DATA PROTECTION CONDITIONS

This guide to the processing of personal data (hereinafter referred to as the Guide) has been prepared in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, hereinafter the Regulation) and the Personal Data Protection Act and applyb E-RAAMATUPIDAMINE24 accounting agency, MR Trade OÜ, (registry code: 12686623, registered office address:  Võru county, Võru city, F. R. Kreutzwaldi tn 43b, 65610 Republic of Estonia, hereinafter we) for customers and potential customers who have expressed a wish to order our services or cooperate.

The guide is an integral part of the contracts concluded between us and the client and contains the following information:  

  • what types of personal data do we collect?
  • why and on what basis do we collect your personal data?
  • how do we handle your personal data?
  • what are your rights?
  • where can you find us so that you can know  about and exercise your rights in relation to the processing of your personal data?
1. USEFUL CONCEPTS

We will use the definitions below in the guide in the following content:

  • Customer – a natural or legal person who uses, has used or has expressed a desire to use our Services or is otherwise associated with our Services (hereinafter referred to as the Customer or you);
  • data subject – a natural person about whom we have information and information to identify the person. Data subjects are, for example, clients who are natural persons, visitors, providers of inquiries and questions/requests, cooperation partners, representatives and employees of clients who are legal persons (hereinafter the person or client);
  • "personal data " means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is a natural person who can be identified, directly or indirectly, inter alia, through personal data, location information, physiological, social or economic characteristics;
  • "processing" means any operation which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (including by transmission, dissemination or otherwise making available), alignment or combination, restriction, erasure or destruction;
  • "controller " means a natural or legal person, as well as a public authority or local authority, which is the primary collector of personal data and which sets out the purposes and means of the personal data processed by that person;
  • processor – a natural or legal person, as well as a public authority or local authority, which processes personal data on behalf of and on the instructions given by the controller.

Due to thespecifics of accounting, we are both the controller and the authorized processor of  the personal data disclosed to us by the client. As an authorized processor, we process this personal data on behalf of the client and in accordance with the client's instructions. The relationship, rights and obligations between the processor and the controller are determined, if necessary, in the customer's contract between the parties, taking into account the general obligations arising from the applicable legislation.

2. PERSONAL DATA


We process customers' personal data only  on the grounds and for the purposes specified in the Personal Data Protection Regulation, the Personal Data Protection Act and the Instructions. We process the following personal data of our customers:

Personal identification data
  • first and last name, contact details (incl. place of residence, e-mail address and contact phone number), personal identification code/date of birth, copy of identity document (passport, ID-card), citizenship, if necessary, other data arising from the law (incl. the Money Laundering and Terrorist Financing Proofing Act). 

The client's right of representation
  • data on the person's connection with legal persons (e.g. data submitted by the person or seen in public registers, the basis for the right of representation or other links for making transactions on behalf of the legal person and for representing them).

Data related to the provision of the service
  • personal data that has become known to the customer through the provision of the service, so-called indirect personal data (e.g. customer's employees, customers, suppliers and contractual partners), which we process for the provision of accounting and other related services, and which may include the following data: the person's first and last name, personal identification code/sbirth time, number of dependents, marital status, contact details (e.g. place of residence, e-mail address and  contact phone number), residency, profession/occupation,  data on fees paid, bank account number, client's employment contracts, additional data necessary for calculating wages (including salary calculations, special types of health data, letters from bailiffs), the service ordered and the goods to be purchased, settlements and arrears, data of the shareholders of the company, data on beneficiaries or data on persons otherwise related to the association in relation to investments and financial interests);
  • data that reflects the person's activities when ordering and using our services, including the content of the ordered service, contracts concluded with the person and data on breach of contract, customer communication and correspondence, information related to payment for the service (payments / arrears);
  • details of transactions made from the person's payment account, including the name of the payer, the date of payment, currency, amount and explanation.

Other data 
  • internet data: data related to the use of the website, cookies, website log data and IP addresses.

 

We collect the above data in different ways:

  • data disclosed to us by a person (e.g. through inquiries, requests, conclusion of a contract) and data received as a result of  communication (e.g. correspondence, telephone calls, oralconversation, etc.);
  • data disclosed by the person himself/herself on the Internet and social media;
  • data received when paying for the service;
  • data from third parties – from public registers, authorities;
  • previous information about the person and service stored in our databases.

 

3. PURPOSE AND BASIS OF DATA PROCESSING

We have a legal basis and interest in processing the personal data of the client or the customer's representative during the establishment, duration and termination of cooperation and customer relationship, and to store personal data throughout the process, including storing data for fulfilling legal obligations, filing claims and holding legal disputes.  

We collectand process personal data primarily in the following situations and for the following purposes:

For the purpose of and on the basis of the performance of the contract
  • providing services, in particular making a price offer to the client, performing pre-contractual operations, concluding and performing a client contract;
  • identification of the client and identification of the existence of the right of representation;
  • organization and recording of customer communication, updating and correcting personal data; 
  • data received within the framework of the provision of the service, keeping records of the client's work, previous projects, timekeeping, processing of purchase and sales invoices;
  • data related to the fulfilment of the client's payment obligations, settlements, invoicing and collection of payments;
  • making claims relating to the client or participating in the procedure.

