General Principles of Processing Personal Data
The appropriate processing of personal data is taken very seriously at Itella Estonia OÜ (Itella). This includes fair and transparent processing, and acknowledging and complying with the principles of data protection.
When processing personal data, Itella follows the applicable data protection laws, international data protection legislation and the provisions, orders, instructions and recommendations laid down by the competent data protection authorities.
Personal data means any information relating to an identified or identifiable natural person (e.g. contact details: name, telephone number, postal address, e-mail address as well as the data arising upon sending inquiries, feedback or e-mails).
We process personal data of Itella’s customers, i.e. users of services, in order to perform our contractual obligations.
Itella processes personal data based on a legitimate interest in the following events: to avoid violations of law or prevent damage, for the purposes of strengthening the security of technical systems or payments, to develop business activities and elaborate new Services (data analyses, market surveys and customer polls, etc., are conducted), to manage risks of business activities, to file reclamations and, in certain events, for direct marketing purposes.
Processing of personal data is made transparent so that the data subject has the right to gain knowledge of the processing of their data in Itella. Transparency also requires that, if necessary, the decisions, choices and implementations and the grounds for them can be shown from documents in connection to the processing of personal data.
The safeguards and controls for protecting the personal data processed by Itella are selected based on a risk assessment. This way, risks are assessed based on the needs of the business as well as based on the data subjects and the information regarding them.
When a subcontractor processes Itella’s personal data for Itella, Itella is responsible for ensuring that the subcontractor processes data according to the same principles as Itella.
Any misuse or malpractice of personal data or a threat posed to them are investigated, and they are reported and communicated according to the severity of the case.
Itella’s target is to always comply with the following data protection principles when processing personal data at Itella:
- Lawfulness, fairness and transparency
Personal data must be used in a lawful, fair and transparent manner from the perspective of the data subject.
- Purpose limitation
Personal data must be collected for a specified, explicit and legitimate purpose and not processed further in a manner that is incompatible with the original purpose.
- Data minimisation
Personal data must be adequate, relevant and limited to what is necessary for those purposes for which the data is processed.
Personal data to be processed must be valid, accurate and updated, if necessary.
- Storage limitation
Personal data can only be stored for as long as is necessary for fulfilling the purpose.
- Authenticity, integrity and confidentiality
Personal data must be processed in a manner that ensures appropriate data security, including protection from unlawful or unauthorised processing and accidental destruction, loss or damage (data security).
Itella’s target is to always be able to demonstrate with both documents and practice that it complies with the abovementioned principles (accountability).