PLASTIKAKIRURGIA FINEST’S PRIVACY NOTICE

Before we process your (our external data subjects, see Section 3 below) personal data, with this this Privacy Notice we provide you with the information according to Articles 13 and 14 of the GDPR. Our internal data subjects are e.g. our employees and shareholders, and they receive similar notifications separately.

1) CONTROLLER

Name: Plastikakirurgia Finest OÜ
Address: Kotka 12 C2, 11315 Tallinn, Estonia
Contact details: privacy@plastikakirurgiafinest.ee

2) DATA SUBJECTS AND PERSONAL DATA3) PURPOSE FOR PROCESSING4) LEGAL BASIS FOR PROCESSING
Customers and potential customers:
- contact details
- customer relationship data
Management and
development of customer
relationships

Management of photographs
and references on our
website

Direct marketing to our
customers:
- emails
- phone calls
Contract

- to perform the contracts to which we are a party

Consent
- if we receive your consent, we can process your photographs on our website

Our legitimate interest
- to manage and develop our customer relationships and further develop our business operations

NB! You have a right to opt-out of direct marketing each time we provide marketing to you.
Affiliates and potential affiliates:
yhteistyökumppanit:
- contact details
- affiliate relationship data
Management and development of affiliate relationshipsContract

- to perform the contracts to which we are a party to
Jobseekers:
- contact details
- CV
- possible registration data
- possible other data the data subject chooses to disclose to us
Management of job applications and jobseeker relationships

Compliance with legal obligations
Our legitimate interest
- to manage our jobseekers and possibly employ them

NB! You have a right forbid us from
processing your personal data.

Legal obligations
- to comply with several legal obligations as an employer
Persons who contact us, including social media contacts (e.g. persons who like our Facebook-page)
- contact details
- possible other data the data subject chooses to disclose to us
Management of contactsOur legitimate interest
- to manage contacts made to us

NB! You have a right forbid us from processing your personal data.
Persons receiving our direct marketing mailsDirect marketing to those who wish to receive itConsent
Persons visiting our website
- IP address
CookiesConsent (ePrivacy)

5) REGULAR SOURCES OF INFORMATION

Data regarding the data subject are regularly gathered:

Data subject:Sources of information:
Customers and potential customers- Customers
- Affiliates
Affiliates and potential affiliates- Affiliates
- Public sources, as in websites, postal services, Trade Register, etc.
Jobseekers- Jobseekers
Persons contacting us- Persons contacting us
Social media contacts- Social media
Persons visiting our website- Cookies

6) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

Data subjectsRetention period
6.1) Customers and potential customersNecessary data shall be retained for as long as is necessary, taking into consideration our field of business.

A customer shall always have a right to withdraw his/her consent concerning the use of his/her photographs and references on our website.
6.2) Affiliates and potential affiliatesNecessary data shall be retained for as long as is necessary, taking into consideration the nature of the relationship.
6.3) JobseekersNecessary data shall be retained for a period of twelve (12) months following the first contact made, if the jobseeker has not turned into our employee.
6.4) Persons who contact us (not including social media)Necessary data shall be retained for a period of three (3) years following the contact.
6.5) Social media contactsNecessary data shall be retained for as long as the data subject deletes his/her data.
6.6) Persons receiving direct
marketing through
Necessary data shall be retained for as long as the data subject wants to receive direct marketing.

6.7) However, we may retain only the necessary data of the data subjects for longer than is described
above, where we are required to do so by law, it is necessary due to legal proceedings and it is
necessary for any similar reason. We shall be careful not to apply this Section in vain.

6.8) We inspect the necessity of the personal data stored regularly and keep records of the inspections.

7) CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The recipients of personal data may consist of:

  • our affiliates
  • data storage service providers
  • accounting, legal and auditing service providers

8) INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA

We can transfer data outside the EU /EEA. When doing so, we ensure adequate safeguards for the data.
Such safeguards include e.g. model clauses, Privacy Shield and other such arrangements.

9) DATA SUBJECTS’ RIGHTS

The data subject has a right to use all of the below mentioned rights.

The contacts concerning the rights shall be submitted to the contact details stated in Section 2. The
rights of the data subject can be put into action only when the data subject has been satisfactorily
identified.

RightDescription
9.1) Right to inspectThe data subject has the right to inspect what, if any, data the controller has stored of her/him.
9.2) Right to rectify and erasureThe data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.
9.3) Right to restriction of processingThe data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.
9.4) Right to data portabilityThe data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract.
9.5) Right to objectWhere personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing.

Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law.
9.6) Automated individual decision-making, including profilingThe data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
9.7) Right to withdraw consentWhere the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

10) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject
considers that the processing of personal data relating to him or her infringes the GDPR. The complaint
can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged
infringement.

11) COOKIES

Cookies are small text files that a website stores on your device when you browse that website. Cookies
store data of your website use.

Our websites use cookies to improve our website. Cookies used to improve websites are a common part
of all modern websites. Our websites use e.g. Google’s and Youtube’s cookies.

You can control and/or remove cookies freely at the individual browser level. Instructions can be found
for example in here: aboutcookies.org.

12) SECURITY OF PROCESSING

We us all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect
personal information from unauthorized or inappropriate access. We restrict access to information
about data subjects only to those personnel that need to know the information e.g. for responding to
inquiries or requests made by the data subject..

13) MODIFICATIONS

We have a unilateral right to modify this privacy notice. The modifications take effect immediately when
we post the up to date version of our privacy notice to our website.