Principles of customer data processing and privacy policy

We value all our customers and respect their right to privacy and data protection. We want our customers to be aware of the reasons and how we use their data, what are their rights and how they can protect their rights. Here you can find all information about SCHWARZSTORCH OÜ data processing. SCHWARZSTORCH OÜ wants to be a reliable partner in data processing and privacy policy.

  1. DEFINITIONS
    1. The data subject is a individual person for whom SCHWARZSTORCH OÜ has information or information that can be used to identify a individual person. Data subjects are for example, Customers, Visitors, Partners, and Employees for whom SCHWARZSTORCH OÜ have personal data.
    2. Principles of Customer Data Processing and Privacy Policy (hereinafter the Privacy Policy) is this text, which sets forth the principles of processing personal data of SCHWARZSTORCH OÜ.
    3. Personal Information is any information about an identified or identifiable individual person.
    4. Processing of Personal Data is any act performed by the Data Subject with Personal Data. For example collecting, recording, organizing, storing, modifying and disclosing personal data, providing access, performing queries and retrieving, using, transmitting, cross-linking, merging, closing, deleting or destroying, or several of the previously mentioned operations, regardless of the manner in which the operations are performed and the means used.
    5. Customer is any individual or legal person who uses or has expressed a wish to use the Services of SCHWARZSTORCH OÜ.
    6. The Agreement is a Service Agreement or other agreement between SCHWARZSTORCH OÜ and the Customer.
    7. Website is the website of SCHWARZSTORCH OÜ, in particular www.schwarzstorch.com.
    8. The visitor is the person who uses the website of SCHWARZSTORCH OÜ.
    9. Services are all services and products offered by SCHWARZSTORCH OÜ.
    10. Cookies are data files that are sometimes stored on visitor device.
    11. The person responsible for data protection in SCHWARZSTORCH OÜ is the person who follows the Principles of Processing Personal Data at SCHWARZSTORCH OÜ and with whom the Data Subject can contact in case of a complaint.
    12. Sales channels are the means of communication with the Data Subject, used by SCHWARZSTORCH OÜ, a tool for the sales of goods and the provision of services. As an example email, phone, public and social media, various chat lines, individualized and interactive ads, and other similar tools on Websites and elsewhere.
    13. The Service Portfolio is a range of SCHWARZSTORCH OÜ products and Services, which are available on the Website or on a received offer.
    14. Customer Account is the personal data account of the Data Subject, which in particular gives access to his / her data and services and through which the Client identifies himself / herself. The Customer Account belongs to the Data Subject and is valid during the validity of the Agreement.

The terms used in the Privacy Policy, the Agreement, and the communication between the Parties shall have the meanings indicated above.

  1. GENERAL PROVISIONS
    1. SCHWARZSTORCH OÜ is a legal entity with registry code 14585984, located in Harju County, Tallinn, Nõmme district, Pärnu mnt 388b, 11612.
    2. Personal data may be processed by SCHWARZSTORCH OÜ:
      1. identifying the purposes and means of processing as a controller;
      2. as processor in accordance with the instructions of the controller;
      3. as a recipient to the extent that Personal Data is transmitted.
      4. The list of authorized processors of SCHWARZSTORCH OÜ and other data is available for inspection at the request of the Data Subject.
    3. Current SCHWARZSTORCH OÜ Privacy Terms are an integral part of the Agreement between SCHWARZSTORCH OÜ and the Customer.
    4. The Privacy Terms apply to the Data subjects and the rights and obligations specified in the Privacy Policy are the responsibility of all employees and partners of SCHWARZSTORCH OÜ who have contact with Personal Data held by SCHWARZSTORCH OÜ.
    5. Privacy Statements may be supplemented by privacy notices published on the Website or on devices, and may be subject to changes or supplementation by the Privacy Policy.
  1. GENERAL PRINCIPLES
    1. When processing Personal Data, SCHWARZSTORCH OÜ always follows the interests, rights and freedoms of Data subjects.
    2. The goal of SCHWARZSTORCH OÜ is to be responsible Personal Data processor, which is based on best practice and is always ready to demonstrate the compliance of the Processing of Personal Data with the set goals.
    3. SCHWARZSTORCH OÜ all processes, guides, operations and activities related to the Processing of Personal Data are based on the following principles:
      1. Legal. There is a legal basis for processing personal data, such as agreement;
      2. Justice. Processing of Personal Data is fair, in particular by requiring the Data Subject to have sufficient information and information about how Personal Data is processed.
