Principles of data processing policy This document provides information about the principles of data processing policy of GSMvalve OĆ. When processing personal data, the objective of GSMvalve OĆ is to be your reliable partner who respects your rights, and to set an example of others on the market.
1.1 Data Subject is a natural person about whom GSMvalve OĆ possesses information or information based on which it is possible to identify a natural person. For instance, Data Subjects are Customers, Visitors, partners and employees (i.e. natural persons) about whom GSMValve OĆ possesses Personal Data.
1.2 Privacy Policy is the present text which stipulates the principles of Personal Data Processing.
1.3 Personal Data is any information about an identified or identifiable natural person.
1.4 Personal Data Processing is any operation performed with the Personal Data of the Data Subject. For instance, collection, saving, arrangement, preservation, amendment and publication, allowing access, performance of queries and making of extracts, use, forwarding, cross-use, connection, closure, erasing or destruction of data or the combination of several operations indicated above, regardless of the way such operations are performed or the means used for the performance of such operations.
1.5 Customer is any natural or legal person who uses or has expressed their wish to use the Services of GSMvalve OĆ.
1.6 Agreement is the Service agreement or any other agreement concluded between GSMvalve OĆ and the Customer.
1.7 General Terms and Conditions establish the general terms which are applied when entering into a contractual relationship with GSMvalve OĆ.
1.8 Website stands for the web pages of GSMvalve OĆ, including www.navirec.com, www.gsmauto.eu, www.gsmtasks.com and www.valve.ee.
1.9 Visitor is a person who uses the Website of GSMvalve OĆ.
1.10 Child, in the context of Personal Data Processing and the provision of information society services in the Republic of Estonia, is a person under 13 years of age.
1.11 Services are any services and products offered by GSMvalve OĆ, including the information society services belonging in the Product Portfolio of GSMvalve OĆ.
1.12 Cookies are data files which are sometimes stored in the device of the Visitor of the Website.
1.13 Sales Channels are the ways GSMvalve OĆ communicates with the Data Subject and the means created for the sales of goods and services. Such ways and means include e-mail, telephone, public and social media, different chat lines, individualised and interactive advertisements and other similar tools on our Websites and elsewhere.
1.14 Product Portfolio is the economic units of GSMvalve OĆ and the different products and Services thereof, such as GSM Koduvalve, Navirec, GSMtasks, GSMauto.
1.15 User Account is the personal account of the Data Subject, which primarily gives him/her access to the digital products of GSMvalve OĆ, and through which the Customer can identify himself/herself. These defined terms are used in the above-mentioned meaning in the Privacy Policy, Agreement, General Terms and Conditions and in the communication between the parties.
2.1 GSMvalve OĆ is a legal person GSMvalve OĆ, registry code 11181045, address TƤhetorni 21, 11625 Tallinn. GSMvalve OĆ owns a subsidiary company NAVIREC SP Z O.
2.2 GSMvalve OĆ may process Personal Data:
(1) as a responsible processor by determining the objectives and means of processing, for instance, when creating, structuring and operating the Services;
(2) as an authorised processor by following the instructions of the responsible processor, for instance, by allowing data collection according to the instructions from the Customer and extracts from the database;
(3) as a recipient to whom Personal Data are forwarded to.
2.3 The present Privacy Policy of GSMvalve OĆ forms an inseparable part of the Agreement and General Terms and Conditions concluded between GSMvalve OĆ and the Customer.
2.4 The Privacy Policy is applied to the Data Subjects, and all employees and partners of GSMvalve OĆ who are exposed to the data possessed by GSMvalve OĆ, follow the rights and obligations provided in the Privacy Policy.
2.5 The Privacy Policy may supplement the privacy notices published on the Website or in the devices; also, the Privacy Policy may always be changed and amended with such notices.
3.1 The objective of GSMvalve OĆ is the responsible Processing of Personal Data, which is performed pursuant to best practices, keeping in mind that we are always ready to demonstrate the adherence of the Processing of Personal Data to the established objectives and that the activities of GSMvalve OĆ are always based on the interests, rights and freedoms of Data Subjects.
