The following information applies to the web pages of birkle IT Estonia OÜ, Mäealuse 2/3
12618 Tallinn, Estonia. This is the controller as defined by data protection laws.
1. Content and scope
We take the protection of your personal data very seriously. With this privacy notice, we inform you which personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this privacy notice.
2. Responsible authority
birkle IT Estonia OÜ
12618 Tallinn, Estonia
3. Visiting our website
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device. Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device.
We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems. The data will also be used to correct errors on the website.
For these purposes the following data will be logged:
• IP address of the calling computer
• Operating system of the calling computer
• Browser version of the calling computer
• Name of the retrieved file
• Date and time of retrieval
• Transferred amount of data
• Referring URL
This data will be deleted after 7 days. Our website is hosted by a service provider based on data processing in accordance with Art. 28 GDPR.
The legal basis for this data processing is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
4. Contact and customer database
If you contact us to request information or an offer, the information you provide will be stored for the purpose of processing your request. We need the information requested in the contact form on the website in order to process your enquiry, address you correctly and send you an answer.
The CRM system is regularly checked to see whether data can be deleted. If data in the context of a customer or prospective customer relationship is no longer necessary or an opposing interest of the customer outweighs, we will delete the relevant data, unless there are any legal storage obligations.
The legal basis for this storage and processing is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the maintenance of communication with our customers, interested parties and suppliers, the maintenance of our customer relationships and the implementation of direct marketing measures. If the purpose of establishing contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 b) GDPR.
5. Service provision (customers and suppliers)
We process the data of our customers and suppliers or service providers within the framework of the service provision of the respective contractual services. This may involve the processing of inventory data (e.g. name and first name of the contact person(s), address), contact data (e.g. e-mail address, telephone number), contract data (e.g. subject of contract, duration), payment data and data collected within the framework of the service provision and/or required for the service provision.
The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 b) GDPR.
On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website (e.g. to enable the storage of your shopping basket contents). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. Session cookies are automatically deleted after leaving our website.
In addition, we use temporary cookies which we store on your terminal for a certain period of time (so-called first party cookies). If you visit our site again, it will automatically be recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.
You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the operation, analysis and optimization of our website and our customer interactions.
7. Google Analytics
We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google Analytics sets cookies. Data is also transferred to the USA. As part of IP anonymization, the IP address collected by Google from users of our website within the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases is the unabridged IP address transmitted to Google in the USA and abbreviated there. The IP addresses transmitted are not combined with other data from Google.
When Google Analytics is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are suitable guarantees for data transmission in accordance with Art. 46 GDPR.
The legal basis for this data processing when using web analytics is Art. 6 para. 1 f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
8. Google Maps
We use the Google Maps (API) service of Google Ireland Limited on our website. Google Maps enables the display of interactive maps. When you visit subpages of the website on which Google Maps is used, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers in the United States.
When Google Maps is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are suitable guarantees for the data transfer in accordance with Art. 46 GDPR.
The legal basis for this data processing when using web analytics is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
9. Google Adwords
The legal basis for the integration and use of Google Adwords is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.
10. Social Media-Buttons
On our website a social media button of the social media network Twitter is integrated.
If you click on this social media button, you will be redirected to our page at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media networks, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.
The legal basis for the integration and use of social media buttons is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.
11. Social Media-Pages (“Fanpages”)
We maintain a publicly accessible profile on the social media networks Twitter, Xing, Instagram, LinkedIn and Facebook (“Social Media Pages” or “Fan Pages”).
If you visit one of our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network sites and on other sites.
We will be happy to provide you with information on suitable guarantees for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.
You can assert your rights of data subjects in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 Para. 1 f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.
We use font libraries on this website in order to present the contents of our website in a correct and graphically appealing manner across all browsers. Calling up font libraries automatically triggers a connection to the library operator. The operator receives the information that the font required for our website has been called up from your IP address.
You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).
Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for the data transfer in accordance with Art. 46 GDPR.
Legal basis for this data processing Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the optimization and economic operation of our website and our customer interactions taking place via it.
