AS Ekspress Meedia (Ekspress Meedia, hereinafter also: we) processes the personal data of data subjects in accordance with the principles set out in the data protection policy and in the legislation applicable to the processing of personal data.
Data subject (hereinafter also: you) in terms of the data protection policy is a natural person whose personal data are processed by Ekspress Meedia. Among other things, a data subject is, for example, a subscriber to a publication by Ekspress Meedia, a visitor of the website, a user of the sales platform, a registered user of the website, a candidate for a job.
Personal data are data which identify or allow the identification of a natural person, such as the name and contact details of the person.
The purpose of the data protection policy is to explain the principles of processing personal data, including the types of personal data collected by Ekspress Meedia and the purpose of collection, and the rights of the data subjects in relation to the processing of their personal data by Ekspress Meedia.
Ekspress Meedia has the right to change the data protection policy if necessary (e.g. due to changes to legislation or the data processing procedure). In such a case, Ekspress Meedia will give you reasonable advance notice before the changes are implemented.
2. PROCESSORS OF PERSONAL DATA
The controller is a legal person who determines the purposes and means of processing the personal data.
Controller: AS Ekspress Meedia
Registry code: 10586863
Address: Narva mnt 13, 10151 Tallinn
Contacts: 669 8080, email@example.com
As a rule, Ekspress Meedia will not disclose personal data to third parties. However, this may be required if the obligation to disclose the data arises from legislation or is necessary for the performance of a contract. Also, when the data subject has given permission to do so.
The processor of personal data is a natural or legal person, a public authority, an institution or any other organisation that processes personal data on behalf of the controller (Ekspress Meedia). Ekspress Meedia may authorise the processors to use the personal data. Processors are the cooperation partners of Ekspress Meedia whose data are available in here and who process the data, among other things:
- to provide a service;
- to maintain a structured database of subscribers;
- for service and marketing purposes, except where the person has decided otherwise or has later withdrawn his or her consent, by notifying thereof in a form which permits written reproduction;
- to fulfil legal obligations (e.g. transmission of data to a research organisation).
Processors process personal data for the performance of the tasks given by Ekspress Meedia.
3. PERSONAL DATA PROCESSING AT EKSPRESS MEEDIA, AND THE PRINCIPLES OF PROCESSING
Ekspress Meedia only processes personal data for the purposes stated herein and on a legal basis.
In processing personal data, Ekspress Meedia always complies with the following principles:
Transparency – Ekspress Meedia processes personal data in a fair and transparent manner and only when permitted by law.
Purpose limitation – Ekspress Meedia collects your personal data for specific, explicit and legitimate purposes. The purposes of processing may change due to legislation or your authorisation. In any case, we will notify you thereof in advance.
Data minimisation – Ekspress Meedia ensures that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy – Ekspress Meedia ensures that your personal data are accurate and relevant. We will delete or correct inaccurate personal data at the first opportunity.
Storage limitation – in storing personal data, Ekspress Meedia observes the need for processing the personal data, i.e. the data that allow identification of a natural person are stored until it is necessary to achieve the purpose of the processing. In determining the storage period, Ekspress Meedia complies with legal requirements, the limits agreed in binding contracts or the deadlines necessary for the performance of legal obligations.
Integrity and confidentiality – Ekspress Meedia processes your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing. Ekspress Meedia maintains the confidentiality of all personal data disclosed to us and protects personal data from unlawful disclosure to third parties by implementing effective security measures, including information technology, technical and organisational measures.
Data protection by design and by default – in developing, selecting and using products and services which require the processing of personal data, Ekspress Meedia considers the need to protect the personal data.
4. PROCESSED PERSONAL DATA AND THE PURPOSES OF PROCESSING
Ekspress Meedia mainly processes the personal data that you provide to it or that are collected on the basis of your activities when you use the products, services or websites of Ekspress Meedia.
We process your personal data primarily for providing you with the service, newsletters or offers, and for creating news stories.
In doing so, we mainly process the following types of data concerning you:
- Basic personal data such as first name and family name and personal identification code, for the performance and enforcement of a contract.
- If the customer has ordered a publication by subscribing to an e-invoice standing order agreement, the identification code of the customer is required, among other things.
- Additional personal data for other personal identification purposes, such as information on education, professional experience and personal characteristics when applying for a job.
