1.1. A data subject is a natural person about whom Sikka has information, or the information that can be used to identify a natural person. Data subjects are, for example, customers, collaborators, and employees as natural persons whose personal data Sikka has received.
1.3. Personal data is any information related to an identified or identifiable natural person.
1.4. The processing of personal data covers any act performed with a data subject’s personal data, including collection, recording, organisation, storage, alteration, disclosure, providing access to them, conducting queries and retrievals, usage, transferring, cross-usage, merging, closure, deleting, or destroying personal data, or several of the above mentioned operations, regardless of the manner in which the operations are performed and the means used.
1.5. A customer is any natural or legal person who uses or has expressed an interest in using Sikka’s services.
1.6. A contract is an agreement concluded between Sikka and a customer to provide services, or some other agreement.
1.7. Website – www.monafi.com is Sikka’s website.
1.8. A visitor is a person who uses Sikka’s website.
1.9. A child is, in the context of personal data processing, a person under the age of 13 in the Republic of Estonia.
1.10. Services – all kinds of services and products provided by Sikka.
1.11. Cookies are data files that are sometimes saved on the device of a website visitor.
1.12. Sikka’s data protection specialist is a person who follows the implementation of the principles for the processing of personal data, and with whom any data subject can contact in case of complaint.
1.13. Sales channels are Sikka’s ways to communicate with data subjects, tools created for selling goods and services, incl e-mail, telephone, public and social media, various chat lines, individualised and interactive adverts, and other similar tools on websites and in other places.
1.14. Product portfolio includes Sikka’s various products and services, the list of which is available on the company’s website www.monafi.com.
2. GENERAL TERMS
2.1. Sikka is a legal person Sikka OÜ, with the registry code 12561318, located at 3 Mäeniidu tee, 74010 Viimsi.
2.2. At Sikka, personal data can be processed:
2.2.1. by a responsible processor, when the purposes and means of processing have been specified;
2.2.2. by an authorised processor according to the instructions of the person responsible;
2.2.3. by a receiver to whom personal data are transferred.
3.1. Sikka always favours the interests, rights and freedoms of data subjects when processing their personal data.
3.2. Sikka’s goal is to provide responsible processing of personal data, which is based on best practice, bearing in mind that the company is always ready to demonstrate the compliance of the processing of personal data with the purposes set.
3.3. Sikka’s all processes, instructions, operations and activities related to processing personal data are based on the following principles:
3.3.1. Legality. In case of processing personal data, there is a legal basis for this, for example a consent.
3.3.2. Fairness. The processing of personal data is fair, requiring, first of all, that the data subject has sufficient information on how their personal data are processed.
3.3.3. Transparency. The processing of personal data is transparent to the data subject.
3.3.4. Purposefulness. Personal data is collected for precisely and clearly defined and legitimate purposes and will not be processed later in a way that does not conform to these purposes.
3.3.5. Correctness. The personal data are correct and, if necessary, updated, and all reasonable steps will be taken to delete or correct the personal data which are incorrect from the point of view of the purpose for processing personal data.
3.3.6. Principle of restricted storage – personal data shall be stored in a form that allows data subjects to be identified only for as long as it is necessary to fulfil the purpose for which the personal data is processed. This means that, if Sikka wishes to keep personal data longer than it is necessary for the purpose, the company will anonymize the data so that the data subject is no longer identifiable. As for the data received by Sikka through customer relationship or similar relations, the company will keep them in accordance with best practices and will retain the data processed on the basis of consent until the consent is withdrawn.
3.3.7. Reliability and confidentiality. Processing of personal data is carried out in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using reasonable technical or organizational measures. Sikka has both internal instructions and rules for employees and separate contracts with each authorized data processor, providing best practices, ongoing risk assessment and relevant technical and organizational measures for processing personal data.
3.3.8 Sikka OÜ is responsible for processing the data. Sikka OÜ forwards the necessary personal data for making payments to the authorized processor Maksekeskus AS.