3.2 All processes, instructions, procedures and activities of GSMvalve OĆ which are related to the Personal Data Processing are based on the following principles:
(1) Legality. There is a legal basis for Personal Data Processing, e.g. a consent;
(2) Fairness. Personal Data Processing is fair, ensuring that the Data Subject has sufficient knowledge and information about how his/her Personal Data is being Processed;
(3) Transparency. Personal Data Processing is transparent for the Data Subject;
(4) Purposefulness. Personal Data is collected for precisely and clearly determined legitimate purposes and the data is later not processed in a way that contradicts these purposes. Each time the data is collected, the Data Subject is entitled to get acquainted with the predetermined purpose of Processing the data;
(5) Minimality. Personal Data is relevant, important and limited to the purpose of Personal Data Processing. The processing of Personal Data by GSMvalve OĆ is based on the principle of minimal Processing and when Personal Data is no longer needed or needed for the purpose of their collection, then such Personal Data will be deleted;
(6) Accuracy. Personal Data is accurate and updated, if necessary, and all reasonable measures have been taken to immediately delete or amend the Personal Data which is inaccurate for the purpose of Personal Data Processing;
(7) Storage restriction. Personal Data is stored in a form which allows to identify Data Subjects only in the extent necessary for the purpose of Personal Data Processing. This means that if GSMvalve OĆ wishes to keep Personal Data for a longer period than it is necessary for the purpose of collection of such data, GSMvalve OĆ anonymises the data in a way that does not any longer allow the identification of the Data Subject. Data which GSMvalve OĆ has collected through a customer relationship or similar relationship is stored by GSMvalve OĆ based on the best practices, and data processed based on the consent is generally stored until the withdrawal of the consent.
(8) Reliability and confidentiality. Personal Data is Processed in a way which ensures the relevant security of Personal Data, including protection from unauthorised or illegal Processing and from accidental loss, destruction or damage by using reasonable technical or organisational measures. GSMvalve OĆ possesses in-house instructions, rules for employees as well as separate agreements with every authorised employee which foresee the use of best practices, constant risk assessment and relevant technical and organisational measures for Personal Data Processing;
(9) Default and integrated data protection. GSMvalve OĆ ensures that all the used systems correspond to the technical criteria. Suitable data protection measures are designed each time any information and data system is updated or designed (e.g. information systems and business processes are built based on the prerequisites of aliasing and encrypting).
3.3 When Processing Personal Data, GSMvalve OĆ follows the principle of always being able to verify the performance of the above listed principles and the interested parties can ask information from GSMvalve OĆ about the implementation of the principles.
4.1 GSMvalve OĆ collects, inter alia, the following types of Personal Data:
(1) Personal Data disclosed to GSMvalve OĆ by the Data Subject, e.g. name and contact data of the Customer;
(2) Personal Data created as the result of normal communication between the Data Subject and GSMvalve OĆ, e.g. e-mail correspondence;
(3) Personal Data clearly disclosed by the Data Subject himself/herself, e.g. in social media;
(4) Personal Data created as the result of the consumption of services, e.g. Location data created when using the vehicle surveillance or logistics services of GSMvalve OĆ;
(5) Personal Data created as the result of visiting and using the Website (e.g. time spent on the Website);
(6) Personal Data obtained from third persons, e.g. Personal Data of the employees disclosed by the Customer of GSMvalve OĆ;
(7) Personal Data created and combined by GSMvalve OĆ, e.g. e-mail correspondence created in the framework of customer relationship or list of order history, also the data structured and combined by different Services during the provision of Services.
5.1 GSMvalve OĆ only Processes Personal Data based on the consent of the Data Subject or based on the law. Legal grounds for Processing Personal Data include the legitimate interest or an agreement concluded between the Data Subject and GSMvalve OĆ.
