Data protection conditions (Privacy Policy)

1. General conditions
   1. This present document (hereinafter “Data Protection Conditions”) explains how CH Konsultatsioonid OÜ, seated at Soola 8, 51013 Tartu, register number 11229059 (hereinafter “CHK”) uses personal data and ensures their lawful processing, confidentiality and security.  
   2. CHK is responsible for performing its duties and for ensuring the security and fair processing of personal data by its employees and in its systems.  
   3. CHK processes personal data pursuant to principles established in the General Data Protection Regulation, Personal Data Protection Act, Money Laundering and Terrorist Financing Prevention Act, and other relevant legislation, guidelines issued by Data Protection Inspectorate and these present Data Protection Conditions.
   4. CHK processes personal data on the basis of the following principles:
      1. Principle of lawfulness, fairness and transparency
      2. Principle of purpose limitation – CHK processes personal data for specified, explicit and legitimate purposes. The purposes of processing personal data are described in clause 3 of the Data Protection Conditions (What does CHK use Personal Data for?).
      3. Principle of data minimisation – CHK processes only those personal data that are necessary in relation to the purposes for which they are processed.
      4. Principle of accuracy – CHK takes relevant steps to ensure the accuracy of the data processed, inaccurate or excessive data are erased or rectified at the earliest opportunity.
      5. Principle of storage limitation – CHK stores personal data no longer than is necessary for the purposes for which the personal data are processed or for compliance with a legal obligation.
      6. Principle of integrity and confidentiality – CHK has taken physical, organisational and technological security measures to ensure lawful processing and security of personal data.
   5. CHK has the right of unilateral amendment of these Data Protection Conditions at any time, by giving notice thereof at www.chk.ee/andmekaitsetingimused.
      
      
2. Definitions
   1. Personal data – any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
   2. Special categories of personal data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of generic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
   3. Service – services provided to the client by CHK. CHK provides the following services (the services provided are available on the homepage of CHK at www.chk.ee):
      1. Accounting service;
      2. Business and tax consultancy;
      3. Business software intermediation;
      4. Insurance intermediation;
      5. Contact person service for the purposes of section 63¹ of the Commercial Code.
   4. Data subject – a natural person whose Personal Data are processed by CHK. For the purposes of the Data Protection Conditions, Data Subjects primarily include transaction partners of CHK and persons, whose Personal Data have become known to CHK by providing Service to transaction partners, also persons connected to them and CHK employees and persons connected to them and employment candidates.
   5. Processing of personal data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
   6. Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised.
   7. Controller – natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
   8. Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. CHK acts as Personal Data’ Controller or Processor depending on different processes of processing of Personal Data.
   9. Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclose, whether a third party or not. For the purposes of the Data Protection Conditions, Recipients are first and foremost Processors and public authorities, whose obligation of transfer or disclosure of Personal Data arises from the law.
      
      
3. What kind of Personal Data are processed by CHK?
   1. In the course of providing the Service, CHK processes the following Personal Data:
      1. Data Subject’s given name and surname;
      2. Data Subject’s date of birth, personal ID code;
      3. Data Subject’s telephone number, e-mail address;
      4. Data Subject’s address;
      5. Data Subject’s bank account number;
      6. Information regarding Data Subject’s income, its origin and size;
      7. Data Subject’s place of work, information regarding wages and salary, sick days;
      8. Data Subject’s qualification, education, hobbies, photo;
      9. Information regarding personal identification document (type, issuer, validity of and personal data and photo on the document);
      10. Information regarding person’s status (“Is the person or his or her close colleague or family member politically exposed?”)
      11. Cookies, IP address, browser data;
          
          
4. Why does CHK process Personal Data (the purpose of processing Personal Data)?
   1. CHK processes Data Subjects’ Personal Data only for the purposes of providing the Service, improve Service quality and perform lawful obligations.
   2. CHK collects from Data Subject only such Personal Data that is necessary for the purposes established in clause 4.1.
   3. If Data Subject wishes to use the Services provided by CHK, the Data Subject has to provide CHK with all the required Personal Data. Upon failure to provide such data, CHK cannot provide the Service to Data Subject.
   4. CHK may collect data other than Personal Data required for providing the Service only upon separate consent provided by Data Subject with regard to particular processing.
      