We collect and process personal data of applicants for the purpose of processing the application process in the Teamtailor Applicant Tracking System to manage recruiting activities. The lawfulness of the processing of personal data is our legitimate interest to simplify and facilitate recruitment.
Personal data is collected directly from a candidate, through the activities performed and systems used by the candidate and from external sources such as public and private registers or other third parties. Personal data categories:
* Identification data such as name, contact details such as an address, telephone number, email address, the language of communication.
* Data about relationships with legal entities, such as data submitted by the candidate or obtained from public databases or third-party service providers, such as Facebook, Linkedin, Xing, or other public sources.
* Professional data such as education, professional career, and duration, job title, licenses, training certificates.
* Communication and device data such as the data contained in messages, emails, visual images, video and/or audio recordings, as well as other conversations and interactions, collected when the candidate participates in a job interview, from candidate’s application and/or activities in birkle IT communication tools.
* Demographic data such as country of residence, citizenship.
We prioritize personal integrity and therefore work actively to ensure that personal data is processed with utmost care. We take the measures that can be reasonably expected to make sure that the personal data is processed safely and in accordance with the law. However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that applicants also take responsibility to ensure that their data is protected. It is the responsibility of the applicant that their login information is kept secret.
If we conclude an employment contract with an applicant, the transmitted data will be processed for the purpose of carrying out the employment relationship in compliance with the statutory provisions.
If no employment contract is concluded with the applicant, the application documents will be stored for three additional years after the recruitment process to record your recruiting activity with us and be able to inform you of new relevant vacancies within that timeframe.
After the legal maximum storing period, all application documents will be deleted, provided that deletion does not conflict with any overriding legitimate interest, such as the defense of claims or a function to preserve evidence in accordance with the General Equal Treatment Act. To prolong the storing period birkle IT will ask for your consent.
The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 b) GDPR.
14. Age restriction
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal data from or about anyone under the age of 16.
15. Receiver of data
Within our company, those internal departments or organizational units receive your data which they need to fulfil their tasks, to fulfil contracts with you if necessary, for data processing with your consent or to safeguard our overriding legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 Para. 1 b) GDPR or to safeguard our overriding legitimate interest pursuant to Art. 6 Para. 1 f) GDPR in the effective performance of our business operations.
If we use service providers or third-party providers in the provision of the website and/or our services, we will take appropriate legal precautions and take appropriate technical and organizational measures to ensure the protection of your personal data.
If we use content or tools from service providers or third parties in the provision of the Website and/or our services and their registered office is in a third country, data will be transferred to a third country on a regular basis. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data will only be transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular a suitable guarantee pursuant to Art. 46 GDPR.
16. Your rights
You have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to limit the processing and to object to the processing.
You also have the right to have your data, which we process automatically, handed over to yourself or to a third party in a common, machine-readable format.
To assert your rights, please contact us using the contact details provided above for the responsible office.
They also have the right to appeal to the competent data protection supervisory authority.
17. Revocation of consent
Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
18. Right of objection
In principle, you are only entitled to this right of objection if there are reasons arising from your particular situation (Art. 21 para. 1 GDPR). After exercising your right of objection, your personal data will not be further processed for these purposes unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.
If the processing is carried out for the purpose of direct marketing, you can exercise your right of objection at any time (Art. 21 para. 2 GDPR) and your personal data will then no longer be processed for the purpose of direct marketing, irrespective of the reasons for the objection.
19. Obligation to provide data
The provision of personal data is neither required by law nor by contract, nor are you obliged to provide personal data. However, the provision of personal information is required for the conclusion and performance of a contract to the extent that certain details are absolutely necessary in order to conclude and perform a contract.
20. Automated decision-making
We do not perform automated decision-making, including profiling.
21. Storage and deletion
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as it is necessary to achieve the purposes stated here or as required by the storage periods provided for by law.
If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
22. Technical and organizational measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.
23. Change of this privacy notice
If you have any questions about the collection, processing or use of your personal data, or should you require information about this data, or if it needs to be corrected, blocked or erased, and also if you wish to withdraw any consents granted, then please contact:
birkle IT Estonia OÜ
Data Protection Official
Tallinn, February 2019