Forus Security AS information on the processing of personal data
Processing of personal data
Personal data, purpose of data processing and legal basis
Personal data is any information related to a person, such as name, personal identification code, e-mail, telephone number and other data related to a specific person.
Forus Security provides security services and related ancillary services and also uses personal data for this purpose.
Forus Security uses personal data primarily for the direct purpose of providing the service, as well as for market research, direct marketing, service development and quality assurance.
The main legal basis for the processing of personal data is a security service and other service agreement between Forus Security and a customer, as well as a legal basis or a customer's consent. The use of personal data may also be based on the legitimate interest of Forus Security or another person, of which we inform the customer separately.
Forus Security does not use personal data to make automated decisions if this leads to the restriction of the customer's rights (e.g. a negative decision).
Forus Security may use “Cookies” on its website by posting a respective notice on the website and asking for your consent.
Sources of personal data
Forus Security uses personal data for the provision of security services and related ancillary services and, for this purpose, generally receives the data from its contractual partner, i.e. a customer, during the performance of the contract. In the event that it is not possible to obtain the data necessary for the performance of the contract from the customer, the quality of service may suffer or the service may become more costly or otherwise unfavourable to the customer.
In addition to the data received from customers, we may, as an exception, receive data from other persons. For example, when signing a security service agreement, we may request data from the service provider that manages creditworthiness and payment default information to verify the customer's solvency. We also receive personal data from public registers.
Disclosure of personal data
Forus Security keeps personal data confidential and does not generally transfer personal data to any other person (a processor). As an exception, Forus Security provides personal data to the processor if it is necessary for the performance of an agreement signed with the customer, if there is the customer's consent or other legal basis. Forus Security transfers personal data to the processor under an agreement whereby the processor undertakes to keep the personal data confidential and to use it only for the purposes specified in the agreement. Forus Security may use processors and provide them with personal data in the provision of its services:
to store personal data received during the performance of the agreement (server service);
for the operation of ICT services (IT partners);
for advertising and marketing purposes with regard to services (mail marketing services);
to recover debts (collection companies, default registers).
Forus Security does not transfer personal data to a third country outside the European Union and the European Economic Area, which does not have an adequate level of protection of personal data.
Retention of personal data
Forus Security retains personal data until it is necessary for the purposes for which it was collected. If personal data is no longer necessary, we will delete it. If the data relates to a legal relationship arising out of an agreement or law, we may retain the data for as long as it is necessary to file or defend our legal claim.
According to the General Data Protection Regulation (EU) 2016/679 (GDPR), a person has the following rights:
a) to access their personal data and request that inaccurate data be rectified;
b) to request the erasure or restriction of processing of personal data;
c) to require the transfer of personal data;
d) to object to the processing of personal data;
e) to require not to be subject to a decision based solely on automated processing;
f) to withdraw consent for the processing of personal data at any time;
g) to submit a complaint against the processing of personal data with the data protection authority or courts.
Forus Security responds to inquiries regarding personal data when acting as a controller of personal data. When responding to inquiries, Forus Security complies with the provisions of the General Data Protection Regulation and other legislation.
If you have any further questions regarding personal data, please email us at firstname.lastname@example.org
Forus Turvateenused AS PERSONAL DATA PROCESSING INFORMATION SHEET
1.1. Forus Turvateenused AS offers a wide range of security services to customers in various industrial and private customer segments. In the course of business, Forus Turvateenused may collect, store, disclose or otherwise process personal data.
1.2. Forus team is committed to and ensures the privacy and security of personal data, in accordance with data protection regulations. This information sheet contains general information on how Forus Turvateenused processes personal data in the course of its core business, what are the rights of data subjects and how to contact Forus regarding questions about the processing of personal data.
1.3. The personal data processing information sheet is available on the Forus website at https://era.forus.ee/andmekaitse, for more information email us at email@example.com. Forus has the right to update this information sheet, as necessary.
1.4. If you have any further questions regarding the processing of your personal data by Forus, please contact us via the contact address given above.
2. GENERAL DATA PROTECTION POLICY
2.1. Forus Turvateenused AS values and respects your privacy, and security of personal data. Personal data is any information related to an already identified or identifiable person (the data subject is a natural person, not a legal person)
2.2. Forus Turvateenused ensures the implementation of the following principles in its business activities:
- the processing of personal data is carried out lawfully, fairly and transparently;
- the processing of personal data takes place specifically for business process purposes, in accordance with the General Data Protection Regulation and other principles arising from law, personal data is not processed for any other purposes;
- when processing personal data, we process only the data that is necessary and related to the purpose of the data processing;
- the personal data processed are accurate and, where necessary, kept up to date;
- we retain personal data which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; When processing personal data, we follow the data minimisation principle;
- we ensure the security of personal data processing (administrative, technical and organizational measures). Personal data is protected against loss, destruction or other damage, as well as against unauthorized or illegal processing.
