Privacy Policy
This Privacy Policy covers processing of the personal data of the Visitors of the Website.
This Privacy Policy does not apply to processing of the personal data of the clients in course of providing the Wallester Services. The latter is covered by client agreements between Wallester and its clients.
The data controller of the Visitor Data is Wallester AS, a company established under the laws of Estonia, registry code 11812882, address F. R. Kreutzwaldi 4, 10120, Tallinn, Estonia.
Requests and other communication regarding this Privacy Policy can be sent to: [email protected].
1. Personal data processing definitions
This Privacy Policy covers processing of personal data of the Visitor by Wallester, which means following.
Personal Data — means information about a natural person who is identified or identifiable.
Information — means any data that concerns a natural person, such as name, date of birth, address, place of work etc.
Natural person — means humans, i.e., companies and other legal entities are excluded.
Identifiable — means that information refers to a person either:
- directly — e.g., the data includes identification code of the person or
- indirectly — e.g., the IP-address of a computer can be traced to a person via combining it with additional data.
Processing — means any operation that is performed with the personal data. In context of this Privacy Policy, this includes collecting the Visitor Data from the Visitor, storing it in the Wallester’s servers, using the Visitor Data for the purpose it was collected and later erasing the Visitor Data.
2. Collected personal data
The Visitor Data is collected as follows:
- cookies — are placed in the Visitor’s Device in compliance with the permission granted by the Visitor,
- contact forms — the personal data that the Visitor submits via contact forms on the Website.
2.1. Cookies
Cookies are small data files that are placed in the Device when Visitor accesses the Website. This technology is used universally on almost all websites. Cookies make it possible to save the viewing preferences of the Visitor and track the Visitor’s actions on the Website.
Two main types of cookies are:
- essential — also known as strictly necessary cookies, are required for the essential functions of the website to work and do not require the Visitor’s permission in accordance with the law,
- non-essential cookies — can fulfil several goals, e.g., to enhance the Visitor’s viewing experience, provide Wallester with data to improve the Website, provide targeted ads to the Visitor etc. The non-essential cookies are placed in the Device only upon prior approval granted by the Visitor.
Cookie Policy describes in detail the different types of cookies that are used on the Website.
For clarity, the cookies identify only the IP-address of the Device that is used to visit the Website, not the person using the device (i.e., the Visitor). Identification of the Visitor who using the Device requires combining the data from the cookies with data from other sources. Wallester does not perform identification of the Visitors based on the data from the cookies.
2.2. Contact forms
Via the contact forms on the Website the Visitor can initiate communication with Wallester, e.g., submit request to become a client of Wallester. In order reply to the Visitors request, contact data of the Visitor is requested, such as name, phone number, e-mail address, the company where the Visitor works etc.
It is possible that as part of the communication via the contact forms on the Website personal data of other people is submitted to Wallester by the Visitor. In such case, the Visitor must assure that submitting that data is permitted by law.
3. Purpose of the personal data processing
The purpose for which each type of cookie is used is described in the Cookie Policy.
The purpose of processing the personal data submitted via the contact forms on the Website is to process the request by the Visitor (e.g., to become a client of Wallester) and to reply to it.
Wallester may use the Visitor Data for profiling to:
- understand its potential clients better and through this improve Wallester Services and communication,
- evaluate the suitability of a potential client to use the Wallester Services.
Wallester does not make decisions based solely on automated processing which concern the rights of the Visitor. The Visitor Data provided via the contact forms on the Website may be used to automatically evaluate the suitability of potential clients, i.e., companies.
4. Legal basis of the personal data processing
In case of cookies, the Visitor Data is processed on following legal basis:
- essential cookies — legitimate interest (GDPR art. 6.1 (f)),
- non-essential cookies — the Visitor’s consent (GDPR art. 6.1 (a)).
The Visitor Data submitted via contact forms on the Website is processed on following legal basis:
- the Visitor’s consent (GDPR art. 6.1 (a)) — applies to all the Visitor Data data submitted via the contact forms,
- for the performance of a contract (GDPR art. 6.1 (b)) — applies in case the Visitor Data is part of a request to start using the Wallester Services,
- legitimate interest (GDPR art. 6.1 (f)) — if as result of the communication initiated via the contact form there is possibility that any claims are submitted against Wallester, relevant Visitor Data is retained for as long as it is needed to defend against possible claims.
More than one legal basis for personal data processing may apply to the same set of data either simultaneously or in succession. E.g., personal data is often retained for a period after a contractual relationship ends to defend against possible claims in connection with the past contractual relationship.