      3. Transparent. Processing of Personal Data is transparent to the Data Subject, including through the Client Account created specifically for this purpose, which explains in simple language why, how and when Personal Data is processed.
      4. Purpose. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. It is possible for the Data Subject to check the specific purpose of the Data Processing.
      5. Minimized. Personal data is relevant, important and limited to what is necessary for the purpose for which they are processed. When processing Personal Data, SCHWARZSTORCH OÜ shall follow the Minimum Processing Principle and if Personal Data is not necessary or is no longer necessary for the purpose for which it was collected, the Personal Data shall be deleted;
      6. Correct. Personal data are correct and up-to-date, and all reasonable steps have been taken to ensure that inappropriate Personal Data will be corrected or deleted.
      7. Restriction on storage. Personal data shall be kept in a form which permits identification of the Data Subject only for as long as it is necessary for the purpose for which the personal data are processed. This means that if SCHWARZSTORCH OÜ wants to keep Personal Data longer than is necessary for the purpose of the collection, SCHWARZSTORCH OÜ will anonymize the data such that the Data Subject is no longer identifiable. In the case of data that SCHWARZSTORCH OÜ has obtained through a customer or similar relationship, SCHWARZSTORCH OÜ will, in accordance with best practice and Data Subject to consent, retain generally until the withdrawal of consent. Deadlines for storage are set by SCHWARZSTORCH OÜ internal rules.
      8. Reliability and confidentiality. Processing of Personal Data shall be carried out in a manner that ensures appropriate security of the Personal Data, including protection from unauthorized or illegal Processing and accidental loss, destruction or damage through reasonable technical or organizational measures. SCHWARZSTORCH OÜ has internal rules, internal instructions or regulations for employees, as well as separate contracts with each authorized processor that provides best practices, continuous risk assessment and appropriate technical and organizational measures for the processing of Personal Data.
      9. Default and integrated data protection. SCHWARZSTORCH OÜ ensures that all systems used meet the required technical criteria. Appropriate data protection measures are prepared for updates or design of each information and data system (eg, information systems and business processes are built around pseudonymization and encryption assumptions).

SCHWARZSTORCH OÜ observes the purpose of processing Personal Data, and is always ready to prove compliance with the previously mentioned principles, and additional information can be requested from the Management Board regarding compliance with these principles.

  1. PERSONAL DATA
    1. SCHWARZSTORCH OÜ Processes and collects in particular following types of Personal Data:
      1. Personal Data Published by the Data Subject to SCHWARZSTORCH OÜ;
      2. Personal Data resulting from the normal communication between the Data Subject and SCHWARZSTORCH OÜ;
      3. Personal Data obviously disclosed by the Data Subject (eg in social media);
      4. Personal data generated when using the Services;
      5. Personal Information (eg time spent on the Website) resulting from visiting and using the Website;
      6. Personal data from third parties;
      7. Personal data created and combined by SCHWARZSTORCH OÜ (e-mail correspondence or order flow and history list).
      8. Personal data generated from the customer relationship between the Data Subject and SCHWARZSTORCH OÜ.
  1. PERSONAL DATA PROCESSING OBJECTIVES AND PRINCIPLES
    1. SCHWARZSTORCH OÜ Processes Personal Data exclusively on the basis of consent or law. The principles for processing Personal Data arising from law include, but are not limited to, a legitimate interest or Agreement between the Data Subject and SCHWARZSTORCH OÜ.
    2. On the basis of consent The Personal Data is processed within the limits, to the extent and for the purposes specified by the Data Subject. In the case of consent, the principle of SCHWARZSTORCH OÜ is that each consent must be clearly distinguishable from other issues, and in an understandable and easily accessible form, in clear and simple language. Consent may be given in writing or by electronic means or as an verbal statement. The data subject gives consent voluntarily, specifically, knowingly and unequivocaly, for example, by marking the cell on the Website.