      
5. How does CHK obtain Personal Data?
   1. CHK obtains Personal Data from Data Subject or Client by means of direct statements or data submitted via e-mail and from documents, invoices, etc. submitted by the Client;
   2. CHK obtains Personal Data of website visitors from the web browser used by Data Subject;
   3. CHK obtains Personal Data when Data Subject enters the data in CHK contact form used on its website https://chk.ee/kontakt;
   4. CHK obtains Personal Data when Data Subject enters the data in CHK job application contact form used on its website https://chk.ee/tule-toole
   5. CHK obtains Personal Data from public sources and databases;
   6. CHK obtains Personal Data from state information systems to which CHK has access due to the nature of its Service;
   7. CHK obtains Personal Data from personal identification document;
      
      
6. Legal basis for processing Personal Data
   1. CHK processes Data Subjects’ Personal Data in order to:
      1. Prepare or perform the contract entered into with the Client or at Data Subject’s request (upon provision of Service by CHK to Client). In order to perform the contract entered into with the Client, CHK processes not only Client’s data, but also data regarding other persons that has become known to CHK in the course of providing the Service to the Client. Such data may include e.g. information regarding wages of CHK Clients, bank account numbers, etc.;
      2. Perform obligations arising from law;
      3. In case of legitimate interest of CHK (primarily for direct marketing and statistical purposes).
         
         
7. Who is the recipient of Personal Data transferred/disclosed by CHK?
   1. CHK transfers or discloses Data Subjects’ Personal Data to the Recipient only where it is necessary for providing Service to the Client, performing contractual obligations or where transfer or disclosure of the data is required by law.
   2. CHK does not transfer Data Subjects’ Personal Data to third countries or to international organisations.
      
      
8. For how long does CHK store Personal Data?
   1. CHK stores Personal Data for as long as it is are necessary in relation to the purposes for which Personal Data are processed (see also clause 4 of the Data Protection Conditions) or for performing the obligations arising from law. Upon expiry of the term for storage of Personal Data established by law and where Personal Data are no longer necessary in relation to the purposes for which they are processed, CHK will return to the Client all original documents submitted by the Client and erase Personal Data in a manner that does not allow to restore them in future. If the Client fails to receive the original documents returned by CHK, CHK has the right to destroy such documents.
   2. Personal Data contained in accounting source documents, registries, contracts, financial statements and other business documents, are stored for seven (7) years after the end of the financial year when the document was entered in the accounts.
   3. CHK stores employment contracts and Personal Data contained therein for ten (10) years after termination of the employment. The CVs of candidates who were not chosen will be stored for one (1) year after issuing the decision not to employ them.
   4. Data processed in order to comply with the money laundering and terrorist financing prevention requirements will be stored for five (5) years after the transaction, completion of obligations arising from law or termination of business relationship.
      
      
9. Data Subject has the right to:
   1. Have access to Personal Data concerning the Data Subject and receive printouts and copies of Personal Data concerning the Data Subject;
   2. Request information concerning the categories of processed Personal Data and the purpose of processing such data;
   3. Request rectification of incorrect or inaccurate Personal Data concerning the Data Subject;
   4. Request erasure of his or her Personal Data, if the processing of Personal Data is no longer necessary;
   5. Request restriction of processing of the Personal Data concerning the Data Subject, if the Data Subject has submitted a statement regarding rectification or erasure of the Personal Data or if the Data Subject has contested the accuracy of processed Personal Data;
   6. Object to processing of Personal Data in public interests or in the interests of CHK (including for direct marketing purposes).
   7. If the processing of Personal Data is based on the Data Subject’s consent or is necessary for preparing or performance of a contract entered into with the Data Subject and in case of automated processing of Personal Data, the Data Subject has the right to receive Personal Data concerning the Data Subject which the Data Subject has provided to CHK in a structured, commonly used, machine-readable format, and to transit it to another Controller.
   8. If the Data Subject has granted consent for processing of his or her Personal Data, the Data Subject has the right to withdraw such consent at any time. Withdrawal of the consent will not make the processing that has already taken place unlawful.
   9. Lodge complaint or request for information to a data protection specialist by sending an e-mail to andmekaitse@chk.ee
   10. Lodge complaint to the Data Protection Inspectorate (www.aki.ee, Väike-Ameerika 19, 10129, Tallinn), in case the Data Subject finds that the processing of his or her Personal Data is not lawful.
       
