Last updated: 2021-03-30
What does the privacy policy entail? The privacy policy:
When processing your personal data, we comply with Estonian and European Union legislation.
We use this data for the purpose for which we collected the data and to the extent necessary to achieve that purpose. Once the objective has been attained, we delete the personal data.
The privacy notice provides you with information and guidelines for when you use our services or visit our websites. The privacy statement does not include information concerning the processing of data on the websites of other companies or services provided by them, even if you use those services with or in conjunction to Storadera’s services.
You may use our services either as a client of Storadera or as a service user on the basis of a contract by Storadera partners without having to have signed a contract with us. We are guided by the privacy notice in all of the following cases. If the client of our services allows the user to use services on the basis of a contract between them and Storadera, the client must also ensure that the user is familiar with the privacy notice.
We refer to the privacy statement and enable you to read it at the time of conclusion of a contract, as well as when providing a service and/or use of a website. The privacy notice is a document that conveys information to you and is not part of the contract signed with you or of the Terms and Conditions of Storadera.
Just as modern services, devices and solutions are evolving at a fast pace, so are the data processing activities necessary to provide those. We will do our best to keep the privacy statement up-to-date and available to you on the Storadera website www.storadera.com. We will notify you of the most significant changes that concern you in the privacy notice on our website, by email or in any other reasonable manner.
What is personal data and what kind of personal data does Storadera process?
Personal data (hereinafter also data) is data that is directly or indirectly linked to you as a private individual. For the sake of clarity, we group your personal data into the following categories based on their nature and sources. The source of personal data refers to through which channels or through whom the personal data reached Storadera.
Basic data
Basic data includes, for example: first name, surname, username, bank and/or credit card related information and other related information, address, e-mail address, information concerning services subscribed to, invoicing information (invoice address, reference number, invoicing address, etc.), etc.
Data collection sources: we obtain information from you and through your use of our services.
Service usage data
Service usage data includes details concerning mainly telemetry information of the transmission and storing of information to and from Storadera service, as well as related invoicing. This data reflects your activities when using Storadera services.
Data collection sources: we obtain information through your use of our services.
How do we collect your personal data?
We offer cloud storage services that you can use. In addition, we enable the use of customer service environments online. The composition of personal data collected thereby depends on which specific services you are using, what kind of data is needed to provide them, the extent to which data is being transmitted to us for this purpose (e.g., subscription to the service, registration as a user, etc.), and what kind of consent you give us for processing data.
When collecting data, we adhere to the principle of collecting as little data as needed, i.e., we only collect data that is necessary for attaining an objective.
We collect personal data in the following ways:
On what grounds and objectives do we process your personal data?
Any kind of processing of personal data must be justified. We have divided Storadera’s legal grounds for processing personal data into four groups: performance of a legal obligation, performance of a contract, legitimate interest of Storadera and your consent.
Similarly, we have grouped all objectives for processing your personal data based on those four legal grounds. Pursuant to this distribution, different storage terms apply to the grounds and objectives, and you have different rights and opportunities to influence and make choices regarding the processing of your personal data.
Legitimate interest
Legitimate interest means that we want to use personal data first and foremost to improve our services and service provision, for the development of services, websites, and for the promotion of client communication and business activities, all of which is not strictly necessary for the performance of a contract. This way we can provide our client with services, price solutions, servicing, etc. just like clients expect us to do. Additionally, we will be able to compile statistics necessary for making the right business decisions. We also process data on the basis of this ground, if it is necessary for documenting transactions made in the course of a business activity and for other business information exchanges. Based on legitimate interest, we will also process your basic data for the purpose of marketing analysis.
Legitimate interest is, above all, the balance between your and our rights. In modern client relations, it is assumed that the service provider will make the use of the service and servicing as simple and accurate as possible for the client. However, this can be best achieved if we are able to use your personal data to do so. However, we still need additional data processing, e.g., for the best use of our service and collected telemetry information, for improving and developing our systems, usage statistics, etc.
This overview concerning the processing of personal data on the basis of legitimate interest is not exhaustive. In the event of reasonable necessity and to a reasonable extent, we may process data on the basis of legitimate interest for other purposes as well, provided it is in compliance with legislation.
Since the need for processing personal data on the basis of legitimate interest does not arise directly from legislation or a contract, but at the same time, there is no need for your prior consent, we have solved this so that you can always contact us and ask for clarification, to submit an objection and refuse data processing for any of the following purposes.
