relationship between you and Connecto, Connecto may process the following data about you:

3. TRANSFER OF PERSONAL DATA AND USE OF AUTHORISED PROCESSORS

3.1.  Connecto does not disclose personal data to third parties, unless it has the legal right to do so under applicable law.

3.2.  Connecto may use authorised processors for the processing of personal data. The processors authorized by Connecto to process personal data in limited cases are, for example, IT service providers (server service providers, IT software developers) or other support service providers. Connecto will only use as authorised processors those partners that Connecto is confident are reliable and have committed to process personal data in accordance with applicable law.

4. STORAGE OF PERSONAL DATA

4.1.  Connecto will not retain personal data for longer than is necessary for the purposes for which the personal data is processed or required by applicable law.

4.2.  Connecto will apply the following statutory retention periods:4.2.1.on the basis of the Accounting Act we retain accounting records for 7 years;

4.2.2. personal data relating to the conclusion of the contract, the longer retention period of which does not result from the applicable law, will be retained in accordance with the general rule for as long as they are required for the performance of the contract during the term of the contract or for up to 10 years after the termination of the contract due to Connecto’s legitimate interest pursuant to Article 6(1)(f) GDPR and the limitation period under the General Civil Code;

4.2.3. queries received for which a longer retention period does not result from the applicable law, we will generally retain for as long as necessary to respond to the query or for up to 3 years after the termination of the contract due to Connecto’s legitimate interest under Article 6(1)(f) GDPR and the limitation period under the General Civil Code.

4.3.  If you would like to receive more detailed information about the retention periods for personal data relating to you, please contact us using the contact details in the “Contact” section below.

5. USE OF SECURITY CAMERAS

5.1.  Under current law, Connecto has the right to use surveillance equipment for the protection of persons and property. For this purpose, Connecto uses security cameras on its own premises, in connection with which we also process personal data.

5.2.  The use of security cameras is necessary, in particular, to ensure the security of Connecto’s premises, to prevent and deal with security incidents and to ensure the security of Connecto’s property and persons, including employees.

5.3.  The legal basis for the use of security cameras is Connecto’s legitimate interest under Article 6(1)(f) of the General Data Protection Regulation (GDPR).

5.4.  Connecto’s surveillance equipment consists of cameras installed on the premises, which record the premises 24 hours a day (24/7), the security cameras are stationary and the cameras do not record sound.

5.5.  Connecto will use the cameras in the public outdoor areas of the Connecto premises. The purpose of the use of the cameras is to monitor activities in the Connecto outdoor areas.

5.6.  Security cameras are never installed in areas where Connecto employees, Connecto customers or other persons who may be in the line of sight of a security camera may have a reasonable expectation of privacy. There are no security cameras indoors.

5.7.  Where security cameras are used, a sign indicating the use of the camera, i.e. a sign with an image of the camera and/or the word “VIDEOVALVE (video surveillance)”, shall always be placed in the surveillance area of the security camera.

5.8.  As a general rule, Connecto will not disclose the recordings from the cameras to third parties, unless Connecto is entitled or obliged to do so under applicable law. For example, Connecto may transfer recordings to public authorities on the basis of applicable law, for example, if this is necessary for the investigation of offences or other incidents committed, by persons authorised by applicable law, such as the Police and Border Guard.

5.9.  Access to security camera recordings shall be limited to those persons who require access strictly related to the performance of their duties. For example, access to the recordings is restricted to the IT Manager of Connecto.

5.10.  Connecto shall implement reasonable organisational and technical security measures when storing the recording of the cameras to protect personal data against unintentional, unauthorised processing or disclosure. The recordings of the cameras shall be stored in Connecto’s local server room. Recordings from the cameras will not be transferred outside the European Union.

5.11.  Connectowillretaintherecordingsfromthecamerasforamaximumperiodof2monthsfromthe date of the recording, unless during this period proceedings have been initiated to investigate an offence or other incident committed during the same period, which requires the retention of a specific recording for a longer retention period. The 2-month retention period is necessary for the detection or investigation of any incident or offence that may have occurred during this period. Possible damages related to an offence in Connecto will normally be detected within 2 months after the offence occurred. In order to enable Connecto to take legal action against the offender in the event of a breach and to protect its rights, we need to retain the recordings from the cameras for up to 2 months after the recording is made.

