Privacy Policy

We pay great attention to the confidentiality of the data of our Clients. Using the services of the Project, you have honoured us with your trust and we appreciate it. We make every effort to keep your personal data safe. We always act in the interests of our Clients and do not hide information about the processing of your personal data. In this document, we will try to simply describe to you how we process your personal data. In addition, we will explain how you can contact us if you have any questions regarding your personal data. We may from time to time make amendments or additions to the Privacy Policy. We recommend that you check this page regularly to keep yourself informed of the latest changes. Should we make changes to the Privacy Policy that affect you directly (for example, if we intend to process your personal data for purposes other than those previously specified in this Privacy Policy), we will notify you of such changes before starting new activities. If you do not agree with this Privacy Policy, we ask you to refrain from using our services.

Type of personal data we collect

When you use our services, we ask you to provide certain information: your name and surname, date of birth, country of residence, settlement, valid document proving your identity. You can also specify additional data yourself in the documents being attached. In addition, we may collect some data from your computer, phone, tablet or other device that you use to access our services, for example, IP address, language settings.

Cases, in which we share your data with third parties

In some cases, government or other competent authorities may submit an inquiry to obtain your personal data if required by law. We do not sell or share your personal data.

Security procedures we use to protect your personal data

We carry out all proper security procedures to the appropriate extent to prevent unauthorized access to the personal data of our Clients, which we process, or their unlawful use. Here you can read a more detailed description. We follow all the relevant security procedures prescribed by the new GDPR — the regulation entered into force in May 2018 in order to prevent unauthorized access and unlawful use of the personal data of our Clients. We use appropriate corporate systems and procedures to protect and safeguard the personal data provided to us. We also use security procedures and apply technical and physical restrictions for the use of personal data and getting access to them on the servers we use. Only employees of the Company with special rights have the right to access the personal data of our Clients, in the process of performing their duties on the Project maintenance. We store the personal data of our Clients for a period that we consider necessary so that you could use our services and we could provide you our services (including maintaining a user’s Personal Account, in case it has been created), in compliance with applicable law, for resolving disputes with any parties, as well as for other purposes that allow us to conduct business, including detection and prevention of fraudulent or other illegal actions. This Privacy Policy applies to all personal data of our Clients stored by us. If you have any questions regarding the specific storage period of a certain type of your personal data processed by us, you can contact us using the contact data listed below. In accordance with the requirements set forth in the new GDPR regulation, which entered into force in May 2018, our Clients have additional rights and opportunities: “The right to be forgotten”: if the Client no longer wants his or her personal data to be processed, and provided that there is no legal basis for their preservation, the data will be deleted. This right deals exclusively with protecting the privacy of Clients, and not with erasing past events and/or restricting freedom of the press. However, this does not mean that at the first request submitted by the Client to the Resource Administration, all his or her personal data must be deleted immediately and permanently. If, for example, data storage is necessary to fulfil the Contract with this Project, or to comply with legal obligations to third parties, the data can be stored for as long as necessary for this purpose and is determined by the relevant agreements. “Simplified access to your data”: the Client will be provided with all comprehensive information on how his or her data are processed and this information must be available in an understandable way. “Right to data portability”: the Client will be provided with all comprehensive information about what personal data are transmitted to the Portal service providers. “The right to know when the data were hacked”: the Project Administration undertakes to notify the national supervisory authority of any actions taken by third parties in relation to the personal data of Clients, which jeopardize their safety, as well as to inform Clients of all committed high-risk violations as soon as possible so that both supervisory authorities and Clients could take appropriate measures. Data protection in accordance with the Project and by default: “Data protection in accordance with the Project” and “Data protection by default” on our Project are important elements in the EU Data Protection Rules. Data protection tools will be built into products and services from the earliest stage of their development and operation, and standard settings that ensure confidentiality are the norm – both on this Portal and its mobile applications. Special protection for children: this Project applies special requirements to the personal data of children. The Project Administration additionally notifies children of all kinds of risks, consequences, guarantees and the Administration’s rights regarding the processing of personal data. This Privacy Policy stipulates that consent to the processing of data on a child must be granted to the Project Administration or the processing must be authorized by a person who has parental responsibility for the child. The age threshold for EU member states is in the range of 14 to 16 years. Children receive a clearer right to be forgotten, based on a written request from one of the owners of parental responsibility for the child. The purpose of this Privacy Policy is to protect children from coercion to exchange personal data without a full understanding of the consequences. However, these requirements must not prevent adolescents from using the Internet to obtain information, advice, education, etc. In addition, the consent of the owner of parental responsibility must not be necessary in the context of preventive or counseling services offered directly to the child.

