Last update: 15.06.2021
Hansab is providing different complete technology solutions to its clients to make their businesses more effective and secure, their employees’ everyday life more comfortable, and lift their customer experience to a new level.
This Policy describes the data that Hansab gathers on or through the Services, how the data is used and protected.
By visiting the Website, or by purchasing goods from online store or using the Services, the Client accept the privacy practices described in this Policy.
- „Client“ means a natural or legal person shopping at the online store or a natural or legal person who has requested any other Services from Hansab.
- „Controller“ means the natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
- „GDPR“ means regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- „Hansab” means any Hansab Group entity (such as Hansab Group OÜ, Hansab AS, Hansab SIA, Hansab UAB, Hansab Oy, Ellore OÜ, Hansab IT Solutions OÜ).
If the Personal Data Processing is related with online store, the term „Hansab” shall mean Hansab Group OÜ, established and existing under the laws of Estonia, registry code 11148680 , located at Keevise tn 11, Tallinn 11415, Estonia.
- „Personal Data“ means any information relating to the Client or the Representative.
- „Processing“ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, restriction, erasure or destruction.
- „Processor“ means a natural or legal person which Processes Personal Data on behalf of the Controller.
- „Representative“ means an employee, or representative of a Client who is using Hansab Services on behalf of and under the authorization of the Client.
- „Services“ means any services provided by Hansab, incl. online store at the Website.
- “Website” means Hansab homepage at https://www.hansab.com/.
2. Policy Applicability
This Policy applies to Personal Data Processing where Hansab acts as a Controller. Any Personal Data Processing conducted on behalf of the Client and under the instructions of the Client is subject to data processing agreement.
3. Personal Data
Considering the variety of the Services, Hansab collects different categories of Personal Data from or through its Services. Hansab Processes the following categories of Personal Data:
- Client-provided Personal Data. Client is required to provide different categories of Personal Data, when the Client is using the Services, incl. when the Client is placing an order at the online store or asking for customer support. For example, Hansab may collect Client name, e-mail address, mailing address, delivery address, mobile phone number, and credit card or other billing information and information related to the purchased goods and services or complaints. If the Client is a legal person, then the Client may be required to submit Personal Data related to its Representatives, such as name, contact details, etc.
- Automatically Collected Personal Data. Hansab may collect some information about the Client’s/Representative’s use of the Services or Website automatically. In general, such information may include data regarding the device which is used for visiting the Website or using the Services (such as the device’s model, name or any other identifier and the IP address), Client’s/Representative’s preferences at the Website or data about Client’s/Representative’s interaction at Website.
4. Personal Data Sources
Majority of Client’s Personal Data Processed by Hansab is collected directly from the Client. Personal Data related to the Representatives can be collected directly from the Representative or from the Client the Representative is representing.
Any information collected from other sources than the data subject himself, shall be combined with the information collected directly from the data subject and shall be treated as Personal Data in accordance with this Policy.
5. PURPOSES OF THE PROCESSING
Personal Data collected by Hansab is Processed for the purposes established in the law or as described herein, including but limited for the following purposes:
- Contractual Purpose – Hansab needs to Process Client’s/Representative’s Personal Data in order to enter into an agreement with the Client, to deliver the ordered goods and/or provide Service to the Client, to process the payment, to provide a quotation, to provide repair and maintenance work, and to handle Client’s complaints.
- Analytical Purpose – Hansab needs to Process Client’s Personal Data in order to manage, analyse and improve the Service and Website.
- Marketing Purpose - Hansab needs to Process Client’s Personal Data in order to send relevant promotional information to the Client about Hansab services, if the Client has granted an explicit consent to use his/her Personal Data for this purpose.
- Personalization Purpose – Hansab needs to Process Client’s Personal Data in order to personalize the Service and the content provided to the Client.
- Communication Purpose – to contact the Client for administrative purposes such as customer service, address technical or legal issues related to the Service provided, or share updates and notifications about the Service.
- Debt handling Purpose – in the event the Client refuses to pay for the Services or is in delay with the payment, Hansab may Process the Personal Data for the handling debt claims (incl. transfer the Personal Data to debt collection service provider).
Client and/or Representative is not subject to statutory obligation which obligates Client and/or Representative to provide Personal Data described herein to Hansab. The collection of certain Personal Data referred herein may be necessary for the provision of Services to the Client. Failure to provide data may result in adverse consequences, such as, Hansab’s inability to provide the Services.
6. AUTOMATED DECISION MAKING
Hansab does not Process any of Client’s/Representative’s Personal Data for automated decision making or profiling.
7. LEGAL GROUNDS FOR PROCESSING
Hansab is relying on the following legal grounds when Processing Client’s Personal Data:
- Processing is necessary for the performance or entry into a contract (GDPR article 6 (1) (b)).
- Processing is necessary for compliance with a legal obligation to which Hansab is subject (GDPR article 6 (1) (c)).
- Processing is necessary for the purposes of the legitimate interests pursued by Hansab (GDPR article 6 (1) (f)). Hansab is Processing Personal Data for Analytical, Personalization Purpose and Debt handling Purpose under its legitimate interest.
