Welcome to kaikkityopaikat.fi, our online jobs directory, CV template shop and CV drafting services located at www.kaikkityopaikat.fi (our “website”). At Kotamai OÜ, we respect your privacy and are committed to being transparent about what data we collect when you visit and use our website and/or our services and how it is used.
GENERAL INFORMATION
a) What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.
b) What is processing?
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
c) What law applies?
In principle, we will only use your Personal Data in accordance with the applicable data protection laws, in particular Estonia’s Personal Data Protection Act (“PDPA”) and the EU’s General Data Protection Regulation (“GDPR”).
d) Who is responsible for data processing?
A “data controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In this sense, Kotamai OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551 (“Kotamai OÜ”, “we”, “us”, “our”) is the data controller. If you have any questions about data protection at Kotamai OÜ in general, you can reach us by email using our Contact Form.
e) What are the legal bases of processing?
We only process your Personal Data if we at least one of the following applies:
- you have given your consent,
- the data is necessary for the fulfilment of a contract / pre-contractual measures,
- the data is necessary for the fulfilment of a legal obligation or
- the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
DATA WE COLLECT AUTOMATICALLY
a) Log data
For the continued operation and security of our services we record basic logs and event records until such time as they are no longer needed. These logs may contain a) Username, b) IP address, c) The clients servers IP, d) Timestamps and e) the referral URL. In this it is technically possible that an IP address can be combined with external data and to identify an individual using the services during a specific usage period. As such we treat all log data and specific event log data whether it is from end user requests or automated requests, as Personal Data. The legal basis is the provision of a contractual service.
b) Hosting
To provide our website, we use the services of Bluehost (Newfold Digital Inc) who process all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.
c) Content Management System and eCommerce System
We use the open source Content Management System (CMS) of WordPress.Org and the eCommerce system of WooCommerce by Automattic to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us are transferred to Bluehost and that your contact and contract data and your usage data are stored on WooCommerce’s servers. The legal basis for this processing is our legitimate interest.
d) Fonts
We use Google Fonts by Google on our website to display external fonts. To enable the display of certain fonts on our website, a connection to a Google server is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted. This represents a legitimate interest.
e) Economic analyses and market research
For business reasons, we analyse the data we have on web and server traffic patterns, website interactions, browsing behaviour etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarised and or anonymised values. For this purpose we use Google Analytics from Google. The legal basis is our legitimate interest and your consent. For further information on our use of analytics, please refer to our Cookie Policy.
f) Cookies
For the processing of personal data using cookies and similar technologies on our website, please refer to our Cookie Policy. The legal basis for the use of cookies is our legitimate interest or your consent when you agree to the use of technically non-essential cookies as further explained in our cookie policy.
g) Cookie consent
As set out in Estonia’s Electronic Communications Act (“ECA”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of technically non-essential cookies. For this purpose, we use a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us via our cookie consent tool: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.
Data we collect directly
a) General
We may ask you for Personal Data when you:
- use our directory and services,
- request services, support, or information,
- participate online or otherwise in marketing and advertising activities,
- subscribe to Kotamai OÜ`s marketing and promotional emails or other materials,
- interact with us on third-party social networking sites (subject to the terms of use and privacy policies of said third parties), or
- contact us.
In order to provide you with a more consistent and personalised user experience in your interactions with Kotamai OÜ, data collected through one source may also be linked to other data collected by Kotamai OÜ through other sources. This may include data that helps us identify you when you access our website through several different devices.
a) Personal Data that you give us
This is information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), or when you register for a user account or use our services, or correspond with us. It may include, for example, your name, address, email address and telephone number; information about your business relationship with us; and information about your requirements, background and interests.
We also process the Personal Data involved in your use of our services (your contact information such as full name, email, postal address and phone number and the data related to your use of our services and the contract between us) in order to be able to provide our contractual services. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations..
b) Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as organisation of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
c) Payment Data
If you make payment, your payment data will be processed via our payment service provider Stripe. PayPal, MobilePay through our website. Payment data will solely be processed through the by you chosen payment service provider and their associated payment methods and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.
d) Aggregated Data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose including improving our website and services. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.
e) Promotional use of your data
We use your data (email address) within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. The legal basis for processing is our legitimate interest.
f) Newsletter and Job Alerts
If you register for our newsletter and job alerts, we use your email address to send you our email newsletter on a regular basis on the basis of your consent. Unsubscribing from the newsletter is possible at any time and can be done via the unsubscribe link provided in each newsletter. After unsubscribing, we will delete your email address unless you have expressly consented to further use of your data. The processing bases are your consent and our legitimate interest.
g) Social Media
We have a presence on social media based on our legitimate interests. If you contact or interact with us via social media websites, we and the respective social media website are jointly responsible for the processing of your data and enter into a so-called joint-controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contractual performance, if any.
MARKETING
Insofar as you have given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving marketing communication based on your interactions or contractual relationship with us.
Our Marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.
PRINCIPLES OF PROCESSING PERSONAL DATA
a) Storage and Retention
We will retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, and in accordance with Estonia`s retention periods for up to 8 years.
b) Security
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through this website.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
c) Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is i) necessary for the performance of our services, ii) you have consented to the disclosure, iii) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings; or proceedings at home or abroad or to fulfil our legitimate interests.
d) International Transfer
In the course of our website operation, we process data. We usually do not transfer Personal Data to countries outside Estonia and the EEA. However, if we do, we will make sure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses for a high level of data protection.
- What we do not do
- We do not request Personal Data from minors and children;
- We do not use Automated decision-making including profiling; and
- We do not sell your Personal Data.
YOUR RIGHTS AND PRIVILEGES
a) Your rights
You can exercise the following rights:
- Right to information
- Right to rectification
- Right to object to processing
- Right to deletion
- Right to data portability
- Right to withdraw consent
- Right to complain to a supervisory authority
- Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
b) Updating your information and withdrawing your consent
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object (including withdrawing of consents you have given us) to its processing, please do so in your account or by contacting us.
c) Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
d) Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in Estonia is: Data Protection Inspectorate,
Tatari 39, Tallinn 10134, Estonia, www.aki.ee. However, we would appreciate the opportunity to address your concerns before you contact the Data Protection Inspectorate or any other supervisory authority.
HELP AND COMPLAINTS
If you have any questions about this policy or the information we hold about you, please contact us using our Contact Form.
CHANGES
The first version of this policy was issued on Tuesday, 10th of September, 2024 and is the current version. Any prior versions are invalid and if we make changes to this policy, we will revise the effective date.