For the performance of a legal obligation
  • due diligence, including for the prevention of money laundering and terrorist financing;
  • organization of accounting, as well as the fulfillment of tax obligations;
  • mandatory notification of public authorities and state bodies and the response to their requests for information (subject to legal restrictions);
  • where applicable, transmission of personal data to processors, national or supervisory authorities;
  • protecting our property and that of our customers.

On the basis of a legitimate interest
  • protecting the client and our legitimate interests in order to improve the quality of our services, prove the business relationship and promote communication with the client;
  • marketing activities and maintaining and developing customer relations, including  the provision of information related to the organisation of customer events and trainings;
  • capturing customer events and trainings with photos and/or filming with the aim of introducing customers to our business activities, products and services and providing events of interest.

With the consent of the client
  • direct marketing (e.g. introducing the services we offer via e-mails and submitting offers);
  • data generated as a result of visiting and using the website (e.g. data about how you use the website, IP address and location information). 

 

4. ACCESS TO PERSONAL DATA AND SECURITY

We ensure the secure preservation of the confidentiality of a person's data required by law and organize the protection of personal data against unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.  

Only the legal representatives of our company or designated employees have access to personal data. Certain personal data may be transferred to a third party, i.e. a processor, for the purpose of fulfilling obligations arising from the contract and the law (see clause 5 of the instructions).

We organize the storage and exchange of information in a secure manner, using multiple personal access and identification codes and secure channels for transmitting information, which prevents access to third parties and minimizes the risk of data leakage.

5. DATA SHARING

We transfer the client's personal data to third parties, if required by law, necessary for the organization of our work or for the exercise of legal obligations or rights, or on another legal basis. Personal data submitted to authorized processors are processed on the grounds provided by law and only to the extent necessary. 

We transfer personal data to the following recipients:

  • was used as processors for the purpose of organizing our work (e.g. IT system manager, client program manager, business software, accounting software, archiving service provider etc.);
  • authorities (Tax and Customs Board, Unemployment Insurance Fund, Health Insurance Fund, Courtes, Police and Border Guard Board, Financial Intelligence Unit, Data Protection Inspectorate, etc.);
  • providers of legal services and audit services.


6. STORAGE AND TIME OF PERSONAL DATA

We will not process personal data for longer than is necessary for the purposes related to the respective data, including the data retention obligation set out in law. 

Based on the above, we proceed from the following when storing personal data:

  • ramatures documents are stored for 7 years under the Accounting Act  ;
  • the  data collected under the Prevention of Terrorist Financing and Terrorist Financing Act will be stored for 5 years;
  • theinformation obtained on the basis of the consent shall be kept until the consent is withdrawn.

The customer has the right to withdraw his/her consent at any time by submitting it to us by e-mail or on the basis of the instructions given in the newsletter  . The withdrawal of consent shall not affect the lawfulness of the processing of personal data carried out before the withdrawal of the consent. 

Personal data are processed within the European Union/European Economic Area. Should there be a need to process personal data on servers located outside the aforementioned area, the transfer will only take place to recipients located in a country with an adequate level of data protection in accordance with the european Commission's decision to that effect or to recipients  certified under the Privacy Policy (applicable to recipients located in the United States).

 

7. KLIENT'S RIGHTS

By organizing the protection of personal data by us, the client has the following rights:

  • get acquainted with information about the person and, if necessary, receive a copy of the data;
  • request the correction of outdated or erroneous data;
  • request the erasure of data or the termination of processing if there is no longer a legal basis for storing or processing the data and if the retention of the person's data is no longer necessary for the processing of the data;
  • require the transfer of data to a third party;
  • the right to lodge a complaint with a supervisory authority.

In order to exercise the above rights, please contact our representative. If the customer suspects that their personal data has been misused, our representative must be notified immediately.

 

8. COOKIES AND OTHER WEB TECHNOLOGIES

A cookie is a small text file that is stored on the user's device. On our website and social media,  cookies may be used to provide a service to the user, to analyze and improve the user experience, and to market more effectively. By visiting the website and social media, the user agrees to the use of cookies in the  manner described in the instructions.

Cookies are generally used to collect statistical data, paying attention to the preferences of users when visiting different websites. The information is used to make the website more user-friendly and better.

In order to limit the use of cookies, the user can set the respective preferences through their browser settings. If cookies are not used, the websites may not work correctly and not all services may be available. 

We reserve the right to update and amend this guide. The changes will be made visible to customers on our website.

If you have any questions regarding the processing of personal data, please contact us at the following contacts:

 

E-RAAMATUPIDAMINE24 Accounting AgencyMR Trade Ltd.

Address: Estonia Võru city, F. R. Kreutzwaldi tn 43b, 65610

Phone: +372 58207197

Email: info@e-raamatupidamine24.ee

www. e-raamatupidamine24.ee