    3. While signing and fulfilling the Contract, Processing of Personal Data may be specified in a specific Agreement, but SCHWARZSTORCH OÜ may process Personal Data for the following purposes:
      1. To take pre-contractual measures at the request of the Data Subject;
      2. To take pre-contractual measures to prevent money laundering and terrorist financing.
      3. Customer identification to the extent required by due diligence;
      4. Fulfillment of the Customer’s obligations regarding provision of its Services;
      5. Communicating with the client;
      6. Securing the customer’s payment obligation;
      7. Claiming, realizing and protecting claims.
    4. In order to enter into a contract of employment on the basis of a contract and a legitimate interest, SCHWARZSTORCH OÜ will apply the Personal Data Processing as follows:
      1. Processing of the data submitted by the candidate to SCHWARZSTORCH OÜ for the purpose of concluding an employment contract;
      2. the Processing of Personal Data received from the person who was marked as a reference by the candidate;
      3. Processing of Personal Data collected from national databases and registers and from public (social) media.

If the candidate for employment is not elected, SCHWARZSTORCH OÜ will keep the Personal Data collected for the employment contract only for two years in order to make a job offer to the candidate upon release of a suitable job position. Two years after submission of the application for employment Personal Data will be deleted.

    1. Legitimate interest means SCHWARZSTORCH OÜ’s interest in managing its own business to provide the best possible Services on the market. On the basis of the law, SCHWARZSTORCH OÜ processes Personal Data only after careful evaluation and confirmation that SCHWARZSTORCH OÜ has a legitimate interest on the basis of which the Processing of Personal Data is necessary and in accordance with the data subject’s interests and rights (after performing a three-step test). In particular, the Processing of Personal Data may be based on legitimate interest for the following purposes:
      1. To secure a trusted customer relationship, such as Processing Personal Data, strictly necessary to identify actual beneficiaries or to prevent fraud and money laundering and terrorist financing;
      2. Managing and analyzing the customer base to improve the availability, choice, quality of the Services and Products, and to make the best and most personalized offers to the Customer upon consent;
      3. Identifiers and Personal Information collected by websites and other services. SCHWARZSTORCH OÜ uses the collected data for web analysis or service analysis, to ensure reliable workflow, to improve processes, to produce statistics and to analyze the visitor’s behavior and usage experience, and to provide a better and more personalized Service;
      4. Conducting campaigns, including arranging personalized and targeted campaigns, conducting customer and visitor satisfaction surveys and measuring the effectiveness of marketing activities performed;
      5. Analyzing Customer and Visitor Behavior in various sales channels, websites;
      6. Service monitoring. SCHWARZSTORCH OÜ may store notices and orders given on its own premises as well as by means of communication (e-mail, telephone, etc.), as well as information and other actions that SCHWARZSTORCH OÜ has made and, if necessary, uses them for verifying orders or other operations;
      7. Actions for network, information and cyber security, such as fighting piracy and securing Websites and making and storing backups;
      8. For organizational purposes. In particular for financial management and also for the processing of personal data of Clients or employees;
      9. for the preparation, submission or defense of legal claims.
    2. For the purpose of fulfilling an obligation by the Law, the Personal Data shall be processed by SCHWARZSTORCH Oü for the performance of the obligations provided by law or for the implementation of permitted uses permitted by law.
    3. If the Processing of Personal Data is for a new purpose than the one for which the Personal Data was originally collected or is not based on the consent of the Data Subject, SCHWARZSTORCH OÜ shall carefully evaluate the permissibility of such new Processing. SCHWARZSTORCH OÜ will determine whether the New Purpose is consistent with the purpose for which Personal Data was originally collected, including:
      1. the link between the purposes for which the Personal Data was collected and the intended further Processing intensions;
      2. The context of the collection of personal data, in particular the relationship between the Data Subject and SCHWARZSTORCH OÜ;
      3. The nature of the personal data, in particular whether personal data relating to specific categories or Personal Data relating to convictions and offenses in criminal matters;
      4. the possible consequences of the proposed further processing for Data subjects;
      5. the existence of appropriate protection measures, such as encryption and pseudonymisation.
  1. DISCLOSURE AND / OR TRANSMISSION OF CUSTOMER DATA TO THIRD PARTIES
    1. SCHWARZSTORCH OÜ cooperates with persons to whom SCHWARZSTORCH OÜ may provide data subject data, including Personal Data, within the framework of and for the purpose of cooperation.
