DATA PROTECTION

Forus Security AS information on the processing of personal data

Processing of personal data

Personal data, purpose of data processing and legal basis

Personal data is any information related to a person, such as name, personal identification code, e-mail, telephone number and other data related to a specific person.

Forus Security provides security services and related ancillary services and also uses personal data for this purpose.

Forus Security uses personal data primarily for the direct purpose of providing the service, as well as for market research, direct marketing, service development and quality assurance.

The main legal basis for the processing of personal data is a security service and other service agreement between Forus Security and a customer, as well as a legal basis or a customer's consent. The use of personal data may also be based on the legitimate interest of Forus Security or another person, of which we inform the customer separately.

Forus Security does not use personal data to make automated decisions if this leads to the restriction of the customer's rights (e.g. a negative decision).

Forus Security may use “Cookies” on its website by posting a respective notice on the website and asking for your consent.


Sources of personal data

Forus Security uses personal data for the provision of security services and related ancillary services and, for this purpose, generally receives the data from its contractual partner, i.e. a customer, during the performance of the contract. In the event that it is not possible to obtain the data necessary for the performance of the contract from the customer, the quality of service may suffer or the service may become more costly or otherwise unfavourable to the customer.

In addition to the data received from customers, we may, as an exception, receive data from other persons. For example, when signing a security service agreement, we may request data from the service provider that manages creditworthiness and payment default information to verify the customer's solvency. We also receive personal data from public registers.


Disclosure of personal data

Forus Security keeps personal data confidential and does not generally transfer personal data to any other person (a processor). As an exception, Forus Security provides personal data to the processor if it is necessary for the performance of an agreement signed with the customer, if there is the customer's consent or other legal basis. Forus Security transfers personal data to the processor under an agreement whereby the processor undertakes to keep the personal data confidential and to use it only for the purposes specified in the agreement. Forus Security may use processors and provide them with personal data in the provision of its services:

  •     to store personal data received during the performance of the agreement (server service);

  •     for the operation of ICT services (IT partners);

  •     for advertising and marketing purposes with regard to services (mail marketing services);

  •     to recover debts (collection companies, default registers).

  •     Forus Security does not transfer personal data to a third country outside the European Union and the European Economic Area, which does not have an adequate level of protection of personal data.


Retention of personal data

Forus Security retains personal data until it is necessary for the purposes for which it was collected. If personal data is no longer necessary, we will delete it. If the data relates to a legal relationship arising out of an agreement or law, we may retain the data for as long as it is necessary to file or defend our legal claim.


Rights:

According to the General Data Protection Regulation (EU) 2016/679 (GDPR), a person has the following rights:

a) to access their personal data and request that inaccurate data be rectified;

b) to request the erasure or restriction of processing of personal data;

c) to require the transfer of personal data;

d) to object to the processing of personal data;

e) to require not to be subject to a decision based solely on automated processing;

f) to withdraw consent for the processing of personal data at any time;

g) to submit a complaint against the processing of personal data with the data protection authority or courts.

Forus Security responds to inquiries regarding personal data when acting as a controller of personal data. When responding to inquiries, Forus Security complies with the provisions of the General Data Protection Regulation and other legislation.


Additional information

If you have any further questions regarding personal data, please email us at forus@forus.ee

Forus Haldus OÜ PRIVACY POLICY

1. About us

One of the main tasks of Forus Haldus OÜ, registry code 12858159 (“we”, “us”), while managing and servicing our customers’ real estate technical systems, is to find optimal balance between costs and convenience in order to maintain and extend the service life of the real estate and save customers’ money.

We are committed to ensure secure, well-thought-out and purposeful processing of personal data, which. among other things, helps increase our customers’ satisfaction. This Privacy Policy reflects our principles of personal data processing and related obligations, rights and responsibilities.

We are seated at Maakri Str. 19/1, Tallinn 10145, e-mail: haldus@forus.ee

2. Personal data and processing of personal data

As our customers are mostly legal entities, we process personal data in our day-to-day business mainly as a processor, but in certain cases also as a controller. As a controller, we receive personal data directly from the data subject ("You") when you contact Us (for example via our website) or visit our website ("cookies"). As a controller, we determine the purposes and means and conditions of personal data processing. As a processor, we receive personal data from legal entities (our customers) who are mainly companies that order services from us and companies that provide real estate-related services. When processing personal data as a processor, we do so in accordance with written instructions of a controller of personal data and, if there is a data processing agreement, in accordance with the agreement.

