Privacy policy
The protection of personal data is very important to us and we take it very seriously. Here you will find all information about the principles of data processing of Sanitex OÜ (hereinafter Sanitex), which personal information we collect, what we use it for and who has access to it.
In processing personal data, we are guided by applicable personal data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and Council (“GDPR”) and the Estonian Personal Data Protection Act.
- DEFINITIONS
- 1. A Data Subjectis an identified or identifiable natural person whose data is processed; Data subjects are, for example, Clients, Visitors, cooperation partners, and employees and job applicants for whom Sanitex has Personal Data;
- 2. The Privacy Policyis the current text, which sets out Sanitex OÜ’s Principles of Processing Personal Data.
- 3. Personal Datais any information about an identified or identifiable natural person (“data subject”), including name, personal identification code, email address, etc
- 4. Personal Data Processingis any automated or non-automated operation or set of operations of a Data Subject’s Personal Data. For example, collecting, saving, organizing, storing, modifying and disclosing Personal Data, providing access, performing queries, and extracting, using, forwarding, cross-using, merging, closing, deleting, or destroying Personal Data, or several of the above operations, regardless of the manner in which the operations are performed and the resources available.
- 5. A Clientis any natural or legal person who uses or has expressed an interest in using Sanitex OÜ Services or purchasing Products.
- 6. The Contractis a service, sale, employment or other agreement entered into between Sanitex OÜ and the Client, cooperation partner or employee.
- 7. The Websiteis Sanitex OÜ websites: www.sanitex.ee, www.cashcarry.ee, www.gobox.ee, www.blslogistic.ee, www.promofs.ee, www.tarbijamang.eu, www.ollegiid.ee.
- 8. A Visitoris a person who uses the Sanitex OÜ Website.
- 9. The Chief Processoris Sanitex OÜ
- 10. The Authorized Processoris a natural or legal person, a public sector institution, an agency or other authority which processes personal data on behalf of the Chief Processor.
- 11. The Recipientis a natural or legal person, a public sector institution, an agency or other authority to which personal data is disclosed, whether or not it is a third party. Public sector institutions, which in accordance with the law of a Union or a Member State obtain personal data relating to a specific query, may not be considered as recipients; these public sector institutions process such data in accordance with the applicable data protection standards, in accordance with the processing objectives.
- 12. A Third Partyis a natural or legal person, a public sector institution, agency or other authority, except for the data subject, the chief processor, the authorized processor and the persons who can process personal data under the direct authority of the chief processor or the authorized processor.
- 13. A Childis a person under the age of 13 in the Republic of Estonia in the context of personal data processing.
- 14. Servicesare all kinds of services and products offered by Sanitex OÜ.
- 15. Cookiesare data files that are sometimes saved to the website visitor’s device.
- 16. Sales Channelsare means of communication with the data subject that are used by Sanitex OÜ, a tool created for the sale of goods and services, including e-mail, phone, public and social media, various chat lines, individualized and interactive ads and other similar tools on websites and elsewhere.
- GENERAL TERMS AND CONDITIONS
- 1. Sanitex OÜ is a legal person, register number 11931003, address Graniidi tee 1, Rae vald, Rae küla, 75310 Harjumaa, e-mail [email protected] . Sanitex OÜ is part of the JSC Sanitex concern, which is a wholesale, distributor and logistics company and operates in the Baltic States and Poland.
- 2.Sanitex OÜ is allowed to process Personal Data:
- 2.1.as the Chief Processor, specifying the purposes and means of processing;
- 2.2. as an Authorized Processor in accordance with the instructions of the Chief Processor;
- 2.3. as a Recipient to whom Personal Data is transmitted.
- 3. The present Sanitex OÜ Privacy Policy is an integral part of the Contract between Sanitex OÜ and the Client, cooperation partner or employee.
- 4. The Privacy Policy applies to the Data Subjects and all Sanitex OÜ employees and cooperation partners who have contact with Personal Data held by Sanitex OÜ shall follow the rights and obligations specified in this Privacy Policy.
- 5. In addition to the general privacy terms and conditions, additional privacy notices or policies may be published on Websites or in applications. If the privacy notice / policy published on a particular Website or application violates this Privacy Policy, the relevant notice / policy applies.