    2. Such third parties may include SCHWARZSTORCH OÜ accounting and financial services partners, government agencies, advertising and marketing partners, companies that conduct customer satisfaction surveys, debt recovery service providers, payroll registers, IT partners, e-mail service providers, persons or agencies, in terms of:
      1. the purpose and Processing are legitimate;
      2. Processing of Personal Data is carried out in accordance with the instructions of SCHWARZSTORCH OÜ and under a valid agreement;
      3. For such authorized processors, data have been declared to Data subjects;
    3. SCHWARZSTORCH OÜ will only transfer Personal Data outside the European Union if:
      1. The European Commission has decided that there is sufficient protection in this country;
      2. SCHWARZSTORCH OÜ has put in place adequate protection measures (etc binding corporate rules or standard data protection clauses);
      3. The data subject has confirmed the transfer after being informed by SCHWARZSTORCH OÜ of the possible dangers of such transmission resulting from the absence of relevant protection measures;
      4. if the transfer is necessary for the performance of a contract between the Data Subject and the controller or for the implementation of pre-contractual measures taken at the request of the Data Subject;
      5. where the transfer is necessary for the conclusion or performance of a contract between the controller and another individual or legal person in the interest of the Data Subject;
      6. transmission is necessary for the public interest;
      7. transmission is necessary for the preparation, filing or protection of legal claims;
      8. transmission is necessary to protect the vital interests of the Data Subject or other persons if the Data Subject is physically or legally incapable of giving consent;
      9. the transfer is made from a register which, under European Union or national law, is intended to inform the public and is open to inspection by the general public or anyone who can prove a legitimate interest, but only to the extent that, the access conditions are fulfilled under European Union or Member State law;
      10. transmission is not repeated, concerns only a limited number of Data subjects, it is necessary to protect the legitimate interests of SCHWARZSTORCH OÜ in respect of the Data Subject’s interests, rights or freedoms and when all circumstances relating to the transmission have been assessed and appropriate protection measures have been established to protect the Personal Data. SCHWARZSTORCH OÜ announces the transfer to the Data Protection Inspection.
  1. SECURITY OF PROCESSING PERSONAL DATA
    1. SCHWARZSTORCH OÜ stores Personal Data only for the strict minimum time required. Personal data for which the retention period has expired will be destroyed using best practices and in accordance with the procedures established by SCHWARZSTORCH OÜ for this purpose.
    2. SCHWARZSTORCH OÜ has established guidelines and rules of procedure on how to ensure the security of Personal Data through both organizational and technical measures.
    3. In case of any incident with respect to Personal Data, SCHWARZSTORCH OÜ shall take all necessary measures to relieve the consequences and hedge future risks. Among other things, SCHWARZSTORCH OÜ registers all incidents and informs the Data Protection Inspection and the Data Subject directly (eg via e-mail) or publicly (eg via news).
  1. PROCESSING OF PERSONAL DATA OF CHILDREN
    1. SCHWARZSTORCH OÜ services are not aimed at children.
    2. If SCHWARZSTORCH OÜ becomes aware that it has collected Personal Data about the Child, SCHWARZSTORCH OÜ will do its best to terminate such Processing of Personal Data.
  1. RIGHTS OF THE DATA SUBJECT
    1. Authorization rights:
      1. The Data Subject has the right at any time to notify SCHWARZSTORCH OÜ of its wish to withdraw the Processing of Personal Data.
      2. Data Subject can view, modify and withdraw the approval given to SCHWARZSTORCH OÜ in the Customer Account or by contacting SCHWARZSTORCH OÜ. Contacts can be found in section 13 of the Privacy Policy.
    2. The Data Subject also has the following rights when processing Personal Data:
      1. Right to receive information, the Data Subject has the right to receive information about the Personal Data collected about him / her.
      2. Right to Access Data. Including the right for the copy of Processed Personal Data. The Client has the opportunity to get info about the Personal Data collected by SCHWARZSTORCH OÜ on the Client Account.
      3. Right to demand correction of inaccurate Personal Data. The Data Subject may also correct incorrect data in his / her Client Account.
      4. The right to erase the data, in some cases the Data Subject, has the right to request that the Personal Data must be deleted, for example, if the Processing is performed only on the basis of agreement.
      5. Right to restrict the Processing of Personal Data. This right arises if the Processing of Personal Data is not permitted by law or if the Data Subject contests the accuracy of the Personal Data. The Data Subject has the right to request that the Processing of Personal Data be restricted for a period of time that enables the Controller to verify the correctness of Personal Data or if Processing of Personal Data is illegal, if the Data Subject does not request the deletion of personal data.
      6. The right to transfer data, Data Subject is entitled to receive Personal Data in machine-readable form or transferred to another responsible processor in some cases.