5.2 Based on the consent from the Data Subject, GSMvalve OĆ Processes Personal Data precisely within the limits, extent and purposes determined by the Data Subject. As regards to consents, GSMvalve OĆ acts according to the principle that every consent has to be clearly distinguishable from other questions, in a form which is easily understood and available, written in a clear and simple language. A consent may be given in a written or electronic form or as an oral statement. The Data Subject gives his/her consent voluntarily, specifically, knowingly and unequivocally, e.g. ticking the specific box on our Website. Based on the consent, GSMvalve OĆ Processes Personal Data, for instance, for sending the newsletter and offers, and such consent is without a specific term and valid until the Data Subject withdraws the consent.5.3 When concluding and executing an Agreement, Personal Data Processing may be additionally stipulated in the specific Agreement, however, GSMvalve OĆ may also Process Personal Data for the following purposes:
(1) taking measures prior to the conclusion of the Agreement based on the application of the Data Subject;
(2) identification of the Customer in the extent required by due diligence;
(3) performance of the obligations made to the Customer within the framework of the provision of Services;
(4) communicating with the Customer;
(5) ensuring the fulfilment of the payment obligation of the Customer;
(6) submission, realisation and protection of claims. For instance, if a Customer has not performed his/her financial obligation towards GSMvalve OĆ, the latter may forward the personal identification code, name and registry code of the Customer, the data on the beginning and end of the payment disorder and the payable sum to AS Krediidiinfo, who may, inter alia, process the submitted data for the purpose of making credit decisions in the credit register. The terms and conditions for processing the data of the customer by AS Krediidiinfo and the processed data are available on the website www.krediidiinfo.ee.
When Processing Personal Data based on the Agreement, the data is stored for the period of 3 years after the end of the validity period of the Agreement; the Agreements will be stored for 7 years. The main data on the consumption of Services (e.g. location data in case of using Navirec services) are stored for 3 years during the validity period of the Agreement or for the amount of time agreed upon in the customer agreement.
5.4 For concluding an employment agreement, the Personal Data Processing of GSMvalve OĆ, which is based on the conclusion of the agreement and legitimate interest, includes the following:
(1) Processing of data forwarded by the applicant to GSMvalve OĆ for the purpose of concluding the employment agreement;
(2) Processing of Personal Data obtained from the referee of the applicant;
(3) Processing of Personal Data obtained from national databases and registers and public (social) media.
If the applicant is not chosen for the position, GSMvalve OĆ stores the Personal Data collected for the conclusion of the employment agreement for two years in order to make the applicant a job offer if a suitable position becomes vacant. After two years from the submission of the application of employment, Personal Data of the applicant who was not selected for this position will be deleted.
5.5 Legitimate interest means the interest of GSMvalve OĆ to administer and manage the company, allowing to offer the best possible Services on the market. Based on the legal grounds, GSMvalve OĆ Processes Personal Data only after careful assessment, ascertaining that GSMvalve OĆ has legitimate interest to Process Personal Data and that this interest is necessary and corresponds to the interest and rights of the Data Subject (after conducting the so-called three-level test). Based on legitimate interest, Personal Data may primarily be processed for the following purposes:
(1) for ensuring a trustful customer relationship, e.g. Personal Data Processing which is strictly necessary for establishing actual beneficiaries or avoiding fraud;
(2) managing and analysing the customer base to improve the availability, selection and quality of Services and Products, and to make the best and personalised offers for the Customer, if the latter has given the respective consent;
(3) identifiers and Personal Data collected upon the use of Websites, mobile apps and other Services. GSMvalve OĆ uses the collected data for web analysis or for analysing mobile and information society services, ensuring the functioning and improvement thereof, for producing statistics, analysing the behaviour of the Customer and the user experience, and for the provision of better and more personal services.