The following are objectives that are linked to using data on the basis of legitimate interest.
| Objective | Data categories | Processor categories |
|---|---|---|
| General marketing activities | -Basic data | Marketing |
| Statistics on malfunctions, consumption, etc. (proactive service) | -Basic data -Service usage data | Development of Storadera services |
| General profiling of client groups | -Basic data | Marketing |
| Fraud prevention | -Basic data | Development of Storadera services |
| Data security | -Basic data | Development of Storadera services |
| Management of client relationships, electronic interaction with Storadera | -Basic data | Development of Storadera services |
| Storadera’s service development | -Basic data -Service usage data | Development of Storadera services |
| Storadera’s systems testing | -Basic data | Development of Storadera services |
| Ensuring Storadera’s revenue collection | -Basic data | Finance |
Consent based data processing
First and foremost, we ask for your consent for the use of data of our service usage, without which we could provide our services and websites, but without which personal service, user experience and convenience, not marketing would be complete or personalized.
We wish to use, with your consent, your usage data to determine your user behaviour and service usage habits and/or to derive, by using profiling methods, your service usage related expectations, preferences and needs in order to:
enhance user experience;
sales, apps or other online environments Storadera may develop in future;
| Objective | Data categories | Processor categories |
|---|---|---|
| Personalised marketing profiling A more detailed explanation of marketing profiling can be found down below | -Basic data | Marketing |
| Direct marketing (emails, usage data) | -Basic data | Marketing |
| Marketing analysis based on a client’s usage data | -Basic data -Service usage data | Marketing |
| Statistics based on a client’s usage data | -Basic data -Service usage data | Development of Storadera services |
| Improving service quality based on a client’s usage data | -Basic data -Service usage data | Development of Storadera services |
You can always withdraw your consent later via Storadera’s website or by submitting a new corresponding application in writing or in a format that can be reproduced in writing. Application or withdrawal of consent cannot have retroactive effect. Depending on the technical solution, providing and withdrawing consent in the information system can take up to a week to apply.
Your consent shall be valid until you withdraw it or until all contracts concluded with you expire.
The consent is valid both when you have concluded a contract with Storadera as well as when you are using Storadera’s services as an identified user set out in the contract concluded by another person, i.e. if you are a personalised user.
With your consent, we may, for marketing purposes, transmit communication data to third parties in order to send Storadera marketing messages to you in their applications, websites, social media channels, etc. (e.g. in Google applications, Facebook etc).
In general, the processing of your data, as a private client and as a user of a business client (e.g., when using services ordered and paid for by your employer), will be conducted according to similar rules. However, it is important to point out here that the choice made by you as a private client for the use of your data for marketing purposes does not extend to conducting marketing analysis concerning the business client in the extent that is necessary for making offers based on the business client’s use of our services, as the legitimate interest of the business client, as out contractual partner, is to receive offers that comply with their needs.
It is important that such an analysis is not based on a personalized approach, but on the total use of a particular business client and on the analysis of the service data set.
You can refuse such data processing by submitting a corresponding objection to Storadera.
Performance of a contract
The processing of personal data in order to perform a contract primarily manifests in allowing a certain result for our services and this cannot be achieved by avoiding the processing of personal data. We have identified what type of personal information we need to use for the provision of a service or product in order to ensure the quality level set out in the relevant contract, and are therefore able to keep the processing of personal data to a minimum. This includes the following objectives:
| Objective | Data categories | Processor categories |
|---|---|---|
| Pre-contractual relations (asking for an offer from Storadera) | -Basic data | Credit risk and debt |
| Automatic decisions (credit rating)More detailed information about automatic decisions and provision of credit rating can be found down below | -Basic data | Credit risk and debt |
| Servicing client relationships (concluding contracts, identification of a person, etc.) | -Basic data -Service usage data | Development of Storadera services |
| Ensuring contractual quality of a service | -Basic data -Service usage data | Development of Storadera services |
| Management of malfunctions that affect the client’s services and other incidents (notification, resolution) | -Basic data | Development of Storadera services |
| Invoicing (compiling and submitting invoices, collection of payments) | -Basic data | Finance |
| Provision of services | -Basic data -Service usage data | Development of Storadera services |
| Ensuring the security of Storadera’s services | -Basic data -Service usage data | Development of Storadera services |
| Detection and elimination of technical errors in Storadera services | -Basic data -Service usage data | Development of Storadera services |
| Calculation and management of fees related to the use of Storadera services | -Basic data -Service usage data | Finance |
Compliance with an obligation arising from legislation
Compliance with the obligations arising from the law stipulates data processing that we are required to conduct, as we as a service provider are required to do so by law.
