Data Protection in Itella (valid until 20.06.2023)
The appropriate processing of personal data is taken very seriously at Itella Estonia OÜ (Itella). This includes fair and transparent processing, and acknowledging and complying with the principles of data protection.
When processing personal data, Itella follows the applicable data protection laws, international data protection legislation and the provisions, orders, instructions and recommendations laid down by the competent data protection authorities.
Personal data means any information relating to an identified or identifiable natural person (e.g. contact details: name, telephone number, postal address, e-mail address as well as the data arising upon sending inquiries, feedback or e-mails).
We process personal data of Itella’s customers, i.e. users of services, in order to perform our contractual obligations.
Itella processes personal data based on a legitimate interest in the following events: to avoid violations of law or prevent damage, for the purposes of strengthening the security of technical systems or payments, to develop business activities and elaborate new Services (data analyses, market surveys and customer polls, etc., are conducted), to manage risks of business activities, to file reclamations and, in certain events, for direct marketing purposes.
- Based on the customer’s separate consent, Itella may communicate, by way of direct marketing, marketing notices (newsletter, campaign offers, prize draws, satisfaction surveys, etc.) by telephone, e-mail, SMS and other e-channels. The customer has the right to withdraw their consent at any time as well as to refuse advertising and offers, sending a respective notice to the e-mail address email@example.com. Information about the opportunity to waive advertising and offers is also set out next to the electronically communicated offer or advertising.
- Itella uses automated processing of personal data, i.e. profiling and data modelling, in order to offer services that correspond to the Customer’s preferences, determine prices of the services, detect fraud and the threat of fraud or achieve marketing goals. In the event of automatic decision-making, the data used for making decisions are those that Itella has about the Customer. The Customer has the right to send Itella their opinion and contest automatic decisions, sending a respective notice to the e-mail address firstname.lastname@example.org.
Processing of personal data is made transparent so that the data subject has the right to gain knowledge of the processing of their data in Itella. Transparency also requires that, if necessary, the decisions, choices and implementations and the grounds for them can be shown from documents in connection to the processing of personal data.
The safeguards and controls for protecting the personal data processed by Itella are selected based on a risk assessment. This way, risks are assessed based on the needs of the business as well as based on the data subjects and the information regarding them.
When a subcontractor processes Itella’s personal data for Itella, Itella is responsible for ensuring that the subcontractor processes data according to the same principles as Itella.
Any misuse or malpractice of personal data or a threat posed to them are investigated, and they are reported and communicated according to the severity of the case.
Itella’s target is to always comply with the following data protection principles when processing personal data at Itella:
- Lawfulness, fairness and transparency
Personal data must be used in a lawful, fair and transparent manner from the perspective of the data subject.
- Purpose limitation
Personal data must be collected for a specified, explicit and legitimate purpose and not processed further in a manner that is incompatible with the original purpose.
- Data minimisation
Personal data must be adequate, relevant and limited to what is necessary for those purposes for which the data is processed.
Personal data to be processed must be valid, accurate and updated, if necessary.
- Storage limitation
Personal data can only be stored for as long as is necessary for fulfilling the purpose.
- Authenticity, integrity and confidentiality
Personal data must be processed in a manner that ensures appropriate data security, including protection from unlawful or unauthorised processing and accidental destruction, loss or damage (data security).
Itella’s target is to always be able to demonstrate with both documents and practice that it complies with the abovementioned principles (accountability).