(4) organisation of campaigns, including the organisation of personalised and targeted campaigns, carrying out Customer and Visitor surveys and measuring the efficiency of the performed marketing activities;
(5) analysing the Customer and Visitor behaviour in different Sales Channels and Websites;
(6) service monitoring. GSMvalve OĆ may record messages and orders given on its premises or through means of communication (e-mail, telephone, etc.), also information and other operations which are carried out by GSMvalve OĆ and if necessary, GSMvalve OĆ uses such recordings for verifying orders or other operations;
(7) measures taken for the consideration of network, information and cyber security and for ensuring the security of Websites and making and storing backup copies;
(8) organisational purposes. Primarily for financial management and within the group for forwarding Personal Data for the purposes of internal administration, including for Processing the Personal Data of Customers or employees;
(9) preparation, submission or protection of legal claims.
5.6 GSMvalve OĆ Processes Personal Data for the performance of its obligations arising from the law or for implementing the methods of use permitted by law. Obligations arising from the law include, for instance, the requirements for processing the payments or following the money laundering requirements.
5.7 If Personal Data is being Processed for another purpose than the initial purpose for collecting the Personal Data or the Processing is not based on the consent given by the Data Subject, GSMvalve OĆ will carefully evaluate the admissibility of such new Processing. The respective aims of such new Processing are always public. When determining whether the Processing of data for the new purpose corresponds to the initial aim of collecting the Personal Data, GSMvalve OĆ will also consider the following:
(1) connection between the initial aims of collecting the Personal Data and the aims of the planned future Processing;
(2) the context of the collection of Personal Data, primarily the connection between the Data Subject and GSMvalve OĆ;
(3) The nature of Personal Data, especially whether special types of Personal Data or Personal Data related to criminal offences or convictions in criminal offences are being Processed;
(4) the possible results of the planned future Processing for Data Subjects;
(5) the presence of relevant protection measures, such as encryption and aliasing.
5.8 Based on the aforementioned, GSMvalve OĆ primarily Processes Personal Data for the following purposes:
(1) Name a. identifying the Customer and executing the Agreement; b. forwarding personal offers; c. reflecting the person in databases used for the provision of Services;
(2) E-mail a. identifying the Customer and executing the Agreement; b. forwarding personal offers; c. reflecting the person in databases used for the provision of Services;
(3) Telephone a. identifying the Customer and executing the Agreement; b. forwarding personal offers; c. reflecting the person in databases used for the provision of Services;
(4) Address a. analysis related to the business operations of the company after anonymising Personal Data; b. making personal offers; c. reflecting the person in databases used for the provision of Services;
(5) Gender a. alternative identification of the customer; b. making personal offers; c. reflecting the person in databases used for the provision of Services;
(6) Language a. customer communication;
(7) Date of birth a. analysis related to the business operations of the company; b. making personal offers; c. reflecting the person in databases used for the provision of Services;
(8) Personal identification code a. alternative identification of the customer; b. reflecting the person in databases used for the provision of Services;
(9) Workplace and position a. execution of the Agreement; b. statistical purposes; c. reflecting the person in databases used for the provision of Services;
(10) GPS data a. execution of the Agreement; b. statistical purposes.
6.1 GSMvalve OĆ cooperates with persons to whom GSMvalve OĆ may in the framework of cooperation forward data related to the Data Subject, incl. Personal Data.
6.2 Such persons primarily include the Customers of GSMvalve OĆ, who have determined specific persons who have access to the data created during the provision of services. The Customers undertake to follow all legal acts regulating data protection rights, ensuring an efficient protection of the rights of Data Subjects.
6.3 Such third persons may be persons belonging to the same group of companies with GSMvalve OĆ, advertising and marketing partners, companies organising customer satisfaction surveys, providers of debt collection services, credit registers, IT partners, persons mediating or providing (e-)mail services, institutions and organisations, provided that:
(1) the respective purpose and Processing are legal;
(2) Personal Data is Processed according to the rules of GSMvalve OĆ and pursuant to a valid agreement;
(3) information about such authorised employees has been disclosed to Data Subjects.
