INTRODUCTION

This Privacy Notice describes how AS Connecto Infra (registration code 10722319) processes personal data.

The purpose of this Privacy Notice is to provide our customers and partners with clear and transparent information about how AS Connecto Infra may process your personal data when you use our services.

If you have any specific questions about how we process your personal data or if you wish to make any requests to exercise your rights in relation to the processing of your personal data, please contact us using the contact details in the “Contact” section below.

AS Connecto Infra may amend these Terms and Conditions for the Processing of Personal Data from time to time. The current terms and conditions for processing personal data are published on our website.

1. DEFINITIONS

2. WHEN AND FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

2.1.  Connecto processes personal data primarily for the purpose of providing a service to its customers and partners and for the performance of contractual obligations on behalf of its customers and partners. If Connecto’s customer or cooperation partner is a data subject, the legal basis for the processing of personal data is Article 6(1)(b) of the GDPR – processing of personal data is necessary for the performance of a contract entered into with the involvement of a data subject, or in order to take steps at the request of a data subject prior to entering into a contract. If the customer or cooperation partner is a legal person, we process the data necessary to establish the right of representation.

2.2.  Connecto may also process personal data where this is necessary to comply with a legal obligation to which Connecto is subject. For example, if Connecto requests personal data from a court pursuant to a valid court order or judgment, or if personal data is requested by a law enforcement authority pursuant to a valid regulation. Similarly, if Connecto is required to retain personal information under, for example, accounting law or other applicable law. The legal basis for the processing of personal data for such processing is Article 6(1)(c) GDPR – processing of personal data is necessary for compliance with a legal obligation to which the controller is subject.

2.3.  In certain cases, Connecto may also process personal data where this is necessary for Connecto’s legitimate interest, unless such interest is overridden by the interests of the data subject or by the fundamental rights and freedoms for which the personal data must be protected, in particular where the data subject is a child. The legal basis for the processing of personal data in such a case is Article 6(1)(f) GDPR.

2.4.  Depending on the legal relationship between you and Connecto, Connecto may process the following data about you:

3. TRANSFERS OF PERSONAL DATA AND USE OF PROCESSORS

3.1.  Connecto does not transfer personal data to third parties, except where it has a legal right to do so under applicable law.

3.2.  Connecto may use processors to process personal data. Processors that Connecto may process personal data in limited cases are, for example, IT service providers (server service providers, IT software developers) or other support service providers. Connecto will only use as processors partners that Connecto is confident are reliable and have committed to process personal data in accordance with applicable law.

4. STORAGE OF PERSONAL DATA

4.1.  Connecto will not retain personal data for longer than is necessary for the purposes for which it is processed or required by applicable law.

4.2.  Connecto applies the following legal retention periods:

4.2.1. Under the Accounting Act, we keep accounting records for 7 years;

4.2.2. Personal data relating to the conclusion of the contract, the longer retention period of which does not result from applicable law, we will generally retain for as long as they are necessary for the performance of the contract during the contract or for up to 10 years after the expiry of the contract due to Connecto’s legitimate interest pursuant to Article 6(1)(f) GDPR and the limitation period under the General Civil Code;

4.2.3. Inquiries received for which a longer retention period is not provided for by applicable law, we will, as a general rule, retain for as long as necessary to respond to the inquiry or for up to 3 years after the termination of the contract due to Connecto’s legitimate interest under Article 6(1)(f) GDPR and the limitation period under the General Civil Code.

4.3.  If you would like to receive more detailed information about the retention periods for personal data relating to you, please contact us using the contact details in the “Contact” section below.

5. USE OF SECURITY CAMERAS

5.1.  Under current law, Connect has the right to use surveillance equipment to protect persons and property. To this end, Connecto uses security cameras on its own premises, in connection with which we also process personal data.

5.2.  The use of security cameras is necessary, in particular, to ensure the security of Connecto’s premises, to prevent and respond to security incidents and to ensure the safety of Connecto’s property and people, including employees.

5.3.  The legal basis for the use of security cameras is Connecto’s legitimate interest under Article 6(1)(f) of the General Data Protection Regulation (GDPR).

5.4.  Connecto’s surveillance equipment consists of cameras installed on the territory, which record the territory 24 hours a day (24/7), the security cameras are fixed and the cameras do not record sound.

5.5.  Connecto will use the cameras in the public areas of the Connecto territory. The purpose of the use of the cameras is to monitor activities in Connecto’s outdoor areas.

5.6.  Security cameras have never been installed in areas where Connecto employees, Connecto customers, or other persons who may be in the line of sight of a security camera may have a expectation of complete privacy.

5.7.  When security cameras are used, a sign indicating the use of the camera, i.e. a sign with the image of the camera and/or the word “VIDEO”, is always placed in the surveillance area of the security camera.

5.8.  As a general rule, Connecto will not disclose camera recordings to third parties unless Connecto is entitled or obliged to do so under applicable law. For example, Connecto may transfer recordings to public authorities on the basis of applicable law, for example, if it is necessary for the investigation of offences or other incidents committed by persons authorised by applicable law, such as the Police and Border Guard Board.

5.9.  Access to CCTV recordings is limited to persons who need access strictly in the course of their duties. For example, access to the recordings is limited to the IT manager of Connecto.