If data processing is necessary for the performance of an obligation arising from law, we in Storadera cannot decide on the collection and recording of such personal data, nor can you. This includes the following objectives:
| Objective | Data categories | Processor categories |
|---|---|---|
| Accounting | -Basic data | Finance |
| Replying to inquiries from public authorities | -Basic data | Legal |
| Mandatory creditworthiness assessment when granting credit | -Basic data | Credit risk and debt |
| Notifying a supervisory authority and person of violations that have occurred | -Basic data -Service usage data | Legal |
What is marketing profiling?
For Storadera, profiling for marketing purposes refers to data processing in which we process your data with data processing technologies, by using various methods of statistical or mathematical or predictive analysis for creating various links, probabilities, correlations, patterns, models, marketing profiles, etc. As a result of the aforementioned, we can predict or derive your expectations, preferences and needs regarding the consumption of services offered by us.
The distinction between profiling and other automatic marketing data processing is that profiling will help derive or predict additional data concerning you (see examples down below) which may result in non-compliance with reality.
How do we use marketing profiling?
You have the right to file an objection, at any time, concerning the processing of marketing data that is linked to you, including profile analysis for marketing purposes, by notifying Storadera of this.
What kind of automatic decisions concerning you do we make?
Credit rating
In the case of providing services under credit conditions, we conduct background research concerning the client, the result of which will be expressed with a credit rating.
Your credit rating is updated regularly..
When determining a credit rating, we collect:
During manual review, we use additional sources as well (search engines, judicial decisions search, etc.).
Debt management
If the client does not pay the debt, despite the debt notifications sent to them, automatic restriction of services will be carried out and you will not be able to use your service to the regular extent.
With respect to the automatic decisions made concerning you, you have the right to request that these decisions are reviewed by an employee of Storadera.
For how long do we store your personal data?
We will store your personal data for the period required to attain the objectives stated in the privacy statement, or until the legal obligation stipulates that we do so.
It should be taken into account here that in certain cases, exceptions apply to maturities, for example, some automatic maturities do not apply in case of debts. Neither do these rules apply to storing anonymous data, as in that case, we are no longer dealing with personal data.
The following is a summary table with examples of our principles on storing personal data. This is not a complete list and more precise storage terms can be accessed when reviewing your personal data (see below):
| A storage term after which the personalized data that we hold will be erased or anonymized on the assumption that no identifiable features remains (in some cases that can be debt that is due) | Examples |
|---|---|
| After 2 years | -Events linked to a client (consultation, general offers)-Potential clients who have wanted price offers or information on technical readiness, but have not signed up as clients |
| After 7 years | -Financial data of an inactive client |
| After 10 years | -Accounting data (incl. contracts from their termination) |
| Unspecified terms | -Service usage data-Valid authorised contact person and linked contact person |
How do we ensure secure processing of your data?
We implement the necessary organisational and info-technological security measures to ensure the integrity, availability and confidentiality of the data. These measures include the protection of employees, information, IT infrastructure, as well as office premises and technical equipment.
The purpose of information security activities is to implement the appropriate level of protection of information, risk mitigation and risk prevention. We ensure the security of the communication network and the confidentiality of the message contents and form of messages sent by you, as well as the time and method of sending them, in accordance with terms and conditions that apply to Storadera services and with legislation. The measures required for this are implemented by Storadera’s internal security regulations. If necessary, we will specify, on our website, the specific measures that we can use to ensure the security of our services.
Our employees are subject to data confidentiality and protection requirements, personal data protection training is provided to them, and employees are liable for fulfilling their obligations.
Our partners are required to ensure that their employees comply with the same rules as we do, and their employees are liable for meeting the requirements for the use of personal data.
What can you do to protect your personal data?
Even though we at Storadera put a lot of emphasis on keeping your personal data safe and secure, you yourself also have an important role in ensuring the success of those aims.
Prior to disclosing your personal data to third parties or entering it somewhere, consider who will receive the data and how securely it will be stored.