6.4 GSMvalve OĆ forwards Personal Data outside the European Union only if: the country where the data is forwarded to has sufficient data protection measures; protection measures have been agreed upon (e.g. binding rules or standard data protection clauses within the group of companies); the Data Subject has given his/her clear and informed consent about such forwarding; the forwarding of data is unambiguously required by the agreement concluded with the Data Subject; the forwarding is not repetitive, it concerns only a limited number of Data Subjects, it is necessary for the protection of legitimate interests of GSMvalve OĆ, against which the rights and freedoms of the Data Subject are not prevailing and if all the circumstances related to such forwarding have been estimated and suitable protection measures have been established for the protection of Personal Data or such forwarding is based on other legal grounds. GSMvalve OĆ informs the Data Protection Inspectorate about forwarding data based on legitimate interest.
7.1 GSMvalve OĆ stores Personal Data strictly for the minimum required time only. Information regarding the deadlines of Data storage is presented in the present Privacy Policy. Personal Data for which the storage deadline has passed will be destroyed by using the best practices.
7.2 GSMvalve OĆ has established instructions and procedure rules on how to ensure Personal Data security through the use of both organisational as well as technical measures. More detailed information on the security measures implemented by GSMvalve OĆ can be obtained from GSMvalve OĆ.
7.3 If any incidents occur in relation to the Personal Data, GSMvalve OĆ takes all necessary measures for alleviating the consequences and for hedging risks relevant in the future. Among other things, GSMvalve OĆ registers all incidents and in the predetermined cases, informs the Data Protection Inspectorate and the Data Subject directly (e.g. via e-mail) or publicly (e.g. via the news) about such situations.
7.4 The most important authorised employees for GSMvalve OĆ are:
(1) Sendsmaily OĆ, our partner we use for preparing and forwarding our newsletters
(2) GSMvalve OĆ, the developer of the website of GSMvalve OĆ
(3) persons carefully selected for the development process of the databases and software solutions necessary for the provision of our Services, e.g. Joel Muruvee
(4) as regards to the business operations of GSMvalve OĆ, the banks, state and local government authorities who have legitimate rights to request the disclosure of data
(5) data communication and server management services, primarily Elisa Eesti AS
8.1 The Services of GSMvalve OĆ, including the information society services, are not targeted for children.
8.2 GSMvalve OĆ does not knowingly collect information about persons under 13 years of age, i.e. Children, and if we knowingly collect information about Children, such activities are based on the wishes of the parents or the guardian.
8.3 If GSMvalve OĆ finds out about having collected Personal Data from a Child or about a Child, GSMvalve OĆ does its utmost to stop such Processing of Personal Data.
9.1 Rights related to the consent:
(1) the Data Subject is entitled to inform GSMvalve OĆ at any time about his/her wish to withdraw the consent for Personal Data Processing;
(2) consents given to GSMvalve OĆ can be viewed, changed and withdrawn by contacting GSMvalve OĆ. The contacts of GSMvalve OĆ can be found from point 14 of the Privacy Policy.
9.2 The Data Subject also has the following rights related to Personal Data Processing:
(1) The right to obtain information, i.e. the right of the Data Subject to obtain information about the Personal Data collected about him/her. The Data Subject can receive information from GSMvalve OĆ about the options of getting additional information about the execution of his/her data rights.
(2) The right to get acquainted with the data, which also includes the right of the Data Subject to obtain a copy of his/her Personal Data which is being Processed.
(3) The right to correct incorrect Personal Data.
(4) The right to have the data deleted, i.e. in some cases the Data Subject is entitled to request his/her Personal Data be deleted, for instance, when the data is Processed only based on the consent.
(5) The right to request the limitation of Personal Data Processing. This right arises if, inter alia, the Personal Data Processing is not allowed according to law or if the Data Subject disputes the accuracy of the data. The Data Subject is entitled to request the limitation of Personal Data Processing for the time which allows the responsible processor to check the accuracy of Personal Data or if the Processing of Personal Data is illegal but the Data Subject does not apply for the deletion of Personal Data.