5.10.  Connecto implements reasonable organisational and technical security measures when storing the recording of the cameras to protect personal data against accidental, unauthorised processing or disclosure. Camera recordings are stored on Connecto’s local server room. Camera recordings will not be transferred outside the European Union.

5.11.  Connecto retains camera recordings for up to 2 months from the date of the recording, unless during this period proceedings have been initiated to investigate an offence or other incident that occurred during the same period, which requires the retention of a specific recording for a longer retention period.The 2-month retention period is necessary for the detection or investigation of any incident or offence that may have occurred during this period. Possible damages related to an offence in Connecto will normally be detected up to 2 months after the offence occurred. In order to enable Connecto to take legal action against the offender in the event of a breach and to protect its rights, we need to retain the recordings from the cameras for up to 2 months after the recording is made.

5.12.  Any Connecto employee, Connecto customer or other third party who has been on Connecto’s premises and whose image has been recorded by Connecto has the right to access the recording containing his or her image. Connecto will not be able to release a camera recording to an employee or third party if the recording has been deleted at the time of the request for access to the recording. In addition, please note that in order to protect the rights and interests of other individuals who remain on the recording, we must alter their image so that they cannot be identified (blurring the image), and therefore we cannot provide access immediately.

6. USE OF COOKIES

6.1.  Connecto website uses cookies. Cookies are small text files that contain information stored on your computer and are used for tracking or identification purposes.

6.2.  The website uses the following types of cookies:

6.2.1. Session cookies: session cookies – or temporary cookies – are used each time you use the Website and are deleted when you close the web browser. Temporary cookies are necessary for the functionality of the Website to function properly.

6.2.2. Third-party cookies: we use third-party cookies (Google Analytics and YouTube plugins) to improve the functioning of the Website and to better provide our services and collect statistics. For more information on the third party privacy policy and terms and conditions, please visit the cookie manufacturer’s website: https://www.google.com/policies/technologies/cookies/.

6.3. More specifically, the Website uses the following cookies:

Cookie Description Validity Type

6.4. You have the right to disable the use of cookies at any time by changing your web browser settings. In this case, please note that not all functions of the Website may work correctly. You can disable cookies by following the instructions in the “help” or “help” function of your web browser. You can also find more information on how cookies work or how to disable cookies at www.allaboutcookies.org.

7. RIGHTS OF THE DATA SUBJECT

7.1.  Connecto guarantees all rights of the data subject under applicable law.

7.2.  Each data subject has the following rights, among others:

7.2.1.  right of access: the right to ask at any time whether or not Connecto holds personal data about you and to be informed about the personal data that Connecto processes about you;

7.2.2.  right to rectification of personal data: the right to ask Connect to specify or rectify your personal data if it is insufficient, incomplete or incorrect;

7.2.3.  Right to object: the right to object to the processing of your personal data by Connecto, for example, where the use of the personal data is based on Connecto’s legitimate interest;

7.2.4.  right to request erasure of personal data: the right to request the erasure of personal data, for example where personal data are processed with the consent of the data subject and the data subject has withdrawn his or her consent;

7.2.5.  right to restriction of processing: the right to require Connecto to restrict the processing of personal data on the basis of applicable law, for example where Connecto no longer needs the personal data to achieve the purposes of the processing or where the data subject has objected to the processing of personal data;

7.2.6.  the right to obtain the consent for the processing of personal data:if the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw the consent given to Connectoi at any time;

7.2.7.  right to data portability: the right to receive from Connecto personal data which the employee has provided to Connecto and which are processed on the basis of the data subject’s consent or for the performance of a contract entered into with the data subject, in written or commonly used electronic format, and, where technically feasible, to request Connecto to transfer those data to another controller;

7.2.8.  right to lodge a complaint: if the employee considers that his or her rights have been infringed as a result of the processing of his or her Personal Data, he or she always has the right to lodge a claim or complaint with the Data Protection Inspectorate – Tatari 39, 10134 Tallinn, info@aki.ee, www.aki.ee.

7.3.  The rights of the data subject listed in this Chapter in relation to the processing of his or her personal data are not exhaustive. In certain cases, the rights of other data subjects or Connecto’s legal obligations may limit the rights of the data subject.

7.4.  To exercise your rights in relation to the processing of your personal data or to make a request concerning the processing of your personal data, please contact us using the contact details in the “Contact” section below or your line manager, Human Resources or Data Protection Specialist.

8. SECURITY OF PERSONAL DATA

8.1.  Connecto undertakes to ensure the security of the processing of personal data in order to protect personal data against accidental or unauthorised processing, disclosure or destruction.

8.2.  Taking into account the latest developments in science and technology and the costs of their implementation, the nature, scope, context and purposes of the processing of personal data, as well as the varying likelihood and scale of the risks to the rights and freedoms of data subjects arising from the processing, Connecto will implement appropriate technical and organisational measures to ensure the security of personal data when processing personal data.

9TH CONTACT

9.1. If you have any questions about the processing of your personal data, or if you wish to make a request regarding the processing of your personal data, please contact Connecto at.

Connecto’s contact details are:

AS Connecto Infra
Tuisu 19, Tallinn 11314 Phone: +372 6063100 e-mail: info@connecto.ee