Privacy Policy

 

The following information applies to the web pages of birkle IT Estonia OÜ, Mäealuse 2/3
12618 Tallinn, Estonia. This is the controller as defined by data protection laws.

1. Content and scope

We take the protection of your personal data very seriously. With this privacy notice, we inform you which personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this privacy notice.

2. Responsible authority

birkle IT Estonia OÜ
Mäealuse 2/3
12618 Tallinn, Estonia
contact@birkle-it.ee

3. Visiting our website

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device. Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device. 
We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems. The data will also be used to correct errors on the website.
For these purposes the following data will be logged:
• IP address of the calling computer
• Operating system of the calling computer
• Browser version of the calling computer
• Name of the retrieved file
• Date and time of retrieval
• Transferred amount of data
• Referring URL
This data will be deleted after 7 days. Our website is hosted by a service provider based on data processing in accordance with Art. 28 GDPR.
The legal basis for this data processing is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data. 

4. Contact and customer database

If you contact us to request information or an offer, the information you provide will be stored for the purpose of processing your request. We need the information requested in the contact form on the website in order to process your enquiry, address you correctly and send you an answer.
The CRM system is regularly checked to see whether data can be deleted. If data in the context of a customer or prospective customer relationship is no longer necessary or an opposing interest of the customer outweighs, we will delete the relevant data, unless there are any legal storage obligations.
The legal basis for this storage and processing is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the maintenance of communication with our customers, interested parties and suppliers, the maintenance of our customer relationships and the implementation of direct marketing measures. If the purpose of establishing contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 b) GDPR.

5. Service provision (customers and suppliers)

We process the data of our customers and suppliers or service providers within the framework of the service provision of the respective contractual services. This may involve the processing of inventory data (e.g. name and first name of the contact person(s), address), contact data (e.g. e-mail address, telephone number), contract data (e.g. subject of contract, duration), payment data and data collected within the framework of the service provision and/or required for the service provision.

The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 b) GDPR.

6. Cookies

Our website uses cookies. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your browser where they are stored for later retrieval. Cookies can be small files or other types of information storage. Cookies are used to store information that arises in connection with the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. This does not, however, mean that we will immediately become aware of your identity.

We use cookies to make our website more user-friendly.

On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website (e.g. to enable the storage of your shopping basket contents). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. Session cookies are automatically deleted after leaving our website.

In addition, we use temporary cookies which we store on your terminal for a certain period of time (so-called first party cookies). If you visit our site again, it will automatically be recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.

We also use cookies for other purposes, such as web analysis. These cookies are also automatically deleted after a defined period of time. This use is explained in more detail below.

You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.

You may opt-out of the use of cookies to measure reach and for advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the operation, analysis and optimization of our website and our customer interactions.

7. Google Analytics

We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google Analytics sets cookies. Data is also transferred to the USA. As part of IP anonymization, the IP address collected by Google from users of our website within the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases is the unabridged IP address transmitted to Google in the USA and abbreviated there. The IP addresses transmitted are not combined with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the online service and the processing of this data by Google by downloading and installing the browser plug-in available under the following link, which Google Analytics uses JavaScript to inform Google Analytics that no data and information on visits to Internet pages may be transmitted to Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=en.

When Google Analytics is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are suitable guarantees for data transmission in accordance with Art. 46 GDPR.

The legal basis for this data processing when using web analytics is Art. 6 para. 1 f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

8. Google Maps

We use the Google Maps (API) service of Google Ireland Limited on our website. Google Maps enables the display of interactive maps. When you visit subpages of the website on which Google Maps is used, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers in the United States.

When Google Maps is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are suitable guarantees for the data transfer in accordance with Art. 46 GDPR.

For more information about data processing by Google, please see Google’s privacy policy: https://www.google.com/policies/privacy.

The legal basis for this data processing when using web analytics is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

9. Google Adwords

This website uses the “Google AdWords” online advertising tool and conversion tracking in this context. The conversion tracking cookie is placed when a user clicks on an ad posted by Google. These cookies become invalid after 30 days and are not used for personal identification. Whenever a user visits one of our sites and the cookie is still valid, we and Google are able to recognize that the user clicked on the ad and was forwarded to this page. Every Google AdWords customer gets a unique cookie. In this way, cookies cannot be tracked by websites of AdWords customers. Information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have decided to use conversion tracking. Customers are informed about the total number of users who clicked on their advertisement and were forwarded to a site which includes a conversion tracking tag. However, they will not receive any information allowing users to be identified. Users who do not want to participate in tracking can easily disable the Google conversion tracking cookie in the user settings of their internet browser. These users will not be recorded in the conversion tracking statistics. Click on Google Privacy Policy for more information.
The legal basis for the integration and use of Google Adwords is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

10. Social Media-Buttons

On our website a social media button of the social media network Twitter is integrated.

If you click on this social media button, you will be redirected to our page at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media networks, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.

The legal basis for the integration and use of social media buttons is Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

11. Social Media-Pages (“Fanpages”)

We maintain a publicly accessible profile on the social media networks Twitter, Xing, Instagram, LinkedIn and Facebook (“Social Media Pages” or “Fan Pages”).