      7. Rights related to Automated Processing means that the Data Subject has the right, at any time, to object to decisions made based on automated Personal Data Processing. For the sake of clarity – SCHWARZSTORCH OÜ can process Personal Data for business-driven automated decisions (eg in the marketing context for segmenting and personalizing personalized messages, initiating an employment relationship, and ensuring that our employees comply with our internal security policies). Automated Processing can partly rely on data collected from public sources. Data Subject has the right to avoid any decisions based on automatic Personal Data Processing if they can be classified as profiling;
      8. The right of the supervisory authority to evaluate whether the processing of the Personal Data is legal;
      9. Compensation for damage caused by the Processing of Personal Data to the Data Subject.
  1. CLAIMING THE RIGHTS AND SUBMISSION OF COMPLAINTS
    1. Claiming the rights:
      1. The data subject has the right to contact SCHWARZSTORCH OÜ in the contact details provided in clause 15 in case of any question, application or complaint related to the Processing of Personal Data.
      2. SCHWARZSTORCH OÜ encourages Data Subjects to use their rights to claim info about their personal data issues.
    2. Submitting complaints:
      1. The data subject has the right to appeal to the SCHWARZSTORCH OÜ and the Data Protection Inspection or the court if the Data Subject finds that his / her rights have been violated in the processing of Personal Data.
      2. Contact details of the Data Protection Board (AKI) can be found on the AKI website: http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon
  1. COOKIES AND OTHER WEB TECHNOLOGIES
    1. SCHWARZSTORCH OÜ may collect data about the visitors of Websites and other Information Society Services using Cookies (ie, small information chips stored on the hard drive of the visitor’s computer or other device by the visitor’s browser) or other similar technologies (e.g., IP address, device information, location information).
    2. SCHWARZSTORCH OÜ uses the data collected to provide the Service in accordance with the habits of the Visitor or the Customer; to secure the best quality of service; inform the visitor and the Customer of the content and make recommendations;
      Make ads more relevant and improve marketing efforts; to facilitate login and data protection. The data collected is also used to count the Customers and to save their usage patterns.
    3. SCHWARZSTORCH OÜ uses session, permanent and marketing cookies. The session cookie is automatically deleted after each visit; permanent cookies remain only on repeated use of the Website, and marketing and third party Cookies are used by the SCHWARZSTORCH OÜ affiliate Websites related to the SCHWARZSTORCH OÜ Website. These Cookies are not controlled by SCHWARZSTORCH OÜ, so you can get information about these cookies from third parties. Visitors need to agree manually the use of Cookies to on the Website, in the settings of the Information Society service or in the web browser.
    4. Most browsers allow cookies. Without fully accepting Cookies, the Website features are not available to the Visitor. Enabling or disabling cookies and other similar technologies is under the control of the visitor through their own web browser settings, information society settings, and such privacy enhancement platforms.
  1. IMPORTANT DOCUMENTS, INSTRUCTIONS, PROCEDURES
    1. The following documents, procedures and instructions apply when implementing the SCHWARZSTORCH OÜ Privacy Policy:
      1. The internal rules set out all the purposes, ways of processing the Personal Data, the types and categories of Personal Data processed and the Processing Principles, as well as the different measures that SCHWARZSTORCH OÜ implements to keep personal data always confidential and secure.
      2. On Customer Account, through which the Data Subject can access his / her own Personal Data, Data Subject can correct, modify, and enforce any other rights granted under this Agreement and these Terms and Conditions;
      3. All About Cookies: Descriptions of cookies and other web technologies used by SCHWARZSTORCH OÜ;
      4. Your Online Choices; About Ads; Network Advertising: A platform for checking and monitoring cookies and other web technologies that allows the Data Subject to change and control how Personal Data is used and collected.
  1. CONTACTS AND INFORMATION
    1. SCHWARZSTORCH OÜ Contact details for the data subject:
      1. SCHWARZSTORCH OÜ can be contacted by e-mail huebner@schwarzstorch.com
  1. OTHER TERMS
    1. SCHWARZSTORCH OÜ has the right to unilaterally change these Privacy Terms. SCHWARZSTORCH OÜ will inform the Data Subjects of the changes on the website of SCHWARZSTORCH OÜ by e-mail or by other means.
    2. Last modified and enforced privacy terms:
PublicationApplies to existing Guest and CustomersApplies to New Visitors and CustomersMain changes
24.02.202124.02.202124.02.202124.02.2021