Privacy Notice
Effective date / last update: 27th April 2020In SecTeam, we understand the value of personal data and take privacy very seriously. We want to explain to you in this Privacy Notice how SecTeam OÜ ("we" or "our" or "us") collects and processes the personal data of the visitors of the secteam.ee and secteam.eu website and of the SecTeam clients.
This Privacy Notice concerns you when you are viewing the website or are a prospective or actual client of SecTeam services. We will refer to any visitor and client as “you”, "your" or the “data subject”.
SecTeam is a data controller for all information that is processed when you visit our website or when you use any of our services. This means that we are responsible for making clear what is the purpose of processing and how is processing of personal data done.
Whenever we amend this notice, the changes will be published here on our website.
What personal data we process
We may process the following categories of personal data of you as the data subject:
-
Client contact data:
- First name and surname
- Position
- Company
- Email address
- Phone number
-
Client identification data:
- Personal identification number (ID-code)
-
Client service data:
- All data related to content of the requested services
- Client communication
-
Client contract and transaction data:
- Agreements related to the client(s)
- Payment account number and payer’s name
- Payment details (date, currency, amount)
-
Website usage data:
- visitor’s external/public IP-address or corresponding hostname
- visitor’s web browser user-agent string.
We do not request any data subject to submit special categories of data. If such data is submitted by visitors for any reason, we will not process them and delete them.
Purpose for collecting personal data
Processing for the performance of the contract
We process your personal data to carry out everything related to making a contract with the clients of our services and fulfilling that contract. This can include some of these activities:
- Establishing a contract
- Developing an existing contract relationship
- Identifying you as a client
- Sending encrypted files using Estonian DigiDoc software
- Getting you the service we agreed on in the contract or any additional support.
We will process all of the data categories mentioned above in What personal data we process for this purpose.
Processing based on the legitimate interest
All personal data that we process outside of the scope of the service contract with you, our clients, are processed for these purposes:
- To manage information security, respond to security incidents and prevent data breaches
- To answer your inquiries about SecTeam OÜ.
We will process all of the data categories mentioned above in What personal data we process for this purpose.
How do we process your personal data
We process the personal data as follows:
- All data is processed in electronic format
- You, the data subject(s), are instructed to read this Privacy Notice when we establish contact with you
- We process the data subject’s personal data in accordance with the requirements of the GDPR
-
On our homepage, we do not use:
- cookies
- automated decision-making system for marketing activities
- visitor profiling for marketing activities
-
We set up the following retention policies for the personal data:
- 15 years for personal data related to security incidents or data breaches
- 10 years for personal data needed for the performance of the contract (started from the end of the financial year)
- 1 year for web server statistical report of top visitors and their request counts
- 3 months for web server logs.
We are not obliged to preserve the personal data of the data subjects longer as indicated above, unless required by applicable law.
Processors
SecTeam is the controller and using the following processors for processing the data:
- SecTeam IT infrastructure service providers
- SecTeam expert partners.
Your rights
You as the data subject are entitled, at any time and in accordance with GDPR, to:
- Request information about your personal data processing
- Request access to or copy of your personal data
- Rectify inaccurate or incomplete personal data
- Request that we erase your personal data.
In order to exercise these rights, the data subject shall forward respective applications to [email protected]
Security of your personal data
We implement organisational, physical and technical security controls to make sure that your personal data is secure.
If any have concerns about any suspicious activity related to the confidentiality, integrity or availability of the personal or other data of you or other data subjects, please contact us on [email protected].
We will promptly notify you, the data subject(s), of any information we have concerning any personal data breach, which is likely to result in a high risk to your rights. In doing that, we will communicate in clear and plain language the nature of the breach and describe the likely consequences. We will also explain measures to limit the negative effects of the event for the data subject(s).
Transferring or disclosing your personal data
SecTeam will not forward, sell or disclose the personal data to third parties without informing you (we inform you for example about our processors).
There may be circumstances when we are required to disclose personal data by law or governmental authorities. This is done in accordance with GDPR.
Contacts
The best way to contact us for any data protection related inquiry is the email: [email protected].
Feel free to pass us encrypted emails with PGP using the public key fingerprint:
C516 FAFC 3120 C34A F6A1 5EE8 2D36 04D9 31F6 7CCC
Other contact details of us as the data controller are available here.
Complaints
All your complaints and comments are welcome to us in the first hand. If you still wish to exercise your right to lodge a complaint to the supervisory authority, here are the contacts of Estonian Data Protection Inspectorate: www.aki.ee/en/contacts.