Who are we?
‘Personal information’ means any information about an identified or identifiable natural person, such as their name, address or e-mail, and information about visits to our website, social media channels and use of our services.
Whose data does HoiaMed OÜ process?
HoiaMed OÜ is the personal data controller. If you have any questions, e-mail firstname.lastname@example.org. HoiaMed OÜ processes the data of customers and contact persons who have expressed their wish to use our products/services or who have previously done so. In certain cases, we process personal data that originate from public sources.
Purposes and legal basis of processing personal data of customers
We process the personal data of willing users of our marketing channels and services as well as customers (incl. representatives of customers) for the purpose of performing our contractual obligations and providing potential customers with products, services and information of higher quality.
If HoiaMed OÜ processes personal data for these purposes, the legal basis for the processing is our legitimate interest in ensuring that we correctly offer products and services of the highest quality. We collect data from the marketing channels of HoiaMed OÜ (incl. our website) about their use and the interests of potential customers in order to better understand the real interests of our customers, to provide better information and to improve the functionality and user-friendliness of the website.
In this case, the legal basis of processing is our legitimate interest in better understanding the needs of our customers and providing a better service. For example, HoiaMed OÜ processes data about customers’ purchasing behaviour and whether newsletters are opened and read, as well as data about clicking on advertisements, in order to provide customers with their preferred offers and content.
HoiaMed OÜ processes personal data for the purposes of:
- creating and managing the customer base of HoiaMed OÜ;
- providing new services to customers;
- analysing and improving the services of HoiaMed OÜ;
- managing the website;
- complying with legal requirements;
- responding to customer enquiries; and
- issuing certificates
- The personal data necessary for the execution of payments is transferred to authorized processor Maksekeskus AS.
How are data collected?
As a general rule, we collect personal data directly from data subjects and with their consent. In addition, we use automated data collection tools, including cookies and other tracking tools, to optimise the user experience on our website and to provide better services to our customers.
Cookies, pixel tags and how to remove them
A cookie is a small text file sent by a web server to a user’s browser and saved on the user’s hard drive. This allows the website to remember user preferences, such as font size and user language, device information and traffic statistics.
All web browsers are configured to allow cookies by default, but browser settings can generally be changed so that the browser rejects cookies altogether, blocks third-party cookies or notifies the user of any cookies sent.
Pixel tags are small snippets of code on a website which allow the website to read and install cookies. These are triggered when a user opens an e-mail or visits a website, after which the third-party cookies are downloaded or it is registered that the user has opened the e-mail.
HoiaMed OÜ uses the following cookies:
- Session cookies (temporary cookies), which are designed to enable the use of a service
- Persistent cookies (saved on a user’s computer after closing the web browser), the purpose of which is to remember the choices made by the customer on HoiaMed OÜ’s webpages
More specifically, HoiaMed OÜ uses:
- analytical cookies that collect information about how the website is used(for example, which content pages are visited the most or what visitors search for on the website). These cookies do not collect information that allow website users to be directly identified. These include Google Analytics and Hotjar cookies;
- advertising cookies that help serve ads that are targeted at the user’s interests. For example, the HoiaMed.ee website includes the Facebook Pixel code, and if you no longer wish to see HoiaMed OÜ’s website advertisement on Facebook, you can disable said cookie. Open https://www.facebook.com/ads/preferences and delete HoiaMed under “Advertisers you’ve interacted with”; and
Users have the right to refuse the storage of cookies on their computers. To do this, a user needs to amend their web browser settings.
Instructions on configuring the most commonly used web browsers can be found online:
Internet Explorer: http://support.microsoft.com/kb/278835
If a user blocks cookies, they must bear in mind that not all of the website’s functions may be accessible after doing so.
Processing of data
HoiaMed OÜ may process the following personal data:
- Contact details – name, e-mail and phone number
- Payer details and delivery address
- Bank account number
- Cost of goods and services and payment details (purchase history)
- Customer support details
- Other details related to customer surveys and/or offers
The personal data stored in the online store can be accessed and corrected in the store’s account managementsection. If a purchase is made as a guest (without a user account), you can request your personal data or ask that they be amended by e-mailing email@example.com.
If personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw their consent by sending a written request to this effect to firstname.lastname@example.org.
- Data collected and generated during the performance of the contract – Personal identification code, customer preferences in connection with HoiaMed OÜ’s services and products, feedback on our products/services, information on the customer’s job, business processes or study habits and preferences
- Automatically collected data – Data obtained from a user’s web browser, including browser type, device type, user language, the address of the website the user came from, which content pages they opened and the user’s IP address and other traffic data
- User’s interactions with HoiaMed OÜ’s e-mails – Including data on which e-mails the user opened as well as when and how they were opened
- Other personal data – Data which you have made publicly available or available to us on third-party social networks, such as LinkedIn, Facebook, Google Plus and Instagram
HoiaMed OÜ does not process special categories of personal data as a data controller.
Sharing personal data
HoiaMed OÜ does not transfer customer data outside of the European Economic Area (EEA).
HoiaMed OÜ does not share customers’ personal data with third parties, except under the circumstances listed below. All data are solely used for communication and for the provision of better products and services.
We may share your personal data in the following cases:
- Sending educational material by post – Persons, institutions and organisations mediating or providing postal services
- Debt collection – Debt collection service providers and payment default registers
- State supervision authorities and the police
- Data of customers of the Estonian Unemployment Insurance Fund to the fund’s training consultants
- Public feedback, with the customer’s consent.
Security, use and storage of personal data
HoiaMed OÜ may send information about its services, products, newsletters and offers to customers if they have provided us with their contact details and as long as they have not requested that such activities cease and have not left the group of newsletter recipients.
Security of personal data
Secure storage of personal data is HoiaMed OÜ’s highest security priority. We make every effort to prevent unauthorised access to and the disclosure and other unlawful processing of personal data. We protect the confidentiality and integrity of personal data and ensure access to the data in accordance with applicable legal acts.
We have established reasonable and adequate organisational measures as well as technical and physical restrictions to protect the personal data we collect and process. The measures used depend on the type of personal data and the possible consequences of their disclosure.
HoiaMed OÜ has applied the required technical, physical and organisational security measures to protect personal data of customers against loss and unlawful processing.
Retention period – how long do we store personal data for?
HoiaMed OÜ retains personal data only for as long as is necessary to achieve the purpose of their collection. The period of retention also depends on the need to reply to the enquiries of data subjects, resolve problems and comply with the legal requirements for retention of documents.
When we no longer need the personal data and the law does not require them to be retained, we delete personal data.
We may continue to use these data for statistical purposes, but only in a pseudonymised or anonymised form.
If you have any questions, please e-mail email@example.com.
Rights of customers (data subjects)
Customers have the right to access their own personal data processed by HoiaMed OÜ as well as to request the correction of inaccurate personal data.
If a customer has questions about their rights or feels that HoiaMed OÜ has violated their rights in the course of processing their personal data, then they should contact HoiaMed OÜ at firstname.lastname@example.org.
If you do not wish to receive marketing notices from HoiaMed OÜ, you can unsubscribe by following the unsubscribing instructions in the footer of each marketing notice or by contacting us via our contact page.
Rights of data subjects
Right to rectification – The right of a data subject to request that inaccurate personal data concerning them be rectified without undue delay
Right to erasure – The right of a data subject to request that personal data concerning them be deleted without undue delay if certain additional conditions are met.
In some cases, a data subject has the right to restrict the processing of their personal data.
The data subject has the right to access the personal data we store about them and that they have provided us with, as well as the right to request the transfer of these data to another controller if this is technically possible and the processing takes place on the basis of consent or an agreement and automatically.
On grounds relating to their particular situation, a data subject has the right to object at any time to the processing of personal data concerning them, which is based on the relevant provisions of legislation, including profiling based on those provisions.
Unless otherwise specified in legislation, a data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal consequences for them or affects them significantly.
If the processing of personal data is based on a data subject’s consent, the data subject can withdraw their consent at any time without this affecting the lawfulness of the processing based on the consent before its withdrawal.
If you wish to exercise these rights, please contact us by e-mailing Info@hoiamed.ee. The supervisory authority is the Estonian Data Protection Inspectorate (email@example.com).