- explains what personal data we collect about you;
- explains the bases and purposes for which we process your personal data;
- helps you understand what your rights are in relation to your personal data
I Our role in protecting your privacy
When processing personal data, we comply with the laws of Estonia and the European Union. We use the data for the purpose for which we collected it and to the extent necessary to fulfill this purpose. When the purpose is fulfilled, we delete or anonymize personal data.
This privacy notice provides information and instructions when you use-visit the Hobihoid website. The privacy notice does not reflect the data processing of the websites of other companies or the services they offer.
You always have the opportunity to contact us by writing to email@example.com.
II When and how do we receive or collect your personal data?
Ipersonal data (hereinafter also data) is data specifically or indirectly associated with you as a private person. The composition of personal data processed depends on which specific services you use or, for example, which consents you give us for data processing. When collecting data, we take into account the principle of minimality, that is, we only collect the data necessary to achieve the goal.
We receive personal data directly from you or it is collected automatically and mainly in the following ways:
- When you browse our website;
- If you become our customer, order a product or service from us, use our service;
- If you subscribe to the newsletter;
- When we communicate by email, telephone or otherwise;
- If you consent to receive marketing offers;
- If you submit an information request or claim;
- Sometimes we may also receive personal data from other sources (e.g. from other companies or public registers such as the population register, business register, etc.) if it is necessary to conclude a contract, perform it or fulfill a legal obligation. In addition, such data processing may also be based on your consent.
III What data do we collect and process about you?
We collect and process the following data about you (main examples presented, the list is not complete):
- Contact information: name, address, phone number, email address…
- Details of contracts and other documents concluded with you…
- Data that identifies you: IP address, browser type and version, time zone setting, operating system and version…
- Data about website usage: URL clickstreams (path through our site), products/services viewed, page response times, how long you stay on our page…
- But what about really sensitive data?
We do not collect sensitive or special types of personal data unless you disclose them to us yourself or you give specific consent for this purpose. Special types of personal data are racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data used to uniquely identify a natural person, health data, or data about a natural person’s sex life and sexual orientation.
IV On what grounds and for what purposes do we process your personal data?
Any processing of personal data must be justified and legal. Personal data may be processed on various legal grounds: fulfillment of a legal obligation, performance of a contract, legitimate interest of the company, your consent. Personal data may also be processed for different purposes.
In the following, we outline the legal bases and purposes for which we process your data (main examples presented, the list is not complete):
- Marketing activities (with consent): sending a newsletter, sending marketing offers.
Legal basis: Your consent
- Improving the product/service/website: testing functions, asking for feedback, managing landing pages, optimizing website traffic, analyzing data, statistics, creating customer profiles, etc.
Legal basis: Legitimate interest
- For the provision of your product/service: activities related to the conclusion of the contract and the provision of the product/service.
Legal basis: Fulfillment of the contract
- For customer support/customer communication: notification of possible changes; respond to questions, inquiries or claims; communication by phone or e-mail.
Legal basis: Fulfillment of the contract
- To fulfill the obligation arising from the law:
Said legal grounds mean the following:
You have given us your express consent to process your personal data for a specific purpose. You can always change your mind about this and withdraw your consent at any time. If you have given your consent to data processing and wish to withdraw it, you can do so by sending an e-mail to firstname.lastname@example.org or on the cookie settings page. The application or withdrawal of consent is not retroactive.
When sending marketing letters or newsletters, there is usually a link in the footer of the e-mail, which allows you to conveniently remove yourself from the list of recipients.
If you withdraw your consent and if we have no other legal basis for processing your personal data, we will stop processing your personal data. If we have another legal basis for data processing, we may continue to do so for the relevant purpose.
The processing of your data is necessary for our legitimate interests or the legitimate interests of a third party, provided that your rights and interests do not outweigh these interests. The following can be considered as such our legitimate interest:
- receive information about customer behavior on our website or app;
- developing and improving our services;
- determining the effectiveness of marketing campaigns;
- marketing activity as consent is not mandatory (by telephone);
- ensuring data security;
- problem solving (including proactive).
You can always contact us and ask for clarifications or object to opting out of data processing for any of the above purposes. It is always possible to object to processing for marketing purposes on the basis of legitimate interest. In other cases, the processing can be contested if your interests clearly outweigh the interests of our company.
