+358 44 539 6453 / +372 5363 3689
PLASTIKAKIRURGIA FINEST’S PRIVACY NOTICE
Before we process your (our external data subjects, see Section 3 below) personal data, with this this Privacy Notice we provide you with the information according to Articles 13 and 14 of the GDPR. Our internal data subjects are e.g. our employees and shareholders, and they receive similar notifications separately.
1) CONTROLLER
Name: Plastikakirurgia Finest OÜ
Address: Kotka 12 C2, 11315 Tallinn, Estonia
Contact details: privacy@plastikakirurgiafinest.ee
| 2) DATA SUBJECTS AND PERSONAL DATA | 3) PURPOSE FOR PROCESSING | 4) LEGAL BASIS FOR PROCESSING |
|---|---|---|
| Customers and potential customers: - contact details - customer relationship data | Management and development of customer relationships Management of photographs and references on our website Direct marketing to our customers: - emails - phone calls | Contract - to perform the contracts to which we are a party Consent - if we receive your consent, we can process your photographs on our website Our legitimate interest - to manage and develop our customer relationships and further develop our business operations NB! You have a right to opt-out of direct marketing each time we provide marketing to you. |
| Affiliates and potential affiliates: yhteistyökumppanit: - contact details - affiliate relationship data | Management and development of affiliate relationships | Contract - to perform the contracts to which we are a party to |
| Jobseekers: - contact details - CV - possible registration data - possible other data the data subject chooses to disclose to us | Management of job applications and jobseeker relationships Compliance with legal obligations | Our legitimate interest - to manage our jobseekers and possibly employ them NB! You have a right forbid us from processing your personal data. Legal obligations - to comply with several legal obligations as an employer |
| Persons who contact us, including social media contacts (e.g. persons who like our Facebook-page) - contact details - possible other data the data subject chooses to disclose to us | Management of contacts | Our legitimate interest - to manage contacts made to us NB! You have a right forbid us from processing your personal data. |
| Persons receiving our direct marketing mails | Direct marketing to those who wish to receive it | Consent |
| Persons visiting our website - IP address | Cookies | Consent (ePrivacy) |
5) REGULAR SOURCES OF INFORMATION
Data regarding the data subject are regularly gathered:
| Data subject: | Sources of information: |
|---|---|
| Customers and potential customers | - Customers - Affiliates |
| Affiliates and potential affiliates | - Affiliates - Public sources, as in websites, postal services, Trade Register, etc. |
| Jobseekers | - Jobseekers |
| Persons contacting us | - Persons contacting us |
| Social media contacts | - Social media |
| Persons visiting our website | - Cookies |
6) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
| Data subjects | Retention period |
|---|---|
| 6.1) Customers and potential customers | Necessary data shall be retained for as long as is necessary, taking into consideration our field of business. A customer shall always have a right to withdraw his/her consent concerning the use of his/her photographs and references on our website. |
| 6.2) Affiliates and potential affiliates | Necessary data shall be retained for as long as is necessary, taking into consideration the nature of the relationship. |
| 6.3) Jobseekers | Necessary data shall be retained for a period of twelve (12) months following the first contact made, if the jobseeker has not turned into our employee. |
| 6.4) Persons who contact us (not including social media) | Necessary data shall be retained for a period of three (3) years following the contact. |
| 6.5) Social media contacts | Necessary data shall be retained for as long as the data subject deletes his/her data. |
| 6.6) Persons receiving direct marketing through | Necessary data shall be retained for as long as the data subject wants to receive direct marketing. |
6.7) However, we may retain only the necessary data of the data subjects for longer than is described
above, where we are required to do so by law, it is necessary due to legal proceedings and it is
necessary for any similar reason. We shall be careful not to apply this Section in vain.
6.8) We inspect the necessity of the personal data stored regularly and keep records of the inspections.
7) CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The recipients of personal data may consist of:
- our affiliates
- data storage service providers
- accounting, legal and auditing service providers
8) INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA
We can transfer data outside the EU /EEA. When doing so, we ensure adequate safeguards for the data.
Such safeguards include e.g. model clauses, Privacy Shield and other such arrangements.
9) DATA SUBJECTS’ RIGHTS
The data subject has a right to use all of the below mentioned rights.
The contacts concerning the rights shall be submitted to the contact details stated in Section 2. The
rights of the data subject can be put into action only when the data subject has been satisfactorily
identified.
| Right | Description |
|---|---|
| 9.1) Right to inspect | The data subject has the right to inspect what, if any, data the controller has stored of her/him. |
| 9.2) Right to rectify and erasure | The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law. |
| 9.3) Right to restriction of processing | The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law. |
| 9.4) Right to data portability | The data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract. |
| 9.5) Right to object | Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing. Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law. |
| 9.6) Automated individual decision-making, including profiling | The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. |
| 9.7) Right to withdraw consent | Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent. |
10) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject
considers that the processing of personal data relating to him or her infringes the GDPR. The complaint
can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged
infringement.
11) COOKIES
Cookies are small text files that a website stores on your device when you browse that website. Cookies
store data of your website use.
Our websites use cookies to improve our website. Cookies used to improve websites are a common part
of all modern websites. Our websites use e.g. Google’s and Youtube’s cookies.
You can control and/or remove cookies freely at the individual browser level. Instructions can be found
for example in here: aboutcookies.org.
12) SECURITY OF PROCESSING
We us all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect
personal information from unauthorized or inappropriate access. We restrict access to information
about data subjects only to those personnel that need to know the information e.g. for responding to
inquiries or requests made by the data subject..
13) MODIFICATIONS
We have a unilateral right to modify this privacy notice. The modifications take effect immediately when
we post the up to date version of our privacy notice to our website.