Disclosing passwords, personal identification documents data and other sensitive information and tools and sharing those with others is neither a permissible step nor a reasonable decision. In the case of communication and internet services, it must be taken into account that by enabling access to your data (e.g., on our website), either due to your own negligence or any other reason), you will be providing access to service details, invoicing information and data of associated persons.
If you suspect that your personal data has been processed contrary to our privacy notice or that your information has been disclosed to strangers, be sure to inform us as soon as possible. This way we can solve the situations as quickly as possible and help minimize potential losses.
What are your rights in relation to your personal data?
The right of access to your data
You have the right to access your personal data that Storadera has at any time. Additionally, you have the right to be informed of the objectives of data processing and the storage terms of the data. Access to the data is possible through the self-service environment. To do this, you need to properly authenticate yourself in advance and submit a corresponding application to us. We have the right to reply to such inquiries within 30 days.
The right to amend personal data
If you have discovered incorrect data when reviewing your data or if your personal data has changed, you can always change it by yourself at our self-service.
The right to be forgotten
In certain cases, you have the right to have your personal data deleted. This applies especially to the processing of data on the grounds of consent and legitimate interest. This includes, for example, marketing profiles and the like. However, the complete deletion of personal data is often not possible, as we use data for other purposes as well, in relation to which the early deletion of such data is not allowed due to contractual or legal reasons.
The right to submit objections
You have the right to object, at any time, to any activity regarding the processing of your personal data that is conducted on the grounds of legitimate interest. When submitting an objection, we will consider legitimate interests and, if possible, will stop processing the relevant data.
This right cannot be used in a situation where we are required to compile, submit or defend a legal claim (e.g., we believe that a person has breached the contract and therefore have to turn to a court or other law enforcement agency to protect our rights).
The right to restrict the processing of your personal data
In certain cases, you have the option of restricting the processing of personal data by explicitly informing us through our self-service. This right can only be exercised in the following cases:
However, you should take into account that this right requires a very precise formulation of the objective and may, in some cases, result in temporary suspension of services.
The right to transfer data
The right to transfer data gives you additional control over your personal data. Due to nature of our service we have solved the exercising of this right in the same way as the access to personal data on the self-service.
The right to turn to Storadera or a supervisory authority and a court
If you would like to receive additional information about the use of your personal data or assistance with exercising your rights on the self-service, you can always contact us at info@storadera.ee.
If you are concerned that your personal data has been handled with negligence or contrary to the content of the privacy notice, you can always notify our personal data protection expert at info@storadera.ee.
You are always entitled to contact the public institution dealing with data protection or the court to protect your privacy rights and personal data.
On using cookies in our websites
Similarly to other websites, Storadera’s websites use the technology of cookies. The use of
cookies are linked to all of the four aforementioned legal grounds mentioned, that is, we need cookies due to legal obligations, to ensure the quality of service set out in the contract, to provide more personalized and convenient services, as well as for marketing purposes with consent from you.
Cookies are small text files uploaded to the user’s computer via the website’s server. As a result, the web browser can send information of the cookie back to the website during every new visit to the e- environment, in order to recognise the user.
Cookies may be disabled in your browser settings, if you have selected this option. Keep in mind that in some cases it may slow down the browsing of a website, reduce the functionality of certain websites or prevent access to them.
As a rule, we use data collected with cookies for the following purposes:
Functional cookies and provision of services: Cookies are very important for the functioning of our website and electronic services and allow us to streamline user experience. For example, if the user wants, they do not have to enter their username, password and personalization options every time they log into our service.
Development of services: By tracking cookies, we can improve the functioning of our website and electronic services. For example, we can get information on what are the most popular parts of our website, which websites our users will pass by, from which websites they come from and how much time they spend at our website.
Usage analysis: We use cookies to compile statistics on the number of visitors to our websites and online services, and we also evaluate the effectiveness of advertisements.
Directing marketing: By using cookies, we can also collect information about the displaying of advertisement or specific browser-targeted content by creating different target groups.
We may combine the information obtained with cookies with information about you in other ways, e.g., with information about services used.
Our websites may have links to third-party websites, products and services, as well as social media extensions (e.g., Facebook plugins, Google Analytics) for marketing and statistics purposes. Third-party services or third- party applications on our websites are subject to the privacy protection rules of third parties. We recommend that you acquaint yourself with the personal data protection practices of data concerning such persons.
If you have any questions, concerns or feedback please contact us at info@storadera.com