Infonet Privacy policy
This privacy policy applies to all online services of Infonet
Infonet is the processor and the Client is the controller of the data that are uploaded by the Client to the servers of Infonet, are created in the servers of Infonet upon the use of services or are uploaded to the servers by the users of the application(s) of the Client.
The grounds for the processing of the Clients’ data by Infonet consist of the consent of each Client for the processing of data, the necessity for processing of data in order to perform the Contract, as well as the legal obligations of Infonet.
This document is based on the requirements of GDPR (EU) 2016/679
Terms
Client – any natural or legal person that has entered into a contract for using the services of Infonet.
User – any natural person using the services of Infonet.
Infonet – Infonet DC OÜ, registry code #12501440, 8 Suurtüki, Tallinn 10412 Estonia. Questions regarding personal data processing can be addressed directly to the the address [email protected].
Personal Data – any information relating to a natural person.
Client Data – data relating to the Clients which are used by Infonet to provide services to the Clients, including but not limited to the Personal Data of Clients that are natural persons, representatives of Clients, Users, and other natural persons.
Data Processing – operations performed on Client Data, whether or not by automated means.
Controller – Infonet is the controller of Client Data.
Processor – a natural or legal person, public authority, agency or another body processing Personal Data on behalf of Infonet.
Data Protection Officer – the employee of Infonet who organizes supervision of the processing of Personal Data at the company.
Recipient – a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed
Third Party – a natural or legal person, public authority, agency or another body, except the Data Subject, Controller, Processor and the persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.
Contract – any contract (including the Central User Contract, Service Contract) between Infonet and the Client / Central User.
General principles
Infonet shall process Client Data in a manner that is lawful, fair and transparent.
Infonet shall process Client Data in a manner that is lawful, fair and transparent.
Infonet shall process Client Data in a manner that shall ensure their appropriate security, including protection of the data against any unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
Infonet shall process Client Data in a manner that shall ensure their appropriate security, including protection of the data against any unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
Infonet shall act with the aim of ensuring that the Personal Data that are inaccurate for the purpose of processing shall be deleted or rectified without delay.
Infonet shall act with the aim of ensuring that the information and notices related to Data Processing would be easily accessible, understandable and compiled using clear and plain language.
Specific nature of Client Data
Infonet may collect and process the following data in order to provide services to its Clients:
Identifiers of the Client and the Client’s representatives – name, date of birth, personal identification code, Commercial Registry code, number of the document used for the purpose of identification of the person, copy of the document;
Contact details of the Client and the Client’s representatives – e-mail addresses, telephone numbers, post addresses, usernames for cloud services;
Language preference of the Client and the Client’s representatives – the language of communication preferred by the person or his or her representative;
The data related to the devices of the Client and the Client’s representatives – the IP addresses of the devices, the IP addresses of the network gateway, cookies used for web browsers, and other data related to the devices;
Data on any communication between Infonet, the Client or the Client’s representatives – correspondence between the persons, messaging and audio recordings generated in the course of the customer service provided by Infonet;
Images of the Client or the Client’s representatives – footage of security cameras which may be recorded when a person visits the physical seat of Infonet;
Data on the payment behaviour of the Client – the data collected regarding a Client in the course of payment for the services;
Data on the customer satisfaction of the Client – the data collected in relation to the use of services and the customer satisfaction with these services;
The data set related to the Client – files, databases, logs, etc;
Any other data related to the Client.
Ways of collecting Client Data
Client Data may be collected in the following ways: upon filling in the order forms for services; upon the use of services; upon payment for services; by telephone, by e-mail; while visiting a physical location; while using cookies or other technologies that monitor the visitors of our websites; while providing feedback or in other ways.
Purpose of processing Client Data
Infonet processes Client Data in order to: enter into a Contract with the Client; provide the Client with an access to its services and products; maintain client relationships; enhance the user experience of the Clients; keep the Client Data up to date; settle accounts with the Client; send promotional notices or marketing information to the Client; organise satisfaction surveys; prepare market analyses and statistics; perform legal or contractual obligations; exercise its legal or contractual rights; for other reasonable purposes.
Infonet shall also process Client Data to ensure compliance with the laws and regulations applicable to us; to respond to inquiries in public law and inquiries from governmental authorities, including public bodies and governmental authorities located outside the country of residence/host country of the Client; or to protect the rights, privacy, security or property of Infonet and/or of any subdivisions of the company.
Infonet will transfer Client Data to Third Parties if it is necessary and proportionate for ensuring network and information security by public sector authorities, Computer Emergency Response Teams (CERT), Computer Security Incident Response Teams (CSIRT), providers of electronic communications networks and services, and providers of security technologies and services.
Obligations of Infonet
Infonet shall apply appropriate data protection principles and measures if these are proportionate to the Client Data Processing operations.
Infonet shall implement appropriate technical and organisational measures to ensure and to be able to evidence the processing of Client Data in compliance with applicable legal acts.
Infonet shall, both at the time of the determination of the means for processing and at the time of the processing of Client Data, implement appropriate technical and organisational measures which are necessary for effective implementation of data protection principles.
Rights of Infonet
Infonet will be entitled to process the Client Data during the client relationship as well as after the end of the client relationship. After the end of the client relationship, Infonet will be entitled to process the Client Data for 3 years or for a longer period of time if it is necessary in relation to a legal obligation (e.g. under accounting laws or laws regulating limitation periods or other private law), contract or legitimate interest.
Infonet will be entitled to engage processors in the processing of Client Data. Infonet shall engage the processors who provide a sufficient security that they shall implement appropriate technical and organisational measures in such manner that the processing of Client Data shall be in conformity to the requirements set out in the respective laws and that the protection of the rights of data subjects shall be ensured. We may disclose Client Data to the extent permitted by law to the following parties: the parent company, shareholders, subdivisions and subsidiaries of the company; third parties involved in the settlement of accounts with the Client; auditors or consultants; lawyers; entities maintaining registers (top-level domain registrars, network information registrars, etc); debt collectors; postal service providers; information technology maintenance providers and developers; providers of identification or abuse prevention services; other parties providing services to Infonet
Infonet may rectify, supplement and update the collected Client Data based on its internal and external sources.
Rights of Client
The Client has the right to receive information on whether Infonet is processing his or her data and which data are being processed.
The Client has the right to apply for a copy of the Client Data pertaining to him or her from Infonet.
The Client has the right to request rectification or deletion of the Client Data or limitation of the processing of the Client Data from Infonet, as necessary, or submit an objection to the processing of the Client Data. Infonet shall use its best efforts to accommodate the request.
The deletion of Client Data shall not be applied if: the data are necessary to perform a legal obligation which prescribes processing of the data; the data are necessary for compiling, filing or defending a legal or debt claim; the deletion of the data is not possible due to the nature of the technical solution or is not possible without an unreasonable effort.
Infonet has the right to charge a reasonable fee for processing the Client’s request if it is permitted or if the Client’s inquiry is excessive in the opinion of Infonet.
Location of Data Processing
Client Data shall be stored, both in electronic as well as physical form, at our company and with Third Parties. As a rule, Infonet shall process Client Data within the European Union / European Economic Area.
Infonet may transfer Client Data to outside the European Union / European Economic Area, if there are legal grounds for it, e.g. performance of a legal obligation or the Client’s consent, and if appropriate protective measures are implemented: there is a contract containing the standard clauses conforming to the General Data Protection Regulation, approved codes of conduct, certifications, etc; there is a sufficient level of data protection in place in the state of location of the Recipient in accordance with the decision of the European Commission; or the Recipient has been certified under the data protection framework Privacy Shield.