       
10. Terms for compliance with Data Subject’s request for information
    1. CHK will comply with Data Subject’s request for information or applies the measure requested by Data Subject without delay, but no later than within thirty (30) calendar days after receipt of relevant request for information. In case CHK considers the request for information to be unlawful, CHK will inform Data Subject thereof immediately, but no later than within thirty (30) calendar days. In case the compliance with Data Subject’s request for information is complicated, the aforesaid term may be extended to no more than sixty (60) calendar days.
    2. CHK complies with Data Subject’s justified request for information free of charge. Where Data Subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive character, CHK may charge a reasonable fee or refuse to act on the request or take measures.
    3. CHK will comply with Data Subject’s request for information:
       1. At the office of CHK by issuing to the Data Subject copy or printout of the document containing his or her Personal Data.
       2. By sending Personal Data electronically to the e-mail address of the Data Subject. CHK will transfer Personal Data by electronic means only upon request of the Data Subject or his or her legal representative. If the Personal Data to be transferred contain special categories of Personal Data, then Personal Data will be transferred by e-mail only in encrypted format.
    4. CHK has the right to ask the person submitting the request for information or other request to verify his or her identity.
    5. Where the request for information has been submitted by legal representative of the Data Subject, CHK has the right to require verification of the right of representation.

Terms and conditions for using cookies

What is a cookie?

A cookie is a small file (less than 1 kB) consisting of numbers and characters that your web browser (e.g. Chrome, Firefox, Safari etc.) saves on your computer or mobile device (including smartphone). When you visit our webpage, your web browser saves only those cookies requested by our website. 

What are cookies used for?

The purpose of cookies is to remember your actions and preferences. Such information allows us to provide you with pleasant user experience while visiting and browsing our site, inform you of the content of the site, make recommendations and personalise advertising. Without cookies, some of the functionalities of our website are not available. 

Cookies allow to identify you as a person who has visited our webpage before and facilitate collecting website traffic statistics. Collecting website traffic statistics helps us improve and enhance user experience when navigating the website.

Which cookies are used by our website?

CH Konsultatsioonid website www.chk.ee uses the following cookies:
Session cookies – Session cookies are used in order to maintain the functionality of our website. Using session cookies helps the website administrator to link your actions on our website. Cookie collection starts when you open the browser tab and they will be deleted after you leave the browser.
Persistent cookies – we use these cookies to analyse your behaviour in order to improve our website. For example, these cookies provide us information about the number of visitors to our website, sites they visit, and total duration of the time spent on our website. All information collected by the cookies will be added to similar information collected from other users and it is thus anonymous. We do not identify individual visitors.
Advertising cookies – cookies used by other websites to display you personalised advertising. CH Konsultatsioonid does not control the collection, creation and use of these cookies and further information regarding them can be obtained from third parties.

  

Name of cookie	Description/type	Created	Retained for
_fbp	Facebook uses this cookie to display to the user targeted advertising, which is more relevant and interesting for the user and thus have more value for their publisher and third-party advertisers.	When entering the website	3 months
_ga	Google Analytics uses this cookie to collect website usage statistics in order to improve website’s user experience. Used for distinguishing between users.	When entering the website	2 years
_gat	Google Analytics uses this cookie to assess the purpose of visit, generate site activity reports for website administrator and improve user experience when visiting the site. Used for increasing response rate.	When entering the website	1 minute
_gid	Google Analytics uses this cookie to assess the purpose of visit, generate site activity reports for website administrator and improve user experience when visiting the site. Used for distinguishing between users.	When entering the website	24 hours
_ewsa	Data on the website’s visitors for statistics.	When entering the website	2 years
_ewsb	Data on the website’s visitors for statistics.	When entering the website	30 minutes
Site_lang	Stores the language code of recently visited website.	When entering the website	2 years

Can I reject cookies?

You agree to using cookies on the website of CH Konsultatsioonid, information society service settings or web browser.

You can use your browser settings to reject placing certain or all cookies.

Keep in mind that if you set your browser to reject placing all cookies, it may limit the functionality of our website and other websites you visit.

Additional information about setting cookie-related preferences in most popular web browsers is available here:

• Internet Explorer
• Chrome
• Firefox
• Safari
• Opera

 

Further information about cookie management is available at website www.aboutcookies.org.