WEBSITE PRIVACY POLICY

www.edutec-a.eu

I. PRIVACY AND DATA PROTECTION POLICY

In compliance with the applicable legislation, Edutec-a (hereinafter also the “Website”) undertakes to adopt the technical and organisational measures required, in accordance with the appropriate level of security for the risk associated with the data collected.

Laws incorporated into this Privacy Policy

This Privacy Policy is adapted to the current Estonian and European regulations on the protection of personal data on the internet. In particular, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995.

Identity of the Data Controller

Address: Telliskivi tn 57, 10412 Tallinn, Estonia
Contact email: info@edutec-a.eu

Register of Personal Data

In compliance with the GDPR, we inform you that the personal data collected by Edutec-a through the forms on its pages will be incorporated and processed in our files for the purpose of facilitating, streamlining and fulfilling the commitments established between Edutec-a and the User, or for maintaining the relationship established through the forms completed by the User, or for responding to any request or enquiry. Likewise, in accordance with the GDPR, unless the exception in Article 30(5) GDPR applies, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and other circumstances established in the GDPR.

Principles applicable to the processing of personal data

The processing of the User’s personal data shall be subject to the following principles set out in Article 5 GDPR:

  • Lawfulness, fairness and transparency: The User’s consent will always be required, with full transparency regarding the purposes for which their personal data are collected.
  • Purpose limitation: Personal data will only be collected for specified, legitimate and explicit purposes.
  • Data minimisation: Only the personal data necessary for the intended purposes will be collected.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage limitation: Personal data will only be kept in a form that allows identification of the User for as long as necessary for the purposes of processing.
  • Integrity and confidentiality: Personal data will be processed in a manner that ensures its security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  • Accountability: The data controller will be responsible for ensuring compliance with the above principles.

Categories of personal data

The categories of data processed by Edutec-a are limited to identification data only. Under no circumstances are special categories of personal data processed, as defined in Article 9 GDPR.

Legal basis for processing personal data

The legal basis for processing personal data is consent. Edutec-a undertakes to obtain the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, the withdrawal of consent will not affect the use of the Website.

In cases where the User must or may provide their data through forms in order to make enquiries, request information, or for reasons related to the content of the Website, they will be informed if completing any form is mandatory because the data are necessary for the proper execution of the requested operation.

Purposes of processing personal data

Personal data are collected and managed by Edutec-a in order to facilitate, streamline and fulfil the commitments established between the Website and the User, or to maintain the relationship established through the forms completed by the User, or to respond to a request or enquiry.

Additionally, data may be used for commercial purposes, such as personalisation, operational and statistical purposes, and activities related to Edutec-a’s corporate purpose, including data extraction, storage and marketing studies, in order to tailor the content offered to the User and improve the quality, functionality and navigation of the Website.

At the time of data collection, the User will be informed of the specific purposes for which their personal data will be processed.

Retention periods for personal data

Personal data will only be retained for the minimum time necessary for the purposes of processing and, in any case, only for the following period: until the User requests its deletion.

At the time of data collection, the User will be informed of the period during which personal data will be retained or, where this is not possible, the criteria used to determine that period.

Recipients of personal data

The User’s personal data will not be shared with third parties.

In any case, at the time of data collection, the User will be informed of the recipients or categories of recipients of the personal data.

Personal data of minors

In accordance with Article 8 GDPR, only persons over 14 years of age may give consent for the lawful processing of their personal data by Edutec-a. If the data subject is under 14 years of age, the consent of their parents or legal guardians will be required for processing, and it will only be considered lawful if authorised by them.

Confidentiality and security of personal data

Edutec-a undertakes to adopt the technical and organisational measures necessary, according to the appropriate level of security for the risk associated with the data collected, in order to ensure the security of personal data and prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised disclosure of or access to such data.

The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data are transmitted securely and confidentially, since the transmission of data between the server and the User, and its return, is fully encrypted.

However, since Edutec-a cannot guarantee the absolute invulnerability of the internet or the complete absence of hackers or other parties who may fraudulently access personal data, the data controller undertakes to notify the User without undue delay in the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons. According to Article 4 GDPR, a personal data breach is any breach of security leading to the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or to unauthorised disclosure of or access to such data.

Personal data will be treated confidentially by the data controller, who undertakes to ensure that such confidentiality is respected by its employees, partners and any person to whom the information is made accessible.

Rights arising from the processing of personal data

The User has the following rights in relation to Edutec-a and may exercise them before the data controller:

  • Right of access: The right to obtain confirmation as to whether or not Edutec-a is processing personal data and, where that is the case, access to the specific personal data and information about the processing carried out, including the origin of the data and the recipients of communications made or envisaged.
  • Right to rectification: The right to correct inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): The right to have personal data erased when they are no longer necessary for the purposes for which they were collected, the User has withdrawn consent, there is no other legitimate basis for processing, the data have been unlawfully processed, or the data must be erased to comply with a legal obligation.
  • Right to restriction of processing: The right to restrict processing when the accuracy of the data is contested, processing is unlawful, the controller no longer needs the data but the User needs them for legal claims, or the User has objected to processing.
  • Right to data portability: The right to receive personal data in a structured, commonly used and machine-readable format and to transmit them to another controller where processing is carried out by automated means.
  • Right to object: The right to object to the processing of personal data or to stop processing by Edutec-a.
  • Right not to be subject to automated decision-making, including profiling: The right not to be subject to decisions based solely on automated processing, including profiling, unless otherwise provided by law.

The User may exercise their rights by sending a written communication to the data controller with the reference “GDPR – www.edutec-a.eu”, specifying:

  • The User’s full name and a copy of their identification document.
  • The request, including the specific reasons for the request or the information to be accessed.
  • An address for notifications.
  • Date and signature of the applicant.
  • Any document supporting the request.

This request and any attached documents may be sent to the following address or email:

Postal address: Telliskivi tn 57, 10412 Tallinn, Estonia
Email: info@edutec-a.eu

Links to third-party websites

The Website may include hyperlinks or links that allow access to third-party websites not operated by Edutec-a. The owners of such websites will have their own data protection policies and will be responsible for their own files and privacy practices.

Complaints before the supervisory authority

If the User considers that there is a problem or an infringement of the applicable regulations regarding the processing of their personal data, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular in the country of their habitual residence, place of work, or place of the alleged infringement. In Estonia, the supervisory authority is the Data Protection Inspectorate.

II. USE OF COOKIES

Edutec-a uses cookies in accordance with the cookie policy provided by the Website.

Scroll to Top