Privacy Policy

This Privacy Policy helps the user of our web-based services (hereinafter you or the User) to understand what kind of personal data and other information Atria Eesti AS (hereinafter Atria) collects in the course of offering its web-based services and how such data are used. Atria Eesti AS owns trademarks Maks&Moorits and Wõro. The Privacy Policy is a part of Atria’s terms and conditions for its web-based services, which you can access at www.atria.ee. The Privacy Policy applies to the use of all the web-based services of Atria. If the User of web-based services does not agree to this Privacy Policy or Atria’s terms and conditions, the User must not use the web-based services.

‘Personal data’ means data on the basis of which the User can be identified. Atria may also collect non-personal data on the basis of which persons cannot be identified. Atria may also create such non-personal data by removing the part of personal data on the basis of which the respective person can be identified.

Processing of personal data

Atria only collects personal data that are necessary for achieving the objectives specified in this Privacy Policy. Atria collects log data deriving from the use of web-based services.

Atria may use personal data:

  • For utilising web-based services;
  • For managing and developing web-based services;
  • For preparing statistics on the use of web-based services;
  • For contacting the users of web-based services;
  • For sending marketing and advertising materials to the Users;
  • For developing other Atria products and services;
  • For market or other research and reports concerning web-based services and other Atria products and services;
  • For analysing the Users in order to offer them more appropriate services and content;
  • For automated decision-making.

Atria undertakes to comply with the EU General Data Protection Regulation ((EU) 2016/679) (GDPR), the Estonian Data Protection Act and other legal acts applicable to the activities of the company as well as other regulations and legal acts concerning the processing of personal data, and to process personal data in accordance with the generally accepted principles of information management and data processing. The employees of Atria are obligated to keep all personal data confidential.

Data are used on the basis of the use of the webpage, the legitimate interest of Atria, the express consent of the Users or the customer relationship.

Atria may use tools provided by third persons for the development of web-based services (e.g. Google Analytics).

Disclosure, transmission or deletion of data

Atria shall not disclose the personal data of the Users in its web-based services. The Users of web-based services may themselves disclose their personal data while using web-based services, such as by commenting in web-based services or using their name as the user name in web-based services. Atria shall not be liable for the protection of data that the Users themselves have disclosed in using web-based services.

Atria shall not transmit your personal data without your consent to third persons for the purpose of marketing, market research, surveys or the preparation of databases. Personal data may be used for targeted advertising within the framework of providing web-based services and for other similar purposes and, with your consent, for marketing Atria services and products by e-mail.

Atria may use external service providers to procure the technical solutions and services necessary for processing the stored data and use a special technical user interface for opening the stored data. Personal data may be shared with service providers and third persons to the extent necessary for the maintenance, development and provision of online services. Atria may also use services offered by third persons, such as e-mail services, credit card services, data analysis and business data provision services. Atria shall share data with the aforementioned third persons only to the extent necessary for the provision of such services. Atria shall not be liable for the activities or breaches of such third persons.

Atria may share non-personal data (such as anonymous data about the Users, the addresses of the sites that led to the web-based services and the address used for exiting the web-based services, the platform types, the use of online services (i.e. clicking on links, icons, images, etc.)) with third persons in order to help them understand the ways of use of certain content. In exceptional cases, personal data may be disclosed to third persons in a situation where an applicable law or regulation or any other order issued by authorities requires it, or for monitoring and ensuring compliance with the terms and conditions of use of web-based services and for ensuring the security of web-based services.

Atria may disclose personal data in connection with a possible transaction or acquisition of assets where Atria or a unit thereof is sold to a data recipient.

As a rule, personal data must not be transmitted outside the European Union or the European Economic Area. When personal data is transmitted outside the European Union or the European Economic Area, the security and relevance of processing personal data is ensured by way of contracts based on the European Commission standard contract terms and conditions, which correspond to the GDPR, or by applying other security measures.

Atria shall not be liable for the activities of third persons (including people, companies and services), the content of the webpages of third persons, the use of information given to third persons by the Users, or other products or services that third persons may offer, even when such services are related to Atria’s web-based services, e.g. social media message services.