- THE CATEGORIES OF PERSONAL DATA
Sanitex OÜ collects, among other things, the following types of Personal Data:
- 1. Personal Data published by the Data Subject to Sanitex OÜ;
- 2. Personal Data arising from the normal communication between the Data Subject and Sanitex OÜ;
- 3 Personal Data clearly disclosed by the Data Subject (for example in social media);
- 4. Personal Data arising from the use of Services (for example using Sanitex OÜ e-shop);
- 5. Personal Data resulting from the visit and use of the Website (for example time spent on the Website, language preference, location);
- 6. Personal Data resulting from subscribing the newsletter (for example information about opening the e-mail);
- 7. Personal Data from Third Parties;
- 8. Personal Data created and combined by Sanitex OÜ (customer relationship e-mail, background data prior to the conclusion of the Contract or list of orders history).
- PERSONAL DATA PROCESSING OBJECTIVES AND GROUNDS
Sanitex OÜ processes Personal Data solely on the grounds of consent or law. The ground for Personal Data Processing arising from the law is, among other things, a legitimate interest or a Contract between the Data Subject and Sanitex OÜ.
- 1. By consent, Sanitex OÜ processes Personal Data exactly within the limits, scope and purposes specified by the Data Subject. In case of consent, Sanitex OÜ proceeds from the principle that any consent must be clearly distinguishable from other issues, in an understandable and easily accessible form, in clear and simple language. The consent may be given in writing, electronically or as an oral application. The Data Subject gives the consent voluntarily, specifically, deliberately and unambiguously, for example by ticking the box on the Website.
- 2.Upon entering into and executing the Contract, the Processing of Personal Data may be further specified in a specific Contract, but Sanitex OÜ may process Personal Data for the following purposes:
- 2.1. prior to entering into the Contract, at the request of the Data Subject;
- 2.2. identification of the Client to the extent required by duty of care;
- 2.3. performance of the obligations incumbent upon the Client in relation to the provision of its Services;
- 2.4. communication with the Client;
- 2.5. ensuring the fulfillment of Client’s payment obligations;
- 2.6. submission, realization and protection of claims.
- 3.For the conclusion of an employment contract based on the contract and a legitimate interest, the Personal Data Processing of a Sanitex OÜ applicant includes the following:
- 3.1.Processing of Data submitted by the applicant to Sanitex OÜ for the purpose of concluding an employment contract;
- 3.2. Processing of Personal Data obtained from a person who has been nominated by an applicant as a recommender;
- 3.3.Personal Data Processing collected from public databases and registries and public (social) media.
- 4.Legitimate interest means Sanitex OÜ’s interest in administrating and managing its own business to provide best possible Service on the market. Based on the law, Sanitex OÜ processes the Personal Data only after careful assessment to establish that Sanitex OÜ has a legitimate interest in the Processing of Personal Data in accordance with the interests and rights of the Data Subject. In particular, the Processing of Personal Data on the basis of legitimate interest may take place for the following purposes:
- 4.1.to ensure a trustworthy client relationship, such as Personal Data Processing, which is strictly necessary to identify actual beneficiaries or prevent fraud;
- 4.2.managing and analysing a client base to improve the availability, range, quality of Services and products, and to offer the best and most personalized offerings to the Client;
- 4.3.identifiers and Personal Data collected through the use of Websites, mobile applications and other Services. Sanitex OÜ uses the collected data to analyse, maintain, improve the web and mobile environment services and perform statistics and analyse the Visitor’s behaviour and experience and to provide a better and personalized Service.
- 4.4. organizing campaigns, including arranging personalized and targeted campaigns, carrying out Client and Visitor satisfaction surveys and measuring the effectiveness of marketing activities;
- 4.5. analysing the behaviour of the Client and the Visitor in various Sales Channels, Websites and store;
- 4.6. service monitoring. Sanitex OÜ may store and send notices and orders, as well as information and other actions performed by Sanitex OÜ at their premises or by means of telecommunication (e-mail, telephone etc.), and, if necessary, use these recordings for the purpose of proving orders or other operations;
- 4.7.network-, information- and cybersecurity considerations, such as defeating piracy and ensuring Website security and backup and retrieval measures;
- 4.8.for organizational purposes. In particular for financial management and within the JSC Sanitex for the transmission of Personal Data within the concern for internal management purposes, including Personal Data Processing for Clients or employees;
- 4.9. to prepare, present or protect legal claims.