2.3. When processing personal data, we follow the principle of specific purpose and legitimacy, see Section 4 “Purposes of the processing personal data: Why we process your personal data”. Personal Data Doc 306
legal grounds for processing are described in Section 5 “Legal grounds for the processing of personal data”.
3. CATEGORIES OF PERSONAL DATA TO BE PROCESSED
3.1. Forus Turvateenused processes in the course of its business activities the following personal data:
- information necessary for signing an agreement (e.g. name, position, personal identification code, address, e-mail, telephone number or other contact details, bank account details, name of the guarded object); - performing video analysis in the control center in case of an alarm at the customer's site - data related to an offense.
3.2. When you apply for a job at Forus, we may ask you for the following information:
- your first name and surname, contact information;
- CV, cover letter and references;
- date of birth and/or personal identification number;
- your address;
- certificates proving your education;
- certificates proving your language skills;
- your identity document details;
- your profile picture;
- Your criminal record from the Criminal Records Database.
4. PURPOSES OF THE PROCESSING OF PERSONAL DATA
4.1. The collection and processing of personal data in relation to the aforementioned categories of personal data is necessary for Forus Turvateenused as part of our legitimate business processes. More particularly, we process personal data for the following purposes:
- sales of security products and services;
- in connection with customer management, such as answering customer inquiries and questions, customer
satisfaction surveys or resolving customer complaints related to products and services;
- performance of contractual obligations related to suppliers and sub-contractors (e.g. completion of customer’s order
and installation of equipment by a subcontractor);
- personnel management in accordance with law;
- administrative purposes related to the Forus Group;
- complying with the requirements of state and local government agencies and persons performing public
- accounting purposes;
- operations related to the customer's credit rating; - in connection with debt collection services.
5. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
5.1. Forus Turvateenused processes personal data in accordance with the General Data Protection Regulation and on the following basis:
5.1.1. data subject's consent - Forus Turvateenused may process your personal data with your consent. In such a case, it must be ensured that the consent is given voluntarily, is specific to the purpose of the processing and is clear and unambiguous;
5.1.2. processing under an agreement - We process your personal data in cases when it is necessary to ensure the performance of contractual obligations agreed between you and Forus Turvateenused, or if it is necessary to sign an agreement on the basis of your request or order;
5.1.3. on a legal basis - The processing of your personal data may be necessary and due to Forus Turvateenused to be able to fulfil its legal obligations;
5.1.4. for vital considerations - It may be necessary to process your personal data if it is related to vital considerations (e.g. in the event of an accident where a Forus Turvateenused security officer transmits the victim's data to the Alarm Center);
5.1.5. overriding reasons relating to the public interest - it may be necessary to process your personal data if there are overriding reasons relating to the public interest;
5.1.6. in the case of a legitimate interest - The processing of your personal data may be necessary if it is based on a legitimate interest, but these interests must not outweigh the fundamental rights of the data subject or conflict with the General Data Protection Regulation.
6. TO WHOM IS Forus Turvateenused ALLOWED TO DISCLOSE YOUR PERSONAL DATA
6.1. Forus Turvateenused may disclose your personal data to other Forus Turvateenused entities within the Forus Group, to subcontractors, business partners and their representatives in order to achieve the aforementioned purposes. See Section 4 “Purposes of the processing of personal data: Why we process your personal data”.
6.2. Under specific conditions required by law, Forus Turvateenused may disclose personal data to state and local government agencies and persons performing public functions.
6.3. Forus Turvateenused discloses personal data to authorized parties only if these parties are able to ensure the protection of personal data and the rights of data subjects.
7. HOW LONG IS PERSONAL DATA RETAINED
8. Forus Turvateenused strictly follows the data minimisation principle when retaining your personal data. According to this principle, personal data will not be retained by Forus Turbvateenused for longer than is necessary to fulfil the obligations arising from the agreement or other purposes mentioned above, see Section 4 “Purposes of the processing of personal data: Why we process your personal data”.