We shall only store the personal data of the Users until necessary in achieving the objective of use defined in this Privacy Policy. Certain data may be stored longer, if this is necessary for the fulfilment of obligations established by law.

PRIVACY TERMS AND CONDITIONS OF EMPLOYEES

CONTACT DETAILS OF THE CONTROLLER

Atria Eesti ASMetsa 19Valga

For further information concerning privacy and personal data processing, please contact us by e-mail at info.estonia@atria.com.

WHAT DO WE USE YOUR PERSONAL DATA FOR AND WHY?

The need to process your personal data primarily arises from the employment relationship between you and the company. In processing your personal data, we as an employer comply with and take into account all our rights and obligations stipulated in legal acts.

Your personal data are gathered and the work-related databases containing your data are created in the recruitment process, in the establishment of an employment relationship, during the employment relationship and upon the termination of the employment relationship.

WHICH PERSONAL DATA AND INFORMATION WE GATHER?

The personal data processed include: name, date of birth, address, phone number, e-mail address, personal identification code, education-related data, data concerning previous professional experience, language skills, curriculum vitae, professional skills, other data related to applying for a job, and all other forwarded data.

HOW DO WE MANAGE AND PROTECT YOUR PERSONAL DATA?

Your data are processed by persons appointed by the employer (authorised processors) who use your data only in the manner and extent stipulated in legal acts and/or for fulfilling the requirements of the management systems of the company.

Your personal data and other information gathered with regard to you are handled with the best possible care. Third persons (including authorities, insurers and pension fund companies, banks, trade unions, the EC, the contractors of third persons providing services, etc.) shall be given access to your data only in the necessary cases and in the necessary extent and on the basis of your consent or request.

Unless legal acts stipulate the obligation to transmit your data and such a need does not arise from the inevitable organisation of the everyday work of the company, the employer shall always ask for your prior consent.

All our partners who have access to your data give us a confirmation of their readiness to fulfil the requirements of the GDPR, the Personal Data Protection Act and other legal acts.

Information security at Atria Eesti is managed in accordance with the Personal Data Processing Policy of Atria Group. All the personal data are in the best possible way protected from unauthorised access and accidental or unlawful processing.

The Personal Data Processing Policy of Atria Group is applied in all the processes related to the information tools and databases of Atria Eesti. This applies to the data processing of Atria Eesti’s employees, partners and customers, and in the case of a contradiction between the personal data processing rules of Atria Eesti and the Personal Data Processing Policy of Atria Group, the latter shall be applied.

The security of Atria Eesti’s systems and processes is of a high level and protected in the best possible way against unauthorised entry and service blocking attacks.

As of 25 May 2018, we comply with the requirements of the EU General Data Protection Regulation (GDPR) in the gathering and processing of personal data. Access to personal data is monitored in accordance with legal acts and generally accepted practices.

Your data shall not be transmitted outside the EU or the EEA, except for the corporate address book information to our group companies.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We shall store your personal data and other personal information gathered during the employment relationship in accordance with the applicable legal acts. The terms for storing data are stipulated in legal acts and/or the rules of administration procedure of the company. The company may store your data for longer if it is required by legal acts only if there are legitimate grounds for storing the data.

Your rights as a data subject:

You shall have the right to:

  • Obtain, within a reasonable period of time from presenting a relevant request, access to your personal data and other information gathered in connection with you, and to receive an electronic or paper copy of the personal data or other information gathered in connection with you;
  • In justified cases, request the rectification of your personal data;
  • Request the deletion of the information gathered in connection with you, including personal data, if the term for storing such information by legal acts has expired and the company does not have a good reason to continue storing the information;
  • Request the restriction or prohibition of the processing of your personal data for a good reason. Upon the employer’s request, you shall have to disclose and certify the grounds for such a request.
  • In justified cases, request the transfer of your personal data to another system.

In order to exercise your rights, please contact the employer by e-mail at info.estonia@atria.com.

If you notice deficiencies in the processing of personal data, you have the right to immediately contact the employer and demand the elimination of the violation. If the employer fails to eliminate the violation within a reasonable period of time, you can submit a complaint to the Data Protection Inspectorate by e-mail at info@aki.ee.