(6) The right to transfer data, i.e. in certain cases the Data Subject has the right to take the Personal Data with him/her in the machine-readable form or to have such data transferred to another responsible employee.
(7) The rights related to automated Processing, which among other things also means that based on his/her specific situation, the Data Subject is entitled to raise objections against the Personal Data Processing related to him/her at any time, which are based on automated decisions. To clarify ā GSMvalve OĆ may Process Personal Data for making automated decisions which promote the business (e.g. for segmenting Visitors in the marketing context and targeting personalised messages for them, starting an employment relationship and ensuring that our employees follow our internal security rules). Automated Processing may partly be based on data collected also from public sources. You are entitled to avoid any decisions based on the automated Processing of Personal Data, if they can be classified and profiling.
(8) The right to obtain an assessment from a supervisory authority about whether the Processing of Personal Data of the Data Subject is legal or not. (9) The right for the indemnification of damages.
10.1 Execution of rights. In the event of questions, applications or complaints related to the Processing of Personal Data, the Data Subject is entitled to contact GSMvalve OĆ by using the contact data provided in point 14 of the present document.
10.2 Submission of complaints. If the Data Subject has any complaints, he/she is entitled to turn to GSMvalve OĆ, the Data Protection Inspectorate or the court, if the Data Subject finds that his/her rights are violated when Processing his/her Personal Data. The contact data of the Data Protection Inspectorate is available at: http://www.aki.ee/.
11.1 GSMvalve OĆ may use Cookies (i.e. small pieces of information stored on the hard drive of the computer or other device of the Visitor by the browser) to collect data about the Visitors of our Websites and users of other information society services or other similar technologies (e.g. IP address, device information, location data) and to process such data.
11.2 GSMvalve OĆ uses the collected data to ensure the provision of Services according to the habits of the Visitor or Customer; to ensure the best quality of Services; to inform the Visitor and Customer about the content and make recommendations; to make the advertisements more relevant and improve our marketing efforts; to facilitate the log in procedure and the protection of data. The collected data are also used for counting the Visitors and establishing the habits of the users.
11.3 GSMvalve OĆ uses session cookies, persistent cookies and advertising cookies. Session cookies are deleted automatically after every use; persistent cookies are maintained if the Website is used repeatedly and the advertising cookies and third party cookies are used by the Websites of the partners of GSMvalve OĆ, which are related to the Website of GSMvalve OĆ. GSMvalve OĆ does not control the creation of such Cookies, therefore, information about such Cookies can be obtained from third parties. Read more about the Cookies in the explanatory material (see point 12: Important documents, instructions and procedures).
11.4 The use of Cookies is accepted by the Visitors on the Website, in the information society service device or web browser.
11.5 Most web browser allow the use of Cookies. Without allowing Cookies, the functions of the Website are not fully available for the Visitor. Enabling or disabling of Cookies and other similar technologies can be controlled by the Visitor in the settings of his/her web browser, the settings of the information society services and privacy enhancement platforms (see point 12: Important documents, instructions and procedures).
12.1 The implementation of the Privacy Policy of GSMvalve OĆ is based on the following documents, instructions and procedures:
(1) All About Cookies (in English): the descriptions of Cookies and other web technologies used by GSMvalve OĆ;
(2) Your Online Choices; About Ads; Network Advertising, (in English): platform for controlling and monitoring the Cookies and other web technologies where the Data Subject can change and control himself/herself how Personal Data is used and collected.
13.1 Contact data important for the Data Subjects of GSMvalve OĆ:
(1) In issues regarding Personal Data, contact us via e-mail andmekaitse@gsmvalve.ee or call us +372 6870722.
14.1 GSMvalve OĆ is entitled to unilaterally change the present Privacy Policy. GSMvalve OĆ will inform the Data Subjects about any changes to the policy on the Website of GSMvalve OĆ, via e-mail or in another way.
14.2 Last changes to the Privacy Policy and the date of entry into force: