Privacy policy
1. INTRODUCTION
1.1. Scalary OÜ (registry code 16292217) (hereinafter referred to as „Scalary“) follows the requirements and principles set out in this Privacy Policy. This Privacy Policy describes how Scalary processes the personal information of Data Subject. The purpose of this Privacy Policy is to protect the privacy of our customers in accordance with the general data protection regulations.
2. DEFINITIONS
2.1. Data Subject – a natural person whose data is processed by Scalary. The Data Subject may be a Scalary customer, a website visitor or another person who contacts Scalary.
2.2. General Data Protection Regulation or GDPR – a General Data Protection Regulation (EU, 2016/679 of the European Union), the implementation of which started on 25 th of May 2018 and is applicable in all Member States of the European Union.
2.3. Personal Data – data on an identified or identifiable natural person. A person who can be identified, directly or indirectly, by an identifier, which may be a name, personal identification number, location information, network identifier or one or more physical, physiological, genetic, mental, economic, cultural or social characteristics of that natural person.
2.4. Processing of Personal Data – Any operation performed with Personal Data, which may include storage, collection, use, modification, viewing, deletion or destruction.
2.5. Service – Services provided by Scalary to the customer. Scalary provides the following Services (the services offered are available on Scalary’s website www.scalary.ee):
2.5.1. payroll Service;
2.5.2. accounting Service;
2.5.3. business consulting.
2.6. Controller – a person, who determines the purposes and means of processing of Personal Data and is primarily responsible for ensuring that the Processing of Personal Data is carried out lawfully and that the rights of Data Subjects are guaranteed.
2.7. Privacy Policy – This document that sets out the principles governing the Processing of Personal Data.
3. WHOSE PERSONAL DATA DO WE PROCESS?
3.1. Scalary is the Controller of Personal Data. Scalary processes the data of its customers, customer representatives, employees and partners.
3.2. Scalary also processes the Personal Data of those who have contacted Scalary through the Scalary’s website (www.scalary.ee).
4. WHY DO WE PROCESS PERSONAL DATA?
4.1. The processing of Personal Data is part of Scalary's day-to-day business. Scalary may not provide a service to an anonymous customer, as a result of which Scalary has to know its customer, customer representatives, employees and business partners.
4.2. Scalary processes Personal Data only for the purpose of providing the service, improving the quality of the service and fulfilling the obligations arising from the law.
4.3. Scalary processes Personal Data for the following purposes:
4.3.1. identification of the customer for the purpose of performance and guarantee of the contract;
4.3.2. communication with the client for the purpose of performance and guarantee of the contract;
4.3.3. to respond to customer inquiries;
4.3.4. for the purpose of creating and managing Scalary’s customer base;
4.3.5. for the purpose of complying with legal requirements;
4.3.6. preparation and sending of invoices to the customer;
4.3.7. for the purpose of managing the website.
5. WHAT KIND OF PERSONAL DATA DO WE PROCESS?
5.1. In particular, Scalary shall process the Personal Data necessary for the conclusion and performance of the service contract to the minimum extent possible and on a clear legal basis.
5.2. Scalary processes the following Personal Data when providing the Service:
5.2.1. personal data - first name, surname, personal identification code, date of birth;
5.2.2. contact details - e-mail address and telephone number;
5.2.3. data of an identity document - type of document, issuer, validity, Personal Data on the document and photograph;
5.2.4. data related to the provision of the Service - data related to the performance of the contract, inquiries, complaints, information on payment behavior;
5.2.5. communication data - such as data collected via e-mail, data collected via social media, data transmitted via messages, etc.;
5.2.6. Data Subject's data - place of work, bank account number, salary data, data on sick days.
6. HOW DO WE PROCESS AND STORE PERSONAL DATA?
6.1. We process Personal Data in a lawful and transparent manner, ensuring that this is done in relation to the Data Subject. We only process Personal Data for the intended purpose. We determine the purpose of the Processing of Personal Data and follow it in our future activities.
6.2. We process Personal Data as little as possible. We only collect Personal Data that is necessary to fulfill the purpose. We keep Personal Data correct and up to date for the purpose, and we correct incorrect Personal Data. We retain Personal Information for as long as necessary:
6.2.1. We keep accounting documents for 7 years pursuant to the Accounting Act.
6.2.2. The collected data based on the Money Laundering and Terrorist Financing Prevention Act is stored for 5 years after the end of the business relationship.
6.2.3. Other data will be stored until the end of the retention period.
6.3. We implement appropriate technical or organizational measures to ensure the security of Personal Data using appropriate technology, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
6.4. We process Personal Data legally, fairly and transparently. Personal Data shall not be used in a way incompatible with the purpose for which they were collected.
6.5. We store Personal Data in such a way that the Data Subject can be identified for as long as it is necessary to fulfill the purpose of processing the Personal Data.
7. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
7.1. Scalary processes the Personal Data of Data Subjects:
7.1.1. to perform the agreement concluded with the client in preparation for the conclusion of the contract or at the request of the Data Subject. In order to fulfill the agreement concluded with the Customer, Scalary processes the data of persons other than the Customer, which have become known to Scalary during the provision of the Service to the Customer;
7.1.2. to fulfill an obligation arising from law;
7.1.3. in case of a legitimate interest of Scalary (according to the GDPR, the Data Subject has the right to request further explanations regarding the respective Data Processing if the Data Subject considers that the processing of Personal Data on the basis of a legitimate interest is not sufficiently justified);
7.1.4. With the consent of the Data Subject.
7.2. In order to prepare for concluding an agreement or at the request of the Data Subject, the processing of Personal Data takes place if the parties enter into an agreement and the purpose agreed in the agreement cannot be achieved by avoiding the Processing of Personal Data.
7.3. The Processing of Personal Data pursuant to law takes place if the obligation to process Personal Data is provided by law (e.g. the Employment Contracts Act, the Money Laundering and Terrorism Prevention Act, the Accounting Act).
8. RIGHTS OF THE DATA SUBJECT IN REGARD TO PERSONAL DATA
8.1. The right to access the Personal Data – The Data Subject has the right to know what data we collect, for what purpose we process it, to whom we store the data, and what the Data Subject's rights are in relation to restricting, correcting, deleting and processing Personal Data.
8.2. The right to rectification of Personal Data - The Data Subject has the right to request the rectification of insufficient, incomplete and incorrect Personal Data.
8.3. The right to delete Personal Data - The Data Subject has the right to request that we delete his or her Personal Data (e.g. when his or her Personal Data is no longer needed for the purpose for which they were collected). We have the right to refuse to delete Personal Data if the processing of Personal Data is necessary for the fulfillment of our legal obligation, the exercise of the right to freedom of expression and information, the preparation, submission, protection or public interest of legal claims.
8.4. The right to restrict Processing - In certain cases, the Data Subject has the right to prohibit or restrict the processing of his or her Personal Data for a certain period of time (e.g. if you have objected to the Processing).
8.5. The right to object - The Data Subject has the right to object to the Processing of Personal Data based on a legitimate interest of Scalary. Upon filing an objection, Scalary will terminate the processing of the Personal Data, unless we prove that the Personal Data is being processed for a valid legitimate reason.
8.6. The right to transfer Personal Data - If the processing of the Data Subject's Personal Data is based on his or her consent and the Personal Data is processed automatically, the Data Subject has the right to receive the Personal Data to another Controller. The Data Subject also has the right to request that Scalary transfer the Personal Data directly to another Controller, if this is technically feasible.
9. OTHER
9.1. Scalary reserves the right to change the Privacy Policy unilaterally. The latest version of the Privacy Policy is always available on the Scalary’s website (www.scalary.ee).
9.2. The law of the Republic of Estonia applies to this Privacy Policy.
10. CONTACT
10.1. Any questions regarding the Privacy Policy or the processing of Personal Data can be addressed to:
Scalary OÜ
Silmapiiri st 24, Tartu county