5.12.  Any Connecto employee, Connecto customer or other third party who has been on Connecto’s premises and whose image has been recorded by Connecto has the right to access the recording containing his/her image. Connecto is unable to release a camera recording to an employee or third party if the recording has been deleted by the time the request for access to the recording is received. In addition, please note that in order to protect the rights and interests of other individuals who remain on the recording, we must alter their image so that they cannot be identified (blurring the image), and therefore we cannot provide access immediately.

6. USE OF COOKIES

6.1.  The Connecto website uses cookies. Cookies are small text files that contain information that is stored on a computer and are used for tracking or identification purposes.

6.2.  The Website uses the following types of cookies:

6.2.1. Session cookies: session cookies or temporary cookies – are used each time the Website is used and are deleted after the web browser is closed. Temporary cookies are necessary for the functionality of the Website.

6.2.2. Third-party cookies: for the purpose of better functioning of the Website and for the purpose of providing better services and collecting statistics, we use third-party cookies (Google Analytics and YouTube plugins). For more information on the privacy policy and terms and conditions of third party cookies, please visit the cookie manufacturer’s page: https://www.google.com/policies/technologies/cookies/.

6.3. In particular, the Website uses the following cookies:

Cookie Description Validity Type

6.4. You have the right to disable the use of cookies at any time by modifying your web browser settings. If you do so, please note that not all functions of the Website may work properly. You

can disable cookies by following the instructions of the “help” function of your web browser. More information on how cookies work or how to disable cookies can also be found on the following website www.allaboutcookies.org.

7. RIGHTS OF THE DATA SUBJECT

7.1.  Connecto guarantees all rights of the data subject under applicable law.

7.2.  Each data subject has, inter alia, the following rights:

7.2.1.  the right of access: the right to ask at any time whether or not Connecto holds personal data about him/her, and to be informed of what personal data Connecto is processing about him/her;

7.2.2.  the right to rectification of personal data: the right to request Connect to rectify or correct his/her personal data if it is insufficient, incomplete or incorrect;

7.2.3.  the right to object: the right to object to the processing of one’s personal data by Connecto, for example, where the use of the personal data is based on Connecto’s legitimate interest;

7.2.4.  the right to request the erasure of personal data: the right to request the erasure of personal data, for example when personal data is processed with the consent of the data subject and the data subject has withdrawn his or her consent;

7.2.5.  the right to restriction of processing: the right to require Connecto to restrict the processing of personal data on the basis of applicable law, for example when Connecto no longer needs the personal data to achieve the purposes of the processing or when the data subject has objected to the processing of personal data;

7.2.6.  the right to withdraw consent to the processing of personal data: where the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw the consent given to Connecto at any time;

7.2.7.  the right to data portability: the right to receive personal data from Connecto, which the employee has personally provided to Connecto, and which are processed on the basis of the data subject’s consent or for the performance of a contract entered into with the data subject, in written form or in a commonly used electronic format, and, where technically feasible, to request Connecto to transfer these data to another controller;

7.2.8.  the right to file a complaint: if the employee considers that his or her rights have been infringed as a result of the processing of his or her personal data, he or she always has the right to lodge a claim or complaint with the Data Protection Inspectorate – Tatari 39, 10134 Tallinn, info@aki.ee, www.aki.ee.

7.3.  The rights of the data subject listed in this Chapter in relation to the processing of his or her personal data are not exhaustive rights. In certain cases, the rights of other data subjects or the legal obligations of Connecto may limit the rights of the data subject.

7.4.  In order to exercise your rights in relation to the processing of your personal data or to make a request in relation to the processing of your personal data, please use the contact details provided in the “Contact” section below or contact your line manager, Human Resources or Data Protection Specialist.

8. SECURITY OF PERSONAL DATA

8.1. Connecto undertakes to ensure the security of the processing of personal data in order to protect personal data against accidental or unauthorised processing, disclosure or destruction.

8.2. Taking into account the latest developments in science and technology and the costs of implementation and the nature, scope, context and purposes of the processing of personal data, as well as the varying likelihood and magnitude of the risks to the rights and freedoms of data subjects arising from the processing, Connecto will implement appropriate technical and organisational measures to ensure the security of personal data when processing personal data.

9. CONTACT

9.1. If you have any questions relating to the processing of your personal data or if you wish to make a request relating to the processing of your personal data, please contact Connecto at the following contact details.

Connecto contact details are:

AS Connecto Eesti
Tuisu 19, Tallinn 11314 Phone: +372 6063100 e-mail: info@connecto.ee