Telema Privacy Policy

Introduction

This Privacy Policy has been prepared in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

We apply security measures in our work regarding the services provided to Telema’s clients and the handling of personal data relating to our employees.

This Privacy Policy applies to all persons using the company’s server and network solutions, applications, website, making enquiries about our services or otherwise interacting with Telema.

Telema processes the data of its employees and its clients and their contact persons who have expressed their willingness to enter into contractual obligations or have confirmed that they have read and accepted our Privacy Policy.

 

Definitions

Personal data means any information relating to a natural person (the data subject) which enables directly or indirectly to identify that person: name, identity code, location information, network identifiers (i.e. identifiers used in a communication network to identify a specific individual), as well as physical, economic, cultural or other information and any combinations thereof.

Processing of personal data means any operation involving personal data: collection, organization, storage, alteration, reading, use, disclosure, integration, deletion, etc.

 

Identifying the data controller and data processor

Telema is the data controller upon the processing of personal data of its employees, website visitors, clients’ representatives and for further development of its services. Telema’s data processors are partners who provide services to Telema.

A processor shall process personal data on behalf of and for the account of the controller in accordance with all applicable regulations.

A processor may only process personal data subject to the controller’s authorisation and only to the extent authorized by the controller.

Telema acts as the client’s data processor regarding the personal data (e.g. data on the client’s customers) entered/transmitted by its clients using Telema solutions. In such a situation, the relevant client of Telema is the data controller.

 

Purposes of and legal basis for personal data processing

The data collected from our clients is limited to that which is strictly necessary for the purpose of providing our services and ensuring good customer experience.

Personal data is processed for the performance of a contract, on the basis of legitimate interest or the data subject’s consent.

Telema shall not disseminate, transmit, modify or use the personal data entrusted to us for any purposes not disclosed in the course of data collection, except with the data subject’s consent or under disclosure requirements provided in the legislation of the relevant country.

Telema collects personal data for the following purposes:

  • personal identification;
  • performance of employees’ tasks and relating legal obligations (e.g. providing data to the tax authority, providing data to an occupational health physician, etc.);
  • preparing client contracts and/or invoices;
  • compliance with the terms of contracts concluded with clients;
  • contacting persons to provide services;
  • retaining clients and resolving issues.

Telema is committed to protecting the personal data and privacy of its employees and clients.

Access to personal data within the company is only granted to persons who need it for the processing of personal data.

The personal data we collect may include:

  • your name;
  • your identity code;
  • your phone number;
  • your e-mail address;
  • your company’s name and your job title;
  • your company’s address
  • your company’s bank account details;
  • the text of your enquiry;
  • other data necessary for the provision of services.

The categories of personal data processed may vary depending on the employment contract with Telema, legal requirements or the agreement with the client.

 

Data retention

We shall retain personal data for as long as necessary to achieve the purposes for which the data were collected. The retention period will also depend on the legal requirements for recordkeeping.

Personal data related to Telema’s transactions will be stored for at least seven (7) years from the end of the relevant financial year, due to the obligation to prove transactions under the Accounting Act.

Employee data is stored for at least 10 years after the end of the employment contract and occupational health data for at least 55 years, as required by the laws of the Republic of Estonia, Latvia and Lithuania.

The personal data of the clients using our services will be stored for at least seven (7) years after the termination of the client or employment relationship, so as to enable us to defend our rights in case of a dispute with the data subject or the client or to enforce other legal claims.

 

Data sharing and disclosure

Personal data processed by Telema may be transferred without the data subject’s consent to an authority or person who has a justified need or a direct legal right to receive such data (e.g., a court or a person conducting pre-court proceedings).

We may transfer your data for processing by third parties who help us provide or administer the services or who provide services related to the handling of customer enquiries. Such parties may include e.g. transport companies, property managers, etc.

In any case, we will transfer data to a processor only to the extent necessary for the performance of a specific task or service.

 

Collecting data on website visitors

Telema’s websites uses cookies. The information collected by cookies is used to gather statistics on the number of users, as well as information on the geographical location of our users, in order to adapt website content and services.

 

Data security

Telema implements the necessary technical, physical (confidential documents are kept locked) and organizational security measures (confidentiality agreements with staff) to protect the personal data of clients and employees against loss or unlawful processing.

Telema has established and communicated clear and mandatory requirements for all persons processing personal data on behalf of and for the company.

Telema follows the requirements of the ISO 27001:2013 (Information Security Management System, ISMS) standard or equivalent when processing personal data.

 

Notification of personal data leaks or breaches to data subjects

If a breach is likely to seriously endanger the rights and freedoms of individuals, the data controller must inform the data subject thereof without undue delay.

The purpose of notification is to enable the data controller as well as the data subject to take necessary precautions to mitigate the risk.

In the notice, we will provide essential information about the personal data breach, as well as recommendations for mitigating potential adverse effects.

The notice to be given to the person will include:

  • a clear and plain-language explanation of the nature of the personal data breach;
  • the name and contact details of the contact person at Telema;
  • a description of the possible consequences of the personal data breach;
  • a description of the measures taken to address the personal data breach.

 

Rights of data subjects

Right of rectification – the data subject has the right to require the rectification of inaccurate or incomplete personal data relating to them without undue delay.

Right of erasure – the data subject has the right to require the erasure of their personal data without undue delay, subject to certain additional conditions.

If there is (no longer) a lawful basis for processing, disclosing or granting access to personal data, you may request a restriction of use, deletion, non-disclosure or access prohibition of the data. This should be done by submitting a request containing your identification details.

The request shall be denied if:

  • it may affect the rights and freedoms of another person;
  • it may prevent the provision or non-provision of a service;
  • it may obstruct the work of law enforcement agencies;
  • it is not technically necessary and/or feasible;
  • the applicant has no legal interest in the data;
  • the applicant cannot be identified.

Right of restriction – in certain circumstances, the data subject has the right to temporarily or permanently restrict the processing of all or part of their personal data.

Right of access – the right to be informed of and request access to the personal data we process about you.

If personal data is being processed on the basis of the data subject’s consent, the data subject has the right to withdraw that consent at any time by notifying us by e-mail, but this shall not affect the lawfulness of processing on the basis of the consent prior to its withdrawal.

 

Privacy Policy and changes

The data subject shall familiarize themselves with this Privacy Policy and provide their consent in a reproducible format (e.g. as an annex to a contract, etc.).

Telema reserves the right to modify, add, or remove any terms of this Privacy Policy as necessary. The current Privacy Policy is available on Telema’s website at https://www. telema.com.

If you believe that Telema has violated your rights regarding the processing of your personal data, please notify us by a letter to our public e-mail address. Disputes will be settled by negotiations. You also have the right (e.g. if negotiations fail) to refer the matter to the Data Protection Inspectorate (https://www.aki.ee/en, e-mail: info@aki.ee or to a competent court.

Privacy Policy applicable as of 12.03.2024.