4. COMPOSITION OF PERSONAL DATA
4.1. Sikka shall collect, inter alia, the following types of personal data:
4.1.1. personal data given to Sikka by the data subject (name, e-mail address, postal address, phone number);
4.1.2. personal data resulting from normal communication between the data subject and Sikka;
4.1.3. personal data made clearly public by the data subject (e.g. in social media);
4.1.4. personal data generated when using services (e.g. when buying in Sikka’s online shop);
4.1.5. personal data resulting from the visit and use of the website (e.g. the time spent on the website);
4.1.6. personal data received from third persons;
4.1.7. personal data created and combined by Sikka (correspondence or the list of the order history in the context of customer relationships).
5. COMPOSITION OF PERSONAL DATA. PURPOSES AND GROUNDS FOR THEIR PROCESSING
5.1. Sikka processes personal data only by consent of the data subject or by law.
5.2. By consent, Sikka processes personal data exactly within the limits, scope and purposes specified by the data subject. As regards consents, Sikka’s acts are based on the principle that each consent must be clearly distinguishable from other questions, in an understandable and easily accessible form, in a plain and simple language. The consent may be given in writing, electronically or orally. The data subject gives consent voluntarily, specifically, deliberately and unequivocally, for example by ticking the box on the website.
5.3. A legitimate interest is Sikka’s interest in managing and running its own business, to offer the best possible services on the market. Under law, Sikka will process personal data only after careful evaluation, to determine that the company has a legitimate interest, the processing of personal data is necessary and in accordance with the interests and rights of the data subject. In particular, the processing of personal data on the basis of legitimate interest may take place for the following purposes:
5.3.1. to ensure trustworthy customer relationships, for example the processing of personal data, which is strictly necessary to identify actual beneficiaries or prevent fraud;
5.3.2. to manage and analyse the customer base to improve the availability, range and quality of the services and products, and to provide the best and most personalized offerings with the customer’s consent;
5.3.3. to collect identifiers and personal data when using webpages, mobile applications and other services. Sikka uses the data collected to conduct web analysis, analysis of mobile phone services and information society services, to ensure and improve activities, do statistics, analyse visitor behaviour and user experience, and to provide better and more personalised services;
5.3.4. to do customer and visitor satisfaction surveys and measure the effectiveness of marketing activities;
5.3.5. to analyse customer and visitor behaviour on different sales channels and webpages;
5.3.6. to monitor services – Sikka can save notices and orders made both in its premises or by means of telecommunication (e-mail, telephone, etc.), as well as information and other activities performed by Sikka, and, if necessary, use them to prove orders or other operations;
5.3.7. when considering network, information and cyber-security, for example to fight against piracy, to secure the websites, to make and maintain backup copies;
5.3.8. to compile, submit or defend legal claims.
5.4. To fulfil obligations arising from law, Sikka shall process personal data for the purpose of fulfilling obligations provided by law or applying the ways of usage permitted by law. For example, the law imposes obligations to process payments or follow the money laundering rules.
5.5. If the processing of personal data is for a purpose other than that for which the personal data was originally collected or is not based on the consent of the data subject, Sikka will carefully evaluate the admissibility of such new processing.
6. DISCLOSURE OF AND / OR TRANSFER OF PERSONAL DATA TO THIRD PERSONS
6.1. Sikka cooperates with persons to whom the company may transfer data relating to data subjects, including personal data, in the framework and for the purpose of cooperation.
6.2. These third persons may be, for example:
persons mediating or providing postal services, IT partners, service providers for debt collection, payment failure registries, institutions and organizations, provided that:
6.2.1. their purpose and the processing are legal;
6.2.2. personal data processing is carried out in accordance with Sikka’s instructions and under a valid contract.
7. SECURITY MEASURES FOR PROCESSING PERSONAL DATA
7.1. Sikka shall store personal data only for the strict minimum necessary time. Personal data, the expiry date of which has passed, will be destroyed, using best practices and in accordance with the procedures established by Sikka.
7.2. Sikka has established instructions and procedures on how to ensure the security of personal data through using both organisational and technical measures.
7.3. In the event of any incident involving personal data, Sikka will take all necessary measures to mitigate the consequences and avoid all relevant risks in the future. Among other things, Sikka shall register all incidents and inform the Data Protection Inspectorate and the data subject directly.