Fulfillment the contract
The processing of personal data for the fulfillment of the contract is necessary in order to be able to fulfill the contract concluded with you or to perform the necessary actions before concluding the contract.
Fulfilling the obligations arising from the law includes the kind of data processing that we are obliged to do because we are required to do so by law. If data processing is necessary to fulfill a legal obligation, we cannot decide on the processing of such personal data and neither can you.
V How long do we keep your personal data?
We retain your personal data for the period necessary to fulfill the purposes necessary for the processing or until the law prescribes it. It should be taken into account that in certain cases exceptions to the normal erasure deadlines also apply, for example if there are debts or if there is an ongoing legal dispute. The storage of anonymous data is also not subject to these rules, as in this case it is no longer personal data.
Retention period, after which the personal data in our possession will be deleted or anonymized, and provided that there are no circumstances that preclude this (this is not a complete list, and you can get more detailed information by contacting us):
- Customer data (activities/information related to the customer) – For the entire time of being a customer and two years after the termination of the customer relationship or as agreed in the contract;
- Accounting data (including contracts on their termination) – after 7 years
- The storage time of cookies is 365 days – or if you delete them from your browser earlier.
VI Where are personal data processed and how is their security ensured?
We process and store your personal data in Estonia, the European Union or the Economic Area of the European Union. In certain cases, your data may also be processed outside Estonia, the European Union or the EU Economic Area.
Keep in mind:
- Always think before revealing your personal data to someone or entering it somewhere, whether you are aware of who the recipient of this data is and how securely it is kept.
- Transmission of personal data is the responsibility of each individual: unfortunately, no data transmission is guaranteed to be 100% secure.
- Always keep your username, PIN codes, passwords, etc. sensitive information to yourself.
- If you suspect that your personal data has been breached or there is a risk that your data has been leaked to strangers, be sure to report it as soon as possible.
VII Third parties who may process your personal data
Nowadays, it is common to use third parties to help the company simplify its operations and/or provide a better service (for example, to host the application, communicate with customers, collect statistics, etc.). Therefore, cooperation is carried out with third parties, with whom it is sometimes necessary to share personal data.
Below is the main third party information we use:
- Statistics/Analytics – Google Analytics (Privacy Notice)
- Marketing Activity – Facebook (Privacy Notice)
- Newsletters – ConvertKit (Privacy Notice)
VIII What are your rights regarding your personal data and how can you exercise your rights?
- The right to access your data
You have the right to consult your personal data that we use at any time. You also have the right to receive information about the purposes of data processing and retention periods. For this, it is necessary to submit a corresponding application to us. We reserve the right to respond to such requests within 30 days.
- The right to have your personal data corrected or deleted (right to be forgotten)
If you have discovered incorrect data while checking your data or your personal data has changed, you can always ask to change them by contacting us.
In certain cases, you have the right to have your personal data deleted. This is primarily with regard to data processing based on consent and legitimate interest. This includes, for example, marketing profiles and the like. However, it is often not possible to completely delete personal data, because we also use the data for other purposes, in connection with which data deletion is not allowed ahead of time either due to the contract or the law.
- The right to object or restrict data processing concerning you
You have the right to object at any time to the processing of personal data concerning you, which we carry out on the basis of legitimate interest. When submitting an objection, we consider the legal interests and, if possible, stop the data processing in question.
In certain cases, you have the possibility to restrict the processing of personal data by notifying us in writing. Such a right can be used only in cases provided by law.
- Right to data portability
The right to data portability gives you additional control over your personal data. This means, with respect to certain data, the right to receive them in a machine-readable form or to have them directly transmitted to another company/person (provided that the recipient has the opportunity to receive the data in this form as well). Please note that we cannot guarantee and are not responsible for whether the recipient is able to receive this personal data. This right can be used in cases provided by law.
- The right to appeal to Us or a supervisory authority or a court
If you want additional information about the use of your personal data, you want to file a claim or exercise your rights, you always have the opportunity to contact us by writing to email@example.com.
You always have the right to contact the Data Protection Inspectorate or the court to protect your privacy rights and data. The Data Protection Inspectorate is a national institution that can be contacted for consultation or assistance on personal data protection issues.
- The right to change your cookie settings
Yóu can always go to Cookie Settings page to change your settings. And you can delete all browser data at any time you wish to!