9. Please also note that Forus Turvateenused may be obliged to retain personal data on the grounds set out in the General Data Protection Regulation or for any other period of time provided by law. The grounds and terms of storage of various evidence are described in the register of evidence of Forus Turvateenused AS.
9.1. Forus Turvateenused regularly monitors the personal data in its possession in order to ensure the deletion or anonymisation of data for which there are no bases for processing.
10. RIGHTS OF THE DATA SUBJECT
10.1. Right to request information about the data processed about you: the data subject may request access to their personal data processed by Forus. Upon request, we will provide a copy of the data we process with regard to the data subject. If you request additional copies, we may ask you to compensate for the costs related to additional copies. If the data subject requests information about the data to be processed about him/her electronically (e.g. via e-mail), we will provide information about the processed data in a generally used electronic format.
10.2. Right to rectification: the data subject has the right to request the rectification of personal data concerning him/her by notifying the controller thereof in writing. The notification must be clear and specify which data need to be corrected.
10.3. Right to be forgotten: the data subject has the right to request the deletion of personal data concerning him/her in the following cases:
- the processing of personal data is based on the consent of the data subject and the data subject has decided to withdraw the consent;
- personal data are no longer necessary for the purpose for which they are processed;
- the data subject does not consent to the use of his/her personal data for direct marketing purposes;
- the data subject has objected to the processing of his/her personal data (see “Right to object” below) and it has become apparent that the data subject's rights or other personal interests outweigh the legitimate interest of Forus Turvateenused in processing the personal data;
- the personal data concerning the data subject have been collected illegally (e.g. consent has not been correctly requested);
- personal data concerning the data subject must be deleted on legal grounds.
10.4. Right to object: the data subject has the right to object to the processing of his/her personal data (or part of it) any time if the data is used for profiling or direct marketing purposes. The data subject has the right to object to the processing of his/her personal data if the processing is based on the legitimate interests of Forus Turvateenused. In the latter case, Forus Turvateenused will terminate the processing of the data subject's personal data, except in cases where Forus Turvateenused processes personal data in accordance with the law or if such processing is necessary to fulfil any legal obligations.
10.5. Right to restriction of processing: the data subject may at any time request restriction of the processing of his/her personal data in the following cases:
- personal data may be incorrect;
- the processing is unlawful;
- Forus Turvateenused no longer needs the personal data for the purposes of the processing; or it is being examined whether the legitimate interests of Forus Turvateenused in the processing of personal data outweigh the bases stated in the data subject's objection.
10.5.1. Right of withdrawal: if the processing of personal data is based on the data subject’s consent, the person has the right to withdraw the consent at any time.
10.6. We will respond to the request within one month after receiving and registering the request. This period may be extended by two months, if necessary, taking into account the complexity and volume of the application. We shall notify the data subject of any such extension and the reason for it within one month of receiving the request. If possible, we will also provide information electronically to a request sent electronically, unless the data subject requests otherwise. If we do not consider it possible to take action on the data subject 's request, we will inform you without delay and at the latest within one month of receiving the request, stating the reasons for not taking action and explaining that the data subject can complain to the local supervisory authority (www.aki.ee) and to seek legal remedy.
10.7. Applications sent to Forus Turvateenused must be digitally signed by the applicant or, if the application is submitted to the Forus Turvateenused office, an identity document of the applicant is required to identify the applicant, and a copy of the document.
10.8. If the data subject wishes to submit a complaint to the state supervisory authority due to a possible breach of the processing of personal data, please contact the local Data Protection Inspectorate (www.aki.ee);
11. HOW Forus Turvateenused ENSURES THE SECURITY OF PERSONAL DATA
11.1. Forus Turvateenused attaches great importance to ensuring the security of personal data. For this purpose, administrative, technical and organizational measures have been taken to ensure the security and confidentiality of personal data. Measures taken to protect personal data must ensure that the data are protected against unauthorised access, loss, misuse, transfer to third parties, alterations or destruction.
You can always find the latest version of Forus Turvateenused AS information sheet in the footer of our website: Data protection
If you have any further questions regarding personal data, please email us at firstname.lastname@example.org
1. About us
One of the main tasks of Forus Haldus OÜ, registry code 12858159 (“we”, “us”), while managing and servicing our customers’ real estate technical systems, is to find optimal balance between costs and convenience in order to maintain and extend the service life of the real estate and save customers’ money.