We process the following, but not limited to, personal data:

(1) personal data: first name, surname, personal identification code, date of birth;

(2) contact information: address, telephone number, e-mail address, language of communication;

(3) billing data, such as consumption data;

(4) information on the condition of the building, including conducting tests on the condition of the building.


3. Purposes of the processing of personal data

We process personal data for the following purposes:

(1) in connection with the provision of services and the preparation for the provision of services

(i.e. to perform the contract, to hold pre-contract negotiations);

(2) to exercise our rights and perform our obligations arising from the legislation (e.g. to perform accounting obligation);

(3) to process your requests and inquiries;

(4) to send you notices.


4. Legal bases for the processing of personal data

We process personal data in accordance with the requirements of the legislation applicable in Estonia. The legal basis for the processing of personal data is mainly the performance of customer agreement (the Privacy Policy section on the provision of services and preparation of services (i.e. for the performance of the contract and processing of your requests and inquiries;), as well as the performance of legal obligations (the Privacy Policy section on exercising our rights and performing our obligations arising from the legislation (e.g. to perform accounting obligation), your consent (the Privacy Policy section on processing your requests and inquiries) and our legitimate interest (the Privacy Policy section on notification).


5. Values and general principles applied to the processing of personal data

We always have a legal basis for processing personal data, i.e. we process personal data lawfully. We have set clear purposes for processing personal data and we only process personal data for those purposes.

We follow data minimisation principle when processing your personal data, i.e. we process only relevant and necessary personal data.

We make our best effort to protect your personal data. We implement various measures to protect personal data (physical, technical, organizational).

We only transfer personal data to those who have a legal right to receive it (authorities, supervisory authorities) or with whom we have signed a data processing agreement (our processors).

We retain personal data only for as long as it is required by law or agreement or is necessary for our business purposes. We will permanently delete your personal data once they are no longer necessary for the purposes they were collected or processed.


6. Cookies

We use "cookies" on our website, which you can accept when you decide to use our website. "Cookies" are small text files that are stored on the hard drive of the website visitor's computer. They help us improve the website services offered to you and make them more convenient for you.

We also use third-party "cookies": Google Analytics - We use it to analyse website traffic, to find out whether it's a new or returning visitor, which websites are being visited, how much time the visitor has spent on the website, and where our website visitors come from. This information is important to us so that we can better understand the behaviour of our website visitors and thereby improve the user experience of our website.

Google cookies allow us to provide you targeted ads and measure the effectiveness of such ads. As a visitor to our website, you can disable or restrict the storage of cookies on your device as you wish. You can also delete all cookies that have been stored on your device so far. To do this, you need to change the privacy settings of your personal browser. However, with cookies disabled or restricted, the website functionality may be limited.


7. Your rights regarding personal data

You have the right to access your personal data.

You have the right to request the correction of your personal data.

You have the right to be forgotten, i.e. you have the right to request that we delete your personal data.

In certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (e.g. if you have objected to the processing of personal data).

You have the right to object to the processing of your personal data if your personal data is processed based on our legitimate interest or public interest. 

You have the right to submit a complaint about the processing of personal data about us to the Data Protection Inspectorate (www.aki.ee). You can find more information about your rights in Chapter 3 of the General Data Protection Regulation. If you wish to exercise any of the above rights or ask questions about the protection of personal data, please send a respective request to the e-mail address haldus@forus.ee. Normally, we will respond to your request by e-mail no later than within one month. Please note that before we can provide you with the information you have requested regarding your personal data, we must verify your identity.

8. Disclosure of personal data

Your personal data is confidential. We only disclose personal data if we are obliged to do so according to the law. We disclose personal data to our processor only after having signed a written data processing agreement. The processing of personal data usually takes place within the European Economic Area (in addition to the EU Member States, also in Norway, Iceland and Liechtenstein). If we need to transfer personal data outside the European Economic Area, the transfer will be carried out in accordance with the requirements of the General Data Protection Regulation.


9. Retention of personal data

We retain personal data for as long as it is required or permitted by law or necessary to achieve the stated purposes. We retain personal data related to disputes until the claim expires. After the expiry of the retention period of personal data, we will permanently delete your personal data.


10. How to act in case of personal data breach?

Please notify us immediately of any personal data breach or threat of breach known to you by sending an email to haldus@forus.ee. We take the issue of personal data security very seriously and will respond immediately to any breach.

Additional information

If you have any further questions regarding personal data, please email us at forus@forus.ee