How you can control your personal data

You can always use the right to familiarize yourself with all your personal data stored with us. An overview of all personal information can be obtained by sending a relevant request to the email address indicated on the website or using the feedback form. The Project Administration has specially created and provides all its Clients with tools to gain control over their personal data, the protection of which is one of the fundamental rights in the European Union. This Privacy Policy is guided by the requirements of the new GDPR — the regulation, which entered into force in May 2018 to protect the personal data of EU citizens, in order to strengthen their rights and trust in the entire Internet space in general and this Project in particular.

Who is responsible for the processing of personal data on the website and how to contact us

We control the processing of personal data in accordance with the requirements of the new GDPR — the regulation, which entered into force in May 2018, and this Privacy Policy. If you have questions regarding the Privacy Policy and/or the processing of your personal data, please contact our data protection specialist at info@tarmin.ee or using the feedback form. Requests from law enforcement must be sent to info.law@tarmin.ee, in accordance with the procedure described here: Law Enforcement Guidelines.

How we transfer your data to third parties

1. To third-party organizations — service providers: we use service providers that are not part of the Project to support services. These providers provide support services that include:

• fraud detection and prevention, including fraud screening services;

• payment services: we use third-party providers to process payments and refunds or provide collection services. If you are a bank card holder, then in order to make a payment we will need to transfer some of your card details to the payment service provider and the relevant financial institution.

• To the competent authorities: we transfer personal data to law enforcement agencies to the extent that is required by law and/or is strictly necessary to prevent, detect or suppress criminal acts and fraud, or if we are in any other way  legally bound to transfer them. In addition, we may need to transfer personal data to the competent authorities to protect our rights or property, as well as the rights and property of our business partners.

2. This Privacy Policy gives our Clients more control over their personal data, in accordance with the requirements of the new GDPR – the regulation, which entered into force in May 2018, and will facilitate access to them. The requirements are designed to protect the personal information of people – no matter where it is sent, processed or stored – even outside the EU as it is often happens on the Internet.

How messages are processed on the Project

We have access to your messages, and we can use automated systems to review, scan and analyze all messages sent to us for the purposes of: security, fraud prevention, compliance with legal and regulatory requirements, identification of potentially illegal actions, development and improvement of our Portal products, sociological research, attracting and informing Clients, including providing you with information and offers that, in our opinion, may interest you, as well as providing client or technical support. We reserve the right, at our sole discretion, to block the delivery of messages or to view messages if we believe that they may contain malicious content, spam, or may constitute a danger to you and other users. All messages sent or received using the messaging tool will be received and stored in the system. User activity tracking: we do not use user activity tracking on any devices.

Transfer of personal data

The transfer of personal data of Users specified in this Privacy Policy excludes the transfer of personal data to the countries where the legislation on the protection of personal data is not as elaborated and extensive as in the countries of the European Union. In cases established by EU law and in accordance with the requirements of the new GDPR – the regulation, which entered into force in May 2018, we are obliged to transfer personal data only to those recipients who provide the appropriate level of their protection. In such circumstances (if applicable), we conclude special agreements to ensure the protection of your personal data in accordance with European standards. Should you need a copy of such agreements, you can request it by contacting us using the contact data listed on the website. They are designed to protect the personal information of people – no matter where it is sent, processed or stored – even outside the EU as it is often happens on the Internet. The Project Administration pays special attention to strengthening the rights of individuals, its Clients, in order to strengthen the EU internal market, ensure more strict compliance with the rules, optimize international transfers of personal data and establish global standards for data protection.

How your personal data are transferred to other persons

We can share your data for the following purposes:

A. Providing client support at requests for succession of a Personal Account and/or its part;B. Detection, prevention and investigation of fraudulent and other illegal activities, as well as data leaks;                      
C. Providing you with personal offers or sending marketing materials with your consent or in other cases permitted by law;
D. providing services (for example, payment processing services);
E. Compliance with applicable laws.
For the purpose of “E” – it is assumed that transfer of personal data occurs in compliance with legal requirements (for example, upon receipt of requests from law enforcement agencies, copyright infringement requests).

Scroll to Top