- Client has granted a consent to the Processing of his/her Personal Data (GDPR article 6 (1) (a)). Hansab is Processing Personal Data for Marketing Purpose under Client’s consent.
8. Transfer of the Personal Data
Hansab may transfer Personal Data to third parties, such as:
- legal and regulatory authorities whom Hansab is obligated to disclose Client’s Personal Data under the law;
- server hosts who host Hansab’s servers;
- communication service providers who facilitate e-mails, calls, SMS messages and other communication between Hansab and the Client/Representative;
- customer support and customer management service providers;
- marketing service provider;
- Hansab’s affiliate. i.e. any company that directly or indirectly controls Hansab; any company that is directly or indirectly controlled by Hansab; or any company that is controlled, directly or indirectly, by the ultimate parent company of Hansab. Control shall mean owning more than fifty percent of the voting rights in a company or otherwise having the power to govern the financial and the operating policies or to appoint the management of a company;
- Debt handling service providers;
- Courier service provider;
- Warranty repair service provider;
- other third parties involved with the provision of Hansab’s Services (accountants, auditors, lawyers, IT systems suppliers and support, or any other outsourcing providers).
Hansab has taken steps to ensure that these data recipients protect the confidentiality and security of Personal Data, and to ensure that Personal Data is Processed only for the provision of Services and in compliance with applicable law.
Such third parties may be located in countries outside of the European Economic Area ("EEA") whose privacy regulations may differ, and which are not subject to adequacy decisions of the European Commission. In those countries the security of the Personal Data (inc. protection against misuse, unauthorized access, disclosure, alteration or destruction) may not be ensured as it is secured in the European Union, due to the lack of adequate data protection level.
When transferring collected Personal Data outside of the EEA, Hansab shall ensure the application of the appropriate safeguards.
Hansab will take appropriate legal, organisational, and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied in order to protect Personal Data from involuntary or unauthorized Processing, disclosure or destruction.
Upon transferring Personal Data to third parties, Hansab will apply the following safeguards:
- Hansab makes sure that such third party undertakes to implement appropriate technical and organizational measures ensuring the Processing of Personal Data in accordance with this Policy and applicable law;
- Hansab makes sure that (a) the third party is established in a jurisdiction which the European Commission has recognized as ensuring an adequate level of personal data protection, or (b) the Processing of Personal Data is subject to other appropriate safeguards stipulated in the GDPR.
10. Integrity and retention of the Personal Data
Hansab will retain Personal Data for the period required or permitted by applicable law, but no longer than it is reasonably necessary in order to achieve the purposes for which the Personal Data was collected.
Hansab takes reasonable steps to ensure that the Personal Data we Process is reliable for its intended use, accurate, and complete as necessary to carry out the purposes described herein.
11. Rights in regarding to the collection of Personal Data
Client/Representative has the following rights in relation to the Processing of his/her Personal Data:
- Request information – Hansab has provided all information related to the Personal Data Processing in this Policy. The valid version of the Policy is available in Hansab’s website at any time.
- Right to access – Client/Representative has the right to ask Hansab to provide a copy of his/her Personal Data which Hansab Process.
- Right to Rectification – Client/Representative has the right to ask Hansab to rectify Personal Data in case the data is incorrect or incomplete.
- Right to Erasure – Client/Representative has the right to ask Hansab to erase Personal Data, unless Hansab is obliged to continue Processing the Personal Data under law or under a contract between the Client and Hansab, or in case Hansab has other lawful grounds for the continued Processing of Personal Data.
- Right to Restriction – Client/Representative has the right to ask Hansab to restrict the Processing of his/her Personal Data in case the data is incorrect or incomplete or in case his/her Personal Data is Processed unlawfully.
- Right to Data Portability – Client/Representative has the right to ask Hansab to provide the Client/Representative or, in case it is technically feasible, a third party, his/her Personal Data, which the Client/Representative has provided to Hansab and which is Processed in accordance with consent or a contract between the Client and Hansab.
- Right to Object – Client/Representative has the right to object to Processing his/her Personal Data in case there is a reason to believe that Hansab has no lawful grounds for Processing the Personal Data.
- Right to withdraw Consent for the Processing of Personal Data – Client is entitled to withdraw the consent granted for the Processing of Personal Data et any time. Withdrawal does not affect the lawfulness of the Processing conducted before the withdrawal.
- Right to File Complaints – Client/Representative has the right to file complaints regarding Processing of his/her Personal Data.
In order to exercise any rights referred herein the Client/Representative is required to submit a written application to Hansab (Hansab’s contact details can be find under Section 13). Hansab has the right to decline this application by justifying the reasons for the refusal.
According to the article 12(3) of GDPR, Hansab is obligated to respond to the application within 1 month. However, Hansab will make its best efforts to respond to any request within 1 week.
12. Right to amend this Policy
Hansab is entitled to unilaterally amend this Policy from time to time. Upon amending the Policy, Hansab will notify the Client/Representative about the terms by e-mail.
13. Contact Information
Should the Client/Representative have any questions regarding this Policy or Processing of Personal Data, they are welcome to contact Hansab with requests, inquiries or any complaints via email: email@example.com
In case the Client/Representative has complaints regarding the Processing of his Personal Data, the Client/Representative may file a complaint with the relevant data protection authority.