- Contact details, such as the address of the place of residence, e-mail address and telephone number, are necessary for the performance of a contract. They are also used for direct marketing purposes, if the data subject has consented.
- The address of the place of residence is necessary for the performance of a contract signed for ordering products on paper; otherwise it will not be possible to perform the contract, i.e. to deliver the order.
- E-mail address is necessary for the performance and enforcement of a contract and for invoicing.
- Telephone number is necessary for the performance and enforcement of a contract, including for the transmission of messages in case of the unavailability of the service.
- Payment details, such as your bank account number, are necessary for the provision of the service.
- Surveillance camera recordings. If you visit us, the rooms reserved for the reception of visitors may be equipped with video surveillance systems.
You have the right to obtain access to the personal data held about you (see section 9 for more details). However, please bear in mind that the processing of certain personal data is a prerequisite for the provision of a service to you. For example, if you do not provide us with your basic personal data or contact details, we will not be able to provide you with the service or deliver the publications you have ordered.
5. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
Ekspress Meedia may process personal data on the following legal grounds:
Performance of a contract – we rely on this legal ground to establish a contractual relationship and to comply with the terms and conditions agreed with our customers and partners. For example, to deliver the publications you have ordered.
Legal obligation – we rely on this legal ground to fulfil our legal obligations. For example, to respond to requests from law enforcement authorities.
Consent – we rely on consent to process personal data to send you promotional materials such as newsletters and offers.
Legitimate interest – we rely on this legal ground to prepare and make sales offers.
Ekspress Meedia may profile your personal data to provide its products by combining personal data for direct marketing decisions. We do this primarily by taking into account your previous service use history, age, address and gender, to map the target group to which we offer specifically targeted products and services.
You have the right to object to the use of your personal data for profiling purposes.
- To target advertising, visitor behaviour patterns are summarised and target groups are identified on this basis thereof with the help of external partners (the list of processors authorised by Ekspress Meedia is given in here).
Behaviour patterns are summarised according to user activity – viewing pages, viewing galleries, answering questions, ordering, etc. Membership in any target groups of Ekspress Meedia is not recorded, nor can individuals be identified in target groups because the information is summarised.
7. PERSONAL DATA RETENTION
Ekspress Meedia only retains the personal data until this is necessary for achievement of the purpose for which the personal data are processed or until the end of the limitation period for claims arising from the law and until the legal deadline for the retention of a document.
For different data, this means different retention periods. For example:
- we retain the contact details for customers until this is necessary for the provision of personalised services under a contract;
- we retain the personal data necessary for accounting purposes for 7 years as required by law;
- we retain the personal data provided on the basis of consent until the consent is withdrawn.
8. RIGHTS OF THE DATA SUBJECT
Ekspress Meedia places high value on the right of the data subjects to privacy.
Your rights as a data subject are as follows:
- Right of access to your personal data processed by Ekspress Meedia about you.
- Right to rectification or supplementation of personal data if your personal data are not up-to-date, are inaccurate or need to be corrected.
- Right to erasure. In certain cases and if you want, you can use the right to be forgotten. We will delete your data unless there is another legal ground for processing the personal data, such as a legal obligation.
- Right to restriction of processing. If you wish to restrict or prohibit the processing of your personal data, Ekspress Meedia will only continue to process your personal data for the purposes of retention, if required by other legal grounds.
- Right to object to the processing of your personal data if Ekspress Meedia uses your personal data for profiling or direct marketing, for example.
- Right to data portability if you wish to have the personal data you have transmitted to Ekspress Meedia to be transmitted to another controller in a machine-readable format. Express Meedia can do so if the transmission is technically possible.
- Right to withdraw consent. If your personal data are processed based on your consent, you have the right to withdraw the consent at any time. For this purpose, all promotional notifications sent to your e-mail address contain instructions for opting out. You can also withdraw your consent given to promotional notifications by sending an e-mail to Ekspress Meedia to firstname.lastname@example.org.
- Right to contact a supervisory authority. You have the right to lodge a complaint about the processing of the personal data concerning you with the Estonian Data Protection Inspectorate.
9. IMPLEMENTING PROVISION
Ekspress Meedia regularly reviews the data protection policy and applies the policy in accordance with any changes in the processing of personal data.
In any questions concerning the data protection policy or the processing of personal data, please contact email@example.com.