- 5. Sanitex OÜ processes Personal Data to fulfill the obligations provided by law or to implement the permitted uses of the law. For example, the law imposes obligations to process payments or to comply with money laundering rules.
- 6. Sanitex personal data is processed by Sanitex solely with the explicit consent of the Data Subject, either in writing or on the website by fulfilling the relevant form (for example, applying for a customer card) for the purpose of direct marketing. The Client has the right to refuse direct marketing bids at any time.
- 7. Personal Data is processed for the purpose of issuing and managing a client card. The principles for the Processing of Personal Data relating to the client card are indicated in the data protection notice attached to the client card application form.
- 8. Personal Data is processed to respond to the Data Subject’s queries. Queries are submitted either via a Website or directly to the Chief Processor’s e-mail address and to the extent that the Data Subject him/herself has published. If the Data Subject fails to provide any relevant information relevant to respond to the query, Sanitex may not respond to the query.
- 9. Sanitex.ee is for people at least 14 years of age. Persons under the age of 14 cannot transfer Personal Data through Sanitex.ee.
- WEBSITE BROWSING STATS
Sanitex OÜ wishes to make its Website as easy to use as possible. In order to improve user experience:
- 1.Information collected by Sanitex OÜ web services. We collect information such as name, e-mail and phone number that the user sends us through our Websites, applications and services. We also collect data on how users interact with our Websites and applications. In addition, we collect information from your computer or device, such as the IP address, browser you are using, and language settings. In order to collect and analyze the above data, Sanitex OÜ uses the automated tool Google Analytics. You may at any time disable the collection of your data by Google Analytics, as described here.
- 2. Using Sanitex OÜ web service data. The information sent to us by the user (for example name, e-mail, telephone number) is used to contact the user. Information about how the user uses our Websites and applications is used for statistical purposes to improve our Websites and applications and to display custom content to the Client.
- 3. Logs. The server, which hosts Sanitex OÜ Websites can also store queries that you make to the server (the web address that you open, the web browser and device you use, IP address, access time). This data is used only for technical purposes – to ensure the proper functioning and security of the Website and to investigate potential security incidents.
- 4. Cookies and aggregated or anonymous data. We use cookies on our Websites and Services to provide a variety of ways in which we identify the user as an anonymous individual. Cookies help us improve our services, for example, so that you do not need to re-enter the information you provided previously. Cookies also help us to record the number of Visitors to the page and provide statistical information and information on how users interact with Sanitex OÜ Services. We use statistical information to improve our Websites, applications and Services, and we provide custom content tailored for the Client through advertising. In our applications, we use for iOS the Identifier for Advertising tool (IDFA) for Android Google Advertising ID (IDA). All information is collected anonymously, which means that we cannot link data to one particular user or identify the user through authenticated web services.
- 5.Third Party services. Websites and applications use services such as Google Analytics Solutions to track user interaction. We use the services of Google, Facebook and other Third Parties to collect the anonymous data we use to deliver the relevant ad. Sanitex is not responsible for the processing of data on Third Party websites (for example Facebook, Twitter, etc.). If necessary, please get acquainted with the privacy policy of these service providers
- DISCLOSURE AND / OR TRANSMISSION OF CLIENT DATA TO THIRD PARTIES
Sanitex OÜ cooperates with persons to whom Sanitex OÜ may transmit data related to Data Subjects, including Personal Data, in the framework and for the purpose of cooperation.
- 1.Such Third Parties may be persons belonging to the same concern as Sanitex (JSC Sanitex), advertising and marketing partners, companies conducting customer satisfaction surveys, debt collection services, payment order registers, IT partners and persons, institutions and organizations providing (e) postal services.
- 2.Your Personal Data (name and address) may be disclosed to couriers and postal services if there is a need to send you a notice or a shipment by post. Your Personal Data may also be disclosed to officials (police, bailiff, labour inspector, etc.) if such a requirement arises from the law, as well as for protection of the Chief Processor, its Clients, cooperation partners, employees and property.