8. PROCESSING CHILDREN’S PERSONAL DATA
8.1. Sikka shall not knowingly collect information about persons under the age of 13, or children, and if we do so knowingly, we will consider the wishes of the parent or guardian.
8.2. If Sikka becomes aware that the company has collected some personal data from a child or about a child, the company will do its best to terminate the processing their personal data.
9. RIGHTS OF THE DATA SUBJECT
9.1. Rights related to the consent:
9.1.1. The consent to allow the processing of personal data may be withdrawn by the data subject at any time.
9.1.2. The consent to receive Sikka’s newsletter can be withdrawn through the link below the newsletter.
9.2. As regards the processing of personal data, the data subject also has the following rights:
9.2.1. The right to receive information, or the right of the data subject to obtain information about personal data collected on them.
9.2.2. The right to access data that inter alia includes the data subject’s right to a copy of their personal data processed.
9.2.3. The right to demand the correction of inaccurate data.
9.2.4. The right to delete data, that is, in a certain case, the data subject has the right to require that personal data be deleted, for example, if processing is done only on the basis of their consent.
9.2.5. The right to demand limitation of processing personal data. This right arises, inter alia, if the processing is not authorized by law or if the data subject disputes the accuracy of their personal data. The data subject has the right to demand that the processing of personal data be restricted for a period that allows the responsible person to check the accuracy of personal data, or when the processing of personal data is unlawful, but the data subject does not request the deletion of their personal data.
9.2.6. The right to a supervisory authority’s assessment of whether the processing of personal data of the data subject is lawful.
10. EXERCISING RIGHTS AND SUBMITTING COMPLAINTS
10.1. Exercising rights:
10.1.1. The data subject has the right to contact Sikka by e-mail firstname.lastname@example.org in the event of a question, application or complaint concerning the processing of personal data.
10.2. Submitting complaints:
10.2.1. The data subject has the right to appeal to Sikka, the Data Protection Inspectorate or a court when the data subject thinks that their rights have been violated during the processing of their personal data.
10.2.2. The contacts of the Data Protection Inspectorate are available on its website https://www.aki.ee/et.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.1. Sikka may collect data about the visitors of the webpages and other information society services by using cookies (i.e. small pieces of information that are stored by the visitor’s browser on the hard disk of their computer or other device) or other similar technologies (such as IP address, device information, location information), and process these data.
11.2. Sikka uses the data collected to: enable the provision of the service in accordance with the visitor or customer’s habits; ensure the best service quality; make website experience more convenient for the customers; inform the visitor and the customer about the content and make recommendations; make ads more relevant and improve marketing efforts, analyse customer behaviour and thereby improve online experience, facilitate logging in and data protection. The collected data is also used to count visitors and identify their user habits.
11.3. We use the cookies of our online store environment to identify users as unique but anonymous persons.
11.4. Sikka uses session, permanent and advertising cookies. Session cookies will be deleted automatically after each visit; permanent cookies are extant when the website is visited frequently; advertising cookies are used to present materials suitable for the visitor or limit the number of times the same ad is seen on the website. Cookies of third parties are used by websites of Sikka’s partners. Sikka does not control the appearance of these cookies, so you can get information about these cookies from third parties.
For more information on managing cookies, see the following pages:
11.6. Most web browsers allow default cookies. Without the full permission of cookies, the features of the website are not fully available to the visitor, and unforeseen problems with functionality and user experience may occur. Allowing, blocking, or deleting cookies and other similar technologies is controlled by the visitor through the browser settings, information society service settings, and privacy enhancement platforms.
12. RELEVANT DOCUMENTS, INSTRUCTIONS, PROCEDURES
12.1.1. The Processing Operations Register, which lists all purposes, ways, processes, types and categories of personal data and the corresponding basics for the processing;
12.1.3. Sikka’s Principles of Using Organisational and Technical Measures, which contain different measures that Sikka applies to have personal data confidential and secure;
12.1.4. All About Cookies: descriptions of cookies and other web technologies that Sikka uses.
13. CONTACTS AND INFORMATION
13.1. Important contacts for Sikka’s data subject:
13.1.1. If you have any questions about personal data, you can contact Sikka via e-mail: email@example.com.