PRIVACY POLICY

Tartu Mill AS (registry code 10666674), address Väike kaar 33, 50406 Tartu (hereinafter “Tartu Mill” or “We”, “Our”, “Us”), provides You with an opportunity to order services and products (hereinafter “the Services”) in accordance with a contract to be entered into with You. Tartu Mill understands that Your personal data are important for You and is therefore committed to protect and respect them.

We process Your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We only use Your personal data for the purposes for which they are collected and the data will later not be processed in a manner that is not in compliance with these purposes. Upon processing Your data, We adhere to the laws in force in the Republic of Estonia and in the European Union.

This Privacy Policy explains how We handle Your personal data that We collect from You or that You submit to Us. This Privacy Policy may be amended and all the amendments and supplements will be set out at the end of this document along with information about the date on which the amendments were implemented. Therefore, We ask that You examine this Privacy Policy again from time to time.

In order to process Your personal data, We may use processors. In such an event, We only use processors providing guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the personal data protection law and ensure the protection of the rights of the data subject.

Contact information

 We are Tartu Mill AS (registry code 10666674), address Väike kaar 33, 50406 Tartu.

In order to submit Your questions, comments and inquiries related to this Privacy Policy, please send an e-mail to the following address: andmekaitse@tartumill.ee.

 Personal data collected

 If You use Our services or buy Our products, We may collect from You some or all of the personal data listed below. The information that We collect depends on which service You use or which the terms and conditions related to the transaction for the acquisition of the product are.

 Data that We may collect:

1. first name and surname, date of birth and/or personal identification code – data for the establishment of Your identity;

2. e-mail address, telephone number, address – Your contact details;

3. bank account number, payment information – payment and financial data;

4. data related to Your company: name, registry code, postal address and other public data.

 We may supplement the data that We receive from You or through Your use of Our Services with the information that is publicly available about You.

For the purposes of this Privacy Policy, personal data mean the data that can be used for the establishment of Your identity. Personal data are not deemed to include data that cannot be used for establishing the identity of a person. We may collect, use, transmit and disclose for any purposes the data that are not deemed to be personal data.

You may demand that Your personal data not be disclosed, but the personal data that We ask from You are mostly necessary for providing services and selling products to You. If We do not have necessary information, We cannot do the aforementioned.

You are the only person who is liable for the accuracy and integrity of the personal data transmitted to Us by You.

Use of data, purpose of use thereof and legal basis for processing data

We process Your personal data for performing the contract entered into with You or for carrying out various procedures prior to entry into the contract at the request of the data subject if You have granted Us Your consent for the performance of Our legal obligation or in the event of Our legitimate interest in order to provide services or sell products to You or for other client service purposes as follows:

▪for establishing Your identity or the identity of Your representative;

▪for confirming payments;

▪for offering Our services or selling Our products to You;

▪for marketing purposes;

▪for transmitting to You information about orders and payments;

▪for notifying You of any changes to be made in the service ordered or products sold;

▪for creating user rights for using portals, etc., that are related to Us; upon delay in performing Your financial obligation arising from the contract, for transmitting data about You and Your arrears (first name and surname, personal identification code, the amount owed, the time when the delay in payment arose, the creditor, etc.) to Krediidiinfo AS, another processor of a payment default database and/or persons who handle arrears and, upon assignment of the right of claim, to the new creditor. The data are transmitted for the purpose of disclosing the same in a respective payment default database. If You have paid off Your arrears, You will have the right to demand that respective persons terminate processing Your personal data.

We process Your personal data in the event of Your inquiry, incl. We profile if You have granted Us Your consent, in the event of Our legitimate interest, for marketing purposes and in order for You to receive newsletters and offers from Us by e-mail, SMS, telephone or in other electronic ways as follows:

▪for transmitting to You the Services, offers, news, information and products that You request from Us or about which We believe that they could be of interest to You;

▪for sending You Our newsletter. Please note that You may always opt out from newsletters by clicking on the opt-out link in the footer of the e-mail;

▪We may also use Your data or allow that selected third parties use Your data, which is described in more detail below (see the “Disclosure of Your data” section).

Profiling 

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

We may use profiling for marketing purposes as well as in order to make the experience of using Our Services more personal for You, relying on Our legitimate interests, performance of the contract or adoption of measures prior to entry into the contract or if You have granted Us Your corresponding consent. 

Where and how long We keep Your personal data

All the data that You have transmitted to Us are kept in Our secure servers. All payment transactions are encrypted with the help of a technology that is in compliance with the technology industry standard.

The processing of Your personal data is terminated when this is no longer necessary. The data storage period is related to the contract entered into with You, Our legitimate interest or another basis requested by law.

Transmission of data to other countries 

The data collected from You are generally not transmitted to other countries, but should such a need arise in the course of processing the data, We will not transmit Your data to outside of the European Union (“EU”) and/or the European Economic Area (“EEA”).

Disclosure of Your data

We may disclose Your personal data to third parties if We have a reasonable basis to think that the disclosure of the data is necessary:

▪if We sell or buy any business or assets, We may disclose Your personal data to the potential buyer or seller;

▪if a third party acquires Tartu Mill or a significant part of its assets, Our clients’ personal data constitute part of the transferable assets;

▪if We have to disclose or transmit Your personal data in order to fulfil any legal obligations, rules, legal proceedings or requirements of any authority or in order to enforce or apply the terms and conditions of Our contract, including in order to investigate potential breaches. This covers exchanging information with other companies and organisations in order to avoid frauds and reduce the credit risk, detect or avoid unlawful or suspected unlawful activities or security or technical problems or combat them in any other manner.

We may use third-party companies who provide services to Us, for example who provide infrastructure and IT services (including keeping of data), process credit card transactions, provide client service, collect data for debt analysis and data correction and about inquiries made by clients and perform other statistical analyses. Such companies may have access to Your data in order to provide their services. We do not authorise such companies to use or disclose Your personal data, except for providing services necessary for Us.

If You do not want to receive Our newsletters, You may change Your preferences at any time. To this end, click on the opt-out link in the footer of the e-mail or contact Us at the time suitable for You by sending an e-mail to the address andmekaitse@tartumill.ee.

Rights of data subject

You have the following rights in respect of Your personal data:

▪right of access to Your data. You have the right to obtain information from Us as to whether or not Your personal data are being processed and, where that is the case, access to the personal data and information provided for in law;

▪right to rectification;

▪right to erasure, for example if the data are no longer necessary or if Your personal data are processed with Your consent, but You have withdrawn Your consent and We have no other legal basis for processing Your data;

▪right to restrict the processing of Your personal data on the basis of applicable law, for example at the time when We assess whether You have the right to the erasure of Your data;

▪right to receive and, upon such a request, transmit to other controllers and/or processors the personal data concerning You, which You have provided to Us or that We process on the basis of Your consent or a contract entered into with You, in a structured, commonly used and machine-readable format;

▪right to object to processing of Your personal data which is based on legitimate interest unless We demonstrate compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;

▪right to withdraw Your consent at any time without it affecting the lawfulness of processing prior to withdrawal.

Amendments to Privacy Policy 

Notification of all future amendments to Our Privacy Policy shall be given on this website, see above. You will also be notified thereof by e-mail, if appropriate.

Right to lodge complaint with supervisory authority 

You have the right to lodge a complaint with a supervisory authority (www.aki.ee) if You find that the processing of Your personal data violates Your rights or the law.