5. Personal data retention periods
Wallester follows the principle that personal data must not be retained longer than what is needed to fulfil the purpose for which the personal data was collected.
As an exception to above, Wallester retains the personal data longer if this is mandatory under applicable law and erases personal data immediately thereafter.
6. With whom the personal data is shared
Wallester processes the Visitor Data obtained via the Website only for Wallester’s own business needs.
Wallester does not collect the Visitor Data via the Website with the intent to make it available to third parties for profit.
The cases where Wallester makes the Visitor Data available to third parties are listed below.
6.1. Partners
Wallester may make the Visitor Data available for third parties who:
- assist Wallester in processing of the Visitor Data (e.g., analytics or marketing service providers) or
- otherwise need the Visitor Data to protect the interests of Wallester (e.g., business or legal consultants).
In all such cases, Wallester remains the person who makes the decisions how the Visitor Data is processed (i.e., is data controller) and the third parties process the Visitor Data only in accordance with the instructions from Wallester (i.e., are data processors).
Requests regarding details of the data processors can be sent to the DPO.
6.2. Third-party cookies
As a special case of sharing the Visitor Data with partners, the Website places certain third-party cookies in the Visitor’s Device provided that the Visitor has given prior consent. In case of third-party cookies, the data about the Visitor’s activities on the Website is sent directly to the third-party who places the cookie via the Website. Third-party cookies are used to provide personalised ads, connect to social media websites etc.
The third-party cookies that the Website places in the Device are listed in the Cookie Policy.
6.3. Mandatory law
Wallester shares the Visitor Data with state institutions and other bodies who are not in contractual relationship with Wallester only on following conditions:
- sharing of the personal data is mandatory under the applicable law,
- the submitted request is fully compliant with the applicable law,
- no more personal data is made available than what is mandatory in accordance with the applicable law.
7. The Visitor’s rights
The Visitor has following rights in connection with the Visitor Data processed by Wallester:
Right to be informed — Wallester provides the Visitor with clear and transparent information about the data processing activities. This Privacy Policy is the primary source for this information, additional questions can be submitted to the DPO.
Right of access — the Visitor has the right to request following information from Wallester regarding the Visitor Data that is processed by Wallester: (a) which personal data is processed and (b) on which conditions the personal data processing takes place. Additionally, the Visitor has the right to request a copy of the above-mentioned Visitor Data.
Right to rectification — if the Visitor Data processed by Wallester includes inaccuracies or is incomplete, the Visitor has the right to request from Wallester to rectify these shortcomings.
Right to erasure — the Visitor has the right to request erasure of the Visitor Data by Wallester in case there is no legal basis to process the data.
Right to restriction of processing — the Visitor has the right to request that Wallester does not perform any processing activities regarding the Visitor Data, unless explicitly allowed by applicable law, if any of the following occurs: (a) the Visitor has contested the accuracy of the Visitor Data, (b) the processing is unlawful but the Visitor opposes the erasure of the concerned Visitor Data, © Wallester no longer needs the Visitor Data but the Visitor needs it in connection with legal claims, (d) the Visitor has objected to processing of the Visitor Data in accordance with the section below.
Right to object — the Visitor has the right to object processing of Visitor Data by Wallester if (a) the sole legal basis for processing the Visitor Data is Wallester’s legitimate interest which is outweighed by the Visitor’s particular situation or (b) where the Visitor Data is used for direct marketing purposes.
Right to data portability — the Visitor has the right to request a copy of the Visitor Data in a structured, commonly used, and machine-readable format from Wallester, provided that Wallester processes the relevant data by automated means.
Requests to exercise the Visitors rights listed above or to receive additional information must be sent to the DPO.
8. Complaints
If the Visitor is in the opinion that Wallester has violated the Visitor’s rights in connection with processing of the Personal Data, the Visitor is encouraged to first contact the DPO.
Additionally, the Visitor has the right to lodge a complaint with a supervisory authority, in particular in the EEA member state of the habitual residence of the Visitor, place of work of the Visitor or place of the alleged infringement.
9. Miscellaneous
If the Visitor has submitted personal data regarding other persons via the contact forms on the Website, the Visitor’s rights provided in this Privacy Policy apply to those other persons whose personal data is processed by Wallester.
The original language of this Privacy Policy is English. In case of discrepancies between the original version in English and its translations, the English version has priority over the translation.
Wallester may update this Privacy Policy from time to time. Current version of the Privacy Policy is published on the Website.