Our privacy policy

1. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

We process data, including personal data (such as the first and last name, personal identification code, address, email address, and phone number of the client or their representative) (hereinafter referred to as data), in the following cases:

  • when placing an order, for the purpose of fulfilling the order
  • when entering into and performing a contract, for the purpose of entering into and performing the contract
  • when using the mini-storage unit, for the purpose of ensuring security and protecting property (video surveillance) 
  • when fulfilling obligations arising from law, for the purpose of fulfilling such obligations

As a rule, we collect data directly from the data subject with their consent. In addition, we use cookies to optimize the user experience on our website and to provide clients with better services (please see our Cookie Policy).

The legal basis for processing data is legitimate interest, and we are primarily guided by the General Data Protection Regulation and the Personal Data Protection Act.

2. DATA CONTROLLER

The data controller is EV Haldus OÜ (14932612, [email protected]). The controller may transfer data for processing to authorized processors (for example, the developer of the website and access systems, the provider of administration software, the payment service provider, the SMS service provider, the server hosting service provider, the security service provider, and the insurance service provider) with whom the controller has a contractual relationship.

3. DATA RETENTION

We retain data for as long as it is necessary for the purposes specified in section 1, for the protection of our rights, or for the fulfilment of obligations arising from law.

4. DATA PROTECTION

The aim is to prevent unauthorized processing of data by ensuring need-based access to the data and preventing unlawful disclosure of data. For this purpose, we use organizational, physical, and information technology security measures. Employees of the data processor are required to comply with all data protection rules arising from law when processing data.

5. PROCESSING OF DATA RELATED TO VIDEO SURVEILLANCE 

High-resolution security cameras have been installed on the territory of the warehouse building and inside the warehouse building. 

The security cameras are configured to record. The recording process is triggered by a camera system connected to motion sensors, and security camera recordings are generally retained for up to 30 days. Older recordings are deleted. In the event of a security incident or insurance event, the security camera recording is retained until the relevant investigation is completed or until another need ceases to exist.

We keep security camera recordings confidential and do not disclose them to third parties, except where the person wishing to access the recording has a legitimate interest in doing so (for example, to a security service provider in the event of a security incident, to a person providing administration services to enable administrative activities, in the event of an insurance event, etc.) or where the disclosure of the recording to an authority is mandatory pursuant to legal acts or necessary for the performance of a contract (for example, in the event of an insurance event).

6. RIGHTS OF THE DATA SUBJECT

  • The right to receive information about what data we process and how we process it. 
  • The right to withdraw consent at any time if the data is processed on the basis of consent. 
  • The right to request deletion of data if the data is processed on the basis of consent and the consent has been withdrawn, or if the data retention period has expired and the data does not need to be archived.
  • The right to request correction of data if it has changed or is insufficient or incorrect for any other reason.
  • The right to contact the Data Protection Inspectorate or a court.