- 3.Sanitex OÜ will only transmit Personal Data outside the European Union if:
- 3.1.transmission is necessary for the performance of a contract between the Data Subject and the Chief Processor or the implementation of pre-contractual measures taken on the basis of a request from the Data Subject;
- 3.2. transmission is necessary for the conclusion of a contract or the fulfillment of a contract between the Chief Processor and another natural or legal person in the interest of the Data Subject;
- 3.3.transmission is necessary for compelling reasons of public interest;
- 3.4.transmission is necessary for the preparation, presentation or protection of legal claims;
- 3.5.transmission is necessary to protect the essential interests of the Data Subject or other persons if the Data Subject is physically or legally incapable of giving consent;
- 3.6.transmission is made from a register which, under Union or national law, is intended to inform the public and is open to inspection either to the general public or to anyone who can demonstrate a legitimate interest, but only to the extent that, as in the particular case, the conditions for access which are subject to Union or national law are met;
- 3.7.transmission is not repeated, it effects only a limited number of Data Subjects. Sanitex OÜ reports the transmission of data to the Data Protection Inspectorate.
- NEWSLETTERS
- 1.To manage our newsletter subscribers list and send them emails we use an automated marketing platform – MailerLite. You can access the MailerLite Privacy Policy at MailerLite Privacy Policy.
- 2. Newsletters may use web beacons, unique identifiers and other tracking technologies to collect information when order newsletter, if/when you open the email, visited links, if/when you unsubscribed , what application used to read letter, your IP address and related country , client type. This information is collected for statical purposes to monitor and improve our newsletters.
- STORAGE OF PERSONAL DATA
- Personal Data is stored in a form which allows the identification of Data Subjects only as long as necessary to fulfill the purpose for which Personal Data is processed or as long as required by law.
- 1. The contractual Client’s Personal Data is retained until the expiry date of contractual claims. Contracts, original accounting documents and other commercial documents necessary for the comprehension of economic transactions, which may include Personal Data, shall be retained for a period of seven years from the end of the financial year in question. Employment contracts will be kept ten years after the end of the contract.
- 2. Automated notifications and offers clearly targeted to the customer that are delivered on-site or by e-mail are stored for 3 years after the last newsletter reading, or until the Data Subject’s different request.
- 3. The Personal Data of the Data Subject who has been an applicant and not elected are kept by Sanitex OÜ with the consent of the Data Subject two years in order to offer a job to the applicant if a suitable job position releases. Two years after filing an application for employment the Personal Data of the applicant who has not been elected will be deleted. If the Data Subject does not consent to the storage of data, the Data Subject’s Personal Data shall be deleted at the end of the application process. If necessary, data may be retained for possible legal disputes, but only as long as it can be disputed.
- PROCESSING CHILDREN’S PERSONAL DATA
- 1.Sanitex OÜ services are not for Children.
- 2.Sanitex OÜ does not knowingly collect Personal Data about Children under the age of 13, and if we do so consciously, we will proceed according to the wishes of the parent or guardian
- 3.In the event that Sanitex OÜ becomes aware that it has collected Personal Data from a Child or about Child, Sanitex will do its best to terminate such Personal Data Processing.
- RIGHTS OF THE DATA SUBJECT
- Personal Data is stored in a form which allows the identification of Data Subjects only as long as necessary to fulfill the purpose for which Personal Data is processed or as long as required by law.
The rights are exercised in accordance with the terms and conditions arising from the GDPR and other local laws:
- 1.the right to access Personal Data concerning you;
- 2.the right to correct Personal Data;
- 3.the right to delete Personal Data;
- 4.the right to request restriction of Personal Data Processing;
- 5.the right to object to Personal Data Processing;
- 6.the right to transfer Personal Data;
- 7.the right that a decision based solely on automated processing will not be taken about you;
- 8.the right to withdraw the consent without prejudice to the lawfulness of the processing carried out on the basis of consent before the withdrawal.
- OTHER TERMS AND CONDITIONS
- 1.Sanitex OÜ has the right to unilaterally amend these Privacy Policy. Sanitex OÜ will inform the Data Subject of any amendments on Sanitex OÜ Website, via e-mail or otherwise.
If you think that your privacy has been violated or if you would like to have access to the data collected about you, please contact us at [email protected] You also have the right to file a complaint with the data protection supervisory authority of the country where your permanent residence is. In Estonia, this is the Estonian Data Protection Inspectorate.