Adopted by the Management Board of Laomaailma AS on 08.05.2020
- What data do we collect and use?
- Purpose and legal basis for processing personal data
- Transmission and disclosure of personal data
- Storage of personal data
- Your rights
The Controller of your personal data within the meaning of the applicable personal data protection legislation is Laomaailm AS (hereinafter Storit). Storit processes your personal data in accordance with these principles and applicable personal data protection laws and regulations.
Contact details of the Controller and Data Protection Officer
Registry code: 10077541
Address: Linamäe 2, Tänassilma küla, 76 406, Saku vald, Harjumaa, Estonia
Phone: +372 659 3050
2. What data do we collect and process?
Storit collects your personal data in different ways, as described below. Generally, you provide your personal data to Storit yourself when you purchase or rent equipment or otherwise interact with Laomaailm (for example, through the e-store or customer service). Storit may also collect your personal data from external sources, such as public databases (business register, credit information database).
The personal data that Storit collects includes, but is not limited to:
general personal data such as name, date of birth and personal identification code, identification document details and a copy thereof;
contact information, such as email address, postal address, and phone number. In the case of business customers, also information on the person's position and contact details in the company represented and information on the authorisation (right of representation);
customer relationship information, including customer contacts, customer inquiries and responses, feedback and research on the service provided by Laomaailm, billing and payment information, information about leased equipment, and information about the contract with you;
solvency assessment and debt data;
and other data collected or created in the course of performance of the contract.
3. Legal basis for processing personal data
Storit processes personal data for the following purposes and based on Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) paragraph 1 (a) (consent of the data subject), (b) (for the performance of the contract or for implementing pre-contractual measures, as appropriate), (c) (for the performance of a legal obligation of the controller) and (f) (legitimate interest).
Storit processes and collects personal data in order to:
enable the provision of services, perform a contract or prepare a contract, and manage and maintain a customer relationship with you and/or the company you represent. The processing of personal data for this purpose is based on an agreement between the parties or Storit's legitimate interests. The objective of Storit is to process any personal data in a manner that is appropriate, fair and efficient for such purposes;
inform their customers by e-mail about Storit’s new products and/or services, ask for feedback from you or provide you with any other necessary information about Storit’s products and/or services. The processing of personal data for this purpose is based on Storit's legitimate interest in providing its customers with the necessary information about Storit, advertising products and/or services and enhancing Storit's business model. You have the right to cancel the marketing communications specified here at any time by sending an e-mail to Storit;
improve the quality of Storit’s products and/or services and develop new products and/or services. The processing of personal data for these purposes is based on Storit's legitimate interest, so that Storit would have sufficient relevant information to develop products and/or services;
fulfil their obligations under applicable accounting and tax legislation. In this case, the processing of personal data is based on legal requirements according to which the undertaking must keep certain accounting data;
assess the solvency of you or the company you represent. Storit also makes this assessment in order to manage information about your debts to Storit and your solvency potential. If Storit's invoices are not properly paid or the products are not returned within the prescribed time, we may process personal data to publish relevant information in debtors' databases, by legal service providers, and in databases designed to improve debt collection, in accordance with applicable law. In such a case, the processing of personal data by Storit is based on a legitimate interest in ensuring the security of Storit's business operations, as well as protecting the company's business interests and interest in receiving payment for its products and/or services;
and to pursue Storit's legitimate interest in filing, processing or defending legal claims arising from the agreement entered into with Storit.
4. Transmission and disclosure of personal data
Storit may disclose your personal information to third parties:
where permitted or required by law, e.g. at the request of the competent authorities or in connection with legal proceedings;
if Storit's trusted service providers provide services on behalf of Storit in accordance with Storit's instructions. Storit is also responsible for the use of personal data in such a case;
where it is necessary to make the debt recovery procedure more efficient;
in connection with a merger, acquisition or sale of a Storit business or part thereof;
and if Storit believes in good faith that disclosure is necessary to protect your rights, for the safety of you or others, to investigate fraud, or to respond to government inquiries.
Storit may disclose personal data to:
Storit’s employees responsible for cooperation with customers and supporting customer relations, as well as employees in accounting, IT maintenance, business analysis and business planning functions;
suppliers and auditors of IT systems used to manage customer communication;
persons who help Storit to exercise their rights arising from the agreement (e.g. debt collection services, legal consultants, credit information companies, etc.);
the state agencies and courts of the Republic of Estonia, if such transmission of data is required by law;
Storit’s authorised employees and other persons involved in the performance of the contract;
parties involved in possible mergers, acquisitions or the full or partial sale of Storit's assets.
Storit will not transfer your personal data outside the European Union and the European Economic Area.
Laomaailm AS is the controller of personal data. Storit forwards the personal data necessary for making payments to the processor Maksekeskus AS.
6. Storage of personal data
Storit will retain the collected personal data only for as long as is necessary to achieve the purposes described in these principles or in accordance with applicable law.
Most of your personal data will be kept until the end of the customer relationship between you and Laomaailm. Certain personal data may be retained after the end of the customer relationship, if required or permitted by applicable law. For example, in accordance with legislation, we keep basic accounting documents for 7 years from the end of the respective financial year. If the retention of your personal data is no longer required by law or in connection with the rights or obligations of either party, we will delete your personal data.
7. Your rights
In case of justified interest, everyone has the right to access their personal data processed by Storit. You have the right to access, correct, update, amend or delete the data at any time on the basis of a written notice. However, please note that Storit cannot delete certain data that is strictly necessary or required by law to achieve the objectives described in these principles.
You have the right to object to certain processing. You have the right to restrict the processing of your data under the conditions set out in personal data protection legislation.
You have the right to transfer data under the conditions set out in personal data protection legislation, i.e. the right to receive your personal data in an organised form in a publicly available machine-readable format and to transfer it to another controller at your own discretion, if this is supported by the IT systems used by Storit at no additional cost.
Storit always uses appropriate technical and organisational security measures (including physical, electronic and administrative) to protect personal data from loss, destruction, misuse and unauthorised access or disclosure.
While Storit seeks to protect the security of personal data with all reasonable measures, no system completely rules out all possible security risks. If security risks occur, Storit will take all measures to eliminate them immediately.