We are seated at Maakri Str. 19/1, Tallinn 10145, e-mail: email@example.com
2. Personal data and processing of personal data
As our customers are mostly legal entities, we process personal data in our day-to-day business mainly as a processor, but in certain cases also as a controller. As a controller, we receive personal data directly from the data subject ("You") when you contact Us (for example via our website) or visit our website ("cookies"). As a controller, we determine the purposes and means and conditions of personal data processing. As a processor, we receive personal data from legal entities (our customers) who are mainly companies that order services from us and companies that provide real estate-related services. When processing personal data as a processor, we do so in accordance with written instructions of a controller of personal data and, if there is a data processing agreement, in accordance with the agreement.
We process the following, but not limited to, personal data:
(1) personal data: first name, surname, personal identification code, date of birth;
(2) contact information: address, telephone number, e-mail address, language of communication;
(3) billing data, such as consumption data;
(4) information on the condition of the building, including conducting tests on the condition of the building.
3. Purposes of the processing of personal data
We process personal data for the following purposes:
(1) in connection with the provision of services and the preparation for the provision of services
(i.e. to perform the contract, to hold pre-contract negotiations);
(2) to exercise our rights and perform our obligations arising from the legislation (e.g. to perform accounting obligation);
(3) to process your requests and inquiries;
(4) to send you notices.
4. Legal bases for the processing of personal data
5. Values and general principles applied to the processing of personal data
We always have a legal basis for processing personal data, i.e. we process personal data lawfully. We have set clear purposes for processing personal data and we only process personal data for those purposes.
We follow data minimisation principle when processing your personal data, i.e. we process only relevant and necessary personal data.
We make our best effort to protect your personal data. We implement various measures to protect personal data (physical, technical, organizational).
We only transfer personal data to those who have a legal right to receive it (authorities, supervisory authorities) or with whom we have signed a data processing agreement (our processors).
We retain personal data only for as long as it is required by law or agreement or is necessary for our business purposes. We will permanently delete your personal data once they are no longer necessary for the purposes they were collected or processed.
We use "cookies" on our website, which you can accept when you decide to use our website. "Cookies" are small text files that are stored on the hard drive of the website visitor's computer. They help us improve the website services offered to you and make them more convenient for you.
We also use third-party "cookies": Google Analytics - We use it to analyse website traffic, to find out whether it's a new or returning visitor, which websites are being visited, how much time the visitor has spent on the website, and where our website visitors come from. This information is important to us so that we can better understand the behaviour of our website visitors and thereby improve the user experience of our website.
Google cookies allow us to provide you targeted ads and measure the effectiveness of such ads. As a visitor to our website, you can disable or restrict the storage of cookies on your device as you wish. You can also delete all cookies that have been stored on your device so far. To do this, you need to change the privacy settings of your personal browser. However, with cookies disabled or restricted, the website functionality may be limited.
7. Your rights regarding personal data
You have the right to access your personal data.
You have the right to request the correction of your personal data.
You have the right to be forgotten, i.e. you have the right to request that we delete your personal data.
In certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (e.g. if you have objected to the processing of personal data).
You have the right to object to the processing of your personal data if your personal data is processed based on our legitimate interest or public interest.
You have the right to submit a complaint about the processing of personal data about us to the Data Protection Inspectorate (www.aki.ee). You can find more information about your rights in Chapter 3 of the General Data Protection Regulation. If you wish to exercise any of the above rights or ask questions about the protection of personal data, please send a respective request to the e-mail address firstname.lastname@example.org. Normally, we will respond to your request by e-mail no later than within one month. Please note that before we can provide you with the information you have requested regarding your personal data, we must verify your identity.
8. Disclosure of personal data
Your personal data is confidential. We only disclose personal data if we are obliged to do so according to the law. We disclose personal data to our processor only after having signed a written data processing agreement. The processing of personal data usually takes place within the European Economic Area (in addition to the EU Member States, also in Norway, Iceland and Liechtenstein). If we need to transfer personal data outside the European Economic Area, the transfer will be carried out in accordance with the requirements of the General Data Protection Regulation.
9. Retention of personal data
We retain personal data for as long as it is required or permitted by law or necessary to achieve the stated purposes. We retain personal data related to disputes until the claim expires. After the expiry of the retention period of personal data, we will permanently delete your personal data.
10. How to act in case of personal data breach?
Please notify us immediately of any personal data breach or threat of breach known to you by sending an email to email@example.com. We take the issue of personal data security very seriously and will respond immediately to any breach.
If you have any further questions regarding personal data, please email us at firstname.lastname@example.org