Personal data is information about person, ie a natural person (data subject), by which he or she can be directly or indirectly identified: name, personal identification number, location information, network identifiers (characteristics that help to bring a particular person in a communication network), as well as physical, genetic, mental, economic, cultural and any other identifiable traits and combinations thereof.
Processing of personal data is any operation performed on data: collecting, organizing, storing, modifying, reading, using, transmitting, merging, deleting etc.
We value your privacy and process your personal data in accordance with the applicable legislation concerning the protection of personal data, including the Regulation (EU) 2016/679 (the GDPR) and the Personal Data Protection Act (hereinafter referred to as the “data protection law”). We implement appropriate organizational, IT related and other necessary security measures to ensure the security of your personal data.
If you have any questions regarding this Privacy Notice or the processing of your personal data, please do not hesitate to contact us.
WHICH DATA DO WE COLLECT AND WHY DO WE COLLECT THEM?
We collect our personal information in the following ways:
- You provide us with your personal information yourself.
- Your personal data is provided to us by representative or another user
- Your personal data is provided to us by third party (e.g., if a third-party payment provider confirms whether or not your payment was successful).
PERSONAL DATA TO BE PROCESSED AND LEGAL BASIS FOR PROCESSING
We process your personal data mainly for concluding and fulfilling the agreement. This includes providing customer support and contacting you for other reasons related to the Platform and the Services. To fulfill these purposes, we process the following data:
- identification data, such as name, date of birth, picture.
- contact information, such as address, phone number, email.
- data concerning the work (company name, position of the client in the company).
- communication data concerning the work (workplace email address, phone, messages sent to us.
- data related to the use or our Services.
If you are a customer, the basis of your personal data is performance of the agreement or the application of measures at your request before concluding the agreement. If you are a representative, the legal basis for processing your personal data is our legitimate interests in enabling the use of our Platform and Services or the legitimate interests of the Customer in using our Platform and Services.
If you are a potential customer, we process your personal data for the marketing purposes. To achieve the above, we may process the following personal data:
- business e-mail
- business phone
- data about the company
- your position in the company
- communication data
- data related to the use of our Platform and Services
The legal basis for the processing of your personal data is our legitimate interests in the marketing of our Platform and Services. In addition, we may process your personal data to protect our rights (to identify, file and protect legal claims).
We do not process any special categories of personal data. As our Services are not available to persons under the age of 18, we do not process personal data under the age of 18.
Your inquiries and requests
When you visit our Platform at, we may collect and process personal data that you provide by filling in forms on our Platform (including your name, e-mail address, phone number).
We process these data for the purposes of answering your inquiries, handling your feedback, and fulfilling your requests. The legal basis for processing your data is our legitimate interest (Article 6(1)(f) of the GDPR) to communicate with you and to provide you with a good customer experience. If you use the form on our website to apply as a candidate, the legal basis for processing your data may also be the taking of steps at your request prior to entering into a contract (Art 6(1)(b) of the GDPR).
PROCESSING ON CONSENT
We may also process your personal data with your consent (e.g., for direct marketing purposes). If the processing is based on the consent, you can withdraw your consent any at time by contacting us by email at firstname.lastname@example.org. Please note that withdrawal of consent does not affect the lawfulness of processing based on consent, which took place before the withdrawal of consent.
AUTHORIZED DATA PROCESSORS
AFRK50 is the authorized data processor, however we may use carefully selected service providers (authorized data processors) to process your data. By doing so, we would remain fully responsible for your personal information. We may use the following categories of data processors: data collectors, management and storage providers, e-mail service providers, pop-up service providers, customer relationship management and feedback service providers, direct marketing service providers, payment service providers, accountants, legal and other advisers.
RECIPIENTS OF YOUR PERSONAL DATA
All Users and AFRK50 will have access to your personal data as per our General Terms and Conditions.
We may also share your personal data with our trusted services providers when they provide services to us or to you on behalf of us and under our instructions. We will control and shall always remain responsible for the use of your personal data.
Statistical browsing data may be accessible to our service providers like Google who provide us with tools for analytics.
Your data may in some cases be shared with external advisors and audit firms if we are obligated under law to share information or to manage and defend legal claims.
Your personal data may be disclosed to public authorities if we are required to disclose personal data by law or comply with a lawful request of authorities.
TRANSFERS OF YOUR PERSONAL DATA TO THIRD COUNTRIES
We always strive to store and process personal data within European Economic Area (EEA, i.e., the Member States of the European Union, together with Norway, Iceland and Liechtenstein). We transfer personal data outside of the EEA only where it is compliant with the applicable data protection legislation and the means of transfer provide adequate safeguards in relation to your data.
We implement sufficient technical and organizational security measures to protect your personal information, considering the state of the technology, implementation costs, the nature, extent, context and purposes of the processing and the risks you bear. Such security measures include, but not limited to, encrypted storage and access control.
RETENTION OF YOUR PERSONAL DATA
Cookies are usually valid for up to 2 years. You may delete them any time. Data that we have collected via Google Analytics is automatically deleted after 26 months after the last visit.
Your personal data will only be stored for as long as they are necessary for the collection of the data to meet the objectives set, after which the data will be deleted immediately.
When you communicate with us through our website or visit our premises, we normally only keep your data for up to a year, but depending on the type of communication, we may be required to retain the communication for a longer period if this is required to fulfil the purpose of processing
In some cases, personal data may be stored for a longer period if storage of personal data is required to protect our or any third parties’ legitimate interests, e.g., in case of a legal dispute.
If the term of retention of personal data expires, we permanently erase your personal data.
YOUR RIGHTS AS A DATA SUBJECT
You as the data subject have the following rights, considering the statutory restrictions from applicable data protection law upon exercising these rights:
- right to access the personal data processed about you; right to obtain a confirmation from us of processing your personal data. At your request
- right to the rectification of your personal data in case the data are incorrect or incomplete
- right to demand the deletion of personal data except when we can lawfully refuse such a request
- right to demand the restriction of personal data processing
- right to object to the processing of your personal data
- right to withdraw your consent for the processing of your personal data if the legal basis for such processing is your consent
If you wish to exercise the rights described above or if you find that your personal data has been unlawfully processed or if you have any other complaints, please contact our data protection coordinator by e-mail at email@example.com .
You also have the right to lodge a complaint with the competent data protection supervisory authority or file a claim with the court if you find that your personal data has been processed unlawfully. The competent data protection supervisory authority in Estonia is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, address Tatari 39, 10134 Tallinn; e-mail: firstname.lastname@example.org ; phone number: +372 627 4135; website: www.aki.ee ).