If you visit one of our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.

The operators of social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network sites and on other sites.

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the privacy policy of the respective social media network. We do not have any further information in this respect.

We will be happy to provide you with information on suitable guarantees for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.

You can assert your rights of data subjects in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is Art. 6 Para. 1 f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.

Twitter’s privacy policy can be found at https://twitter.com/privacy.

Xing’s privacy policy can be found at https://privacy.xing.com/en/privacy-policy.

Instagram’s privacy policy can be found at https://help.instagram.com/519522125107875.

LinkedIn’s privacy policy can be found at https://www.linkedin.com/legal/privacy-policy.

The Facebook privacy policy can be found at https://www.facebook.com/privacy/explanation.

12. Fonts

We use font libraries on this website in order to present the contents of our website in a correct and graphically appealing manner across all browsers. Calling up font libraries automatically triggers a connection to the library operator. The operator receives the information that the font required for our website has been called up from your IP address.

You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).

We use Google Webfonts of Google Ireland Limited (https://www.google.com/webfonts/). When using Google Webfonts, data is transferred to the USA. Further information on data processing by Google can be found in Google’s privacy policy: https://www.google.com/policies/privacy.

Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for the data transfer in accordance with Art. 46 GDPR.

Legal basis for this data processing Art. 6 para. 1 f) GDPR. Our overriding legitimate interest is the optimization and economic operation of our website and our customer interactions taking place via it.

13. Applications

We collect and process personal data of applicants for the purpose of processing the application process. If we conclude an employment contract with an applicant, the transmitted data will be processed for the purpose of carrying out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, provided that deletion does not conflict with any overriding legitimate interest, such as the defense of claims or a function to preserve evidence in accordance with the General Equal Treatment Act.

The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 b) GDPR.

14. Age restriction

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal data from or about anyone under the age of 16.

15. Receiver of data

Within our company, those internal departments or organizational units receive your data which they need to fulfil their tasks, to fulfil contracts with you if necessary, for data processing with your consent or to safeguard our overriding legitimate interests.

Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 Para. 1 b) GDPR or to safeguard our overriding legitimate interest pursuant to Art. 6 Para. 1 f) GDPR in the effective performance of our business operations.

If we use service providers or third-party providers in the provision of the website and/or our services, we will take appropriate legal precautions and take appropriate technical and organizational measures to ensure the protection of your personal data.

If we use content or tools from service providers or third parties in the provision of the Website and/or our services and their registered office is in a third country, data will be transferred to a third country on a regular basis. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data will only be transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular a suitable guarantee pursuant to Art. 46 GDPR.

It is possible that we may acquire or dispose of the Company or parts of the Company or individual assets. Personal information may be transferred in connection with such a sale, merge, reorganization or similar event. Your personal data will, of course, continue to be processed in accordance with this Privacy Policy. The legal basis for such a transfer is our overriding legitimate interest pursuant to Art. 6 para. 1 f) GDPR in the effective implementation and further development of our business operations.

16. Your rights

You have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to limit the processing and to object to the processing.

You also have the right to have your data, which we process automatically, handed over to yourself or to a third party in a common, machine-readable format.

To assert your rights, please contact us using the contact details provided above for the responsible office.

They also have the right to appeal to the competent data protection supervisory authority.

17. Revocation of consent

Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

18. Right of objection

As far as your data is processed, as explained in this privacy policy, to protect our overriding legitimate interests, you can object to this processing with effect for the future. Please contact us using the contact details given above.

In principle, you are only entitled to this right of objection if there are reasons arising from your particular situation (Art. 21 para. 1 GDPR). After exercising your right of objection, your personal data will not be further processed for these purposes unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.

If the processing is carried out for the purpose of direct marketing, you can exercise your right of objection at any time (Art. 21 para. 2 GDPR) and your personal data will then no longer be processed for the purpose of direct marketing, irrespective of the reasons for the objection.

19. Obligation to provide data

The provision of personal data is neither required by law nor by contract, nor are you obliged to provide personal data. However, the provision of personal information is required for the conclusion and performance of a contract to the extent that certain details are absolutely necessary in order to conclude and perform a contract.

20. Automated decision-making

We do not perform automated decision-making, including profiling.

21. Storage and deletion

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as it is necessary to achieve the purposes stated here or as required by the storage periods provided for by law.

If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

22. Technical and organizational measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.

23. Change of this privacy notice

We reserve the right to amend this privacy notice from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the privacy notice, e.g. when introducing new services. Your renewed visit will then be subject to the new privacy policy.

If you have any questions about the collection, processing or use of your personal data, or should you require information about this data, or if it needs to be corrected, blocked or erased, and also if you wish to withdraw any consents granted, then please contact:

birkle IT Estonia OÜ
Data Protection Official
Mäealuse 2/3
12618 Tallinn

birkle IT Estonia OÜ reserves the right to change this privacy policy statement at any time in accordance with legal requirements.

Tallinn, February 2019