GetID WEBSITE PRIVACY POLICY

Last update on 02.09.2019

This Privacy Policy (“Policy”) applies to the GetID Website and explains how GetID processes (e.g. collects, uses, stores, shares) and protects the personal data of Users, which is collected by us through the Website or by any other means of communication, if such option has been made available. 

Any terms used capitalised but not defined herein should be understood as defined in the GetID Website Terms of Use. Any terms not defined herein or in the GetID Website Terms of Use should be understood as defined in the EU General Data Protection Regulation (“GDPR”). 

We have the right to update or amend this Policy at any time. Should there be any amendments to the data processing purposes or any other material changes to this Policy, we will let you know via the Website or by using the contact details you have provided us.

This Policy applies only to the personal data collected though the Website and not the GetID Services. The GetID Services are subject to different policies. 

  1. INFORMATION ON DATA CONTROLLER
    1. While using our Website or communicating with us via our Website or any other means, if such possibilities are available, the controller of your personal data is GetID OÜ (registration number 14700267, address Maakri 19/1, 30th floor, 10145 Tallinn, Estonia), an Estonian limited liability company.
    2. If you have any questions or concerns regarding the processing of your personal data, you can contact our Data Protection Officer at dpo@getid.ee.   
  2. PERSONAL DATA PROCESSING
    1. We collect your personal data in the following ways and for the following purposes: 
      1. personal data you provide in the contact form available on the website (name, name of company, e-mail address, phone number, content of your message). We receive only the data you have chosen to provide us and use it to reply to your message regarding the GetID Services. The compulsory fields of data are marked with an asterisk (*). The other fields are useful if you want to provide us more data to provide a better reply to your message or use other means of contact (phone). We assume that you are a representative of a legal person interested in the GetID Services and have provided us your professional contact details. We also assume that the content of your message is related to the GetID Services. We ask you not provide us any personal data not requested on the form and especially no personal data belonging to the special categories of personal data;
      2. data we collect automatically when you visit our Website (cookies, browser data, etc.). Please see our Cookie Policy for further information about cookies we use. 
  3. LEGAL BASES FOR USE OF YOUR PERSONAL DATA
    1. We process your personal data under your consent (GDPR art 6(1)(a)) which you give to us when providing the data. We only process such personal data you have voluntarily chosen to provide us on the contact form or later for the purpose of replying to your message regarding the GetID Services and communicating with you regarding the GetID Services.
    2. We will also ask for your consent to allow us to send you further marketing messages and materials.  
    3. You have the right to withdraw your consent at any time by contacting us on the contact details above or, in case of marketing messages and materials, by clicking on the “unsubscribe” button at the end of each such message. This, however, will not affect the lawfulness of processing based on your consent before its withdrawal. 
  4. PARTIES WE MAY SHARE YOUR PERSONAL DATA WITH
    1. Your personal data is shared with our employees, service providers and third parties on a strict need-to-know basis. 
    2. We may use service providers (data processors) in processing your personal data. Such service providers include IT service providers. In such case, we have verified the trustworthiness of the service providers and concluded data processing agreements with them to ensure the protection of your personal data. In any case, we remain responsible for your personal data. Please contact us for a detailed list of all data processors used.
    3. We disclose your personal data to third parties only with your prior consent. However, we may disclose your personal data to third parties if we are legally obligated to do so (e.g. to supervisory authorities) or if it is in our legitimate interests (e.g. to our accountants, legal advisors, and auditors for them to fulfil their obligations before us). In each case, we make sure to disclose only the minimum amount of personal data possible and, whenever possible, ensure the third party is bound by a duty of confidentiality. If we consider disclosing personal data based on our legitimate interests, we will only do so if we are convinced that such legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data. You have the right to ask for more information regarding such balancing test. You have at any time the right to object to the processing of your personal data based on legitimate interests. 
  5. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA
    1. We normally process your personal data in the European Economic Area (EEA).
    2. However, our service providers or third parties to whom we disclose personal data may process your personal data also outside the EEA. In such case, we have ensured that your data is processed either in countries where the European Commission has considered the level of data protection to be sufficient (the list of countries recognised by European Commission as proving an adequate level of personal data protection is available here) or that other appropriate safeguards have been applied. Please contact us for more details regarding the basis for processing your personal data outside the EEA. 
  6. RETENTION OF YOUR PERSONAL DATA
    1. We only retain your personal data as long it is necessary for the purpose it was collected for or, in case there is a risk of any potential claims towards us, for as long as all opportunities to submit such claims have been exhausted and all claims have expired. This is in our legitimate interests necessary for us to be able to protect ourselves.
    2. Normally, if our communication does not lead to a contract between us and the legal entity you are representing, we delete your personal data after 5 years of collection. 
    3. In case our communication leads to a contract between us and the legal entity you are representing, we may retain your personal data together with the documents of the contract.
  7. YOUR RIGHTS
    1. You have all the rights of a data subject under the GDPR, including: 
      1. right to request access to your personal data;
      2. right to request correction of your personal data
      3. right to request the erasure of your personal data;
      4. right to submit an objection to an action of personal data processing, where the processing of personal data is performed on legitimate interest grounds;
      5. right to restrict processing of personal data;
      6. right to data portability;
      7. right to lodge a complaint with the data protection authority in Estonia or the Member State of your habitual residence or place of work. 
    2. Please note that not all rights of the data subject are absolute, and we will process them in accordance with the limitations set in the GDPR. 
    3. To exercise any of the rights listed above, you can contact us on the contact details above. 
Menu