Solarstone OÜ is an enterprise manufacturing BIPV solutions.
We collect, retain and use personal data for the provision of best product solutions, service and fulfil our contracts. Solarstone processes personal data carefully and according to law, respecting the natural person’s right for the protection of personal data. These data protection policy rules extend to all offers, contracts (including sales contracts), oral agreements (in the form of offer and accept) between Solarstone and natural persons. Data protection policy is an integral part of offers and contracts.
1. Data processor and controller
The processor and controller of personal data is Solarstone OÜ, register code 12916046, address Tallinna tn 58, Viljandi, Estonia, e-mail firstname.lastname@example.org.
2. Data subjects, personal data categories and origin
Solarstone is processing personal data of clients, partners (natural persons or employees of legal persons) and employees. We receive personal data directly from clients when he or she contacts us with the intent to purchase products or order services. We receive personal data directly from partner when he or she contacts us with the intent to sell us products or provide services.
We are processing following personal data:
- personal data and contact details, e.g. first name, surname, personal identification code, residential address, e-mail address, telephone numbers;
- data of legal person’s representatives, e.g. first name, surname, personal identification code, residential address, e-mail address, telephone numbers;
- payment and finance data, e.g. payment method, account number, bank and card data, data of financial behaviour;
- data concerning purchase of products and using services, e.g. method of delivery, reclamations;
- data of communication, e.g. data inserted in our web contact form, data changed via e-mails, messages, social media platforms;
- online identifier, e.g. cookies data.
Please note that upon deficiency of data listed in p-s 1-5, we may not be able to conclude or fulfil contracts.
We use personal data from following third persons:
- national registers, commercial register, population register or other public source or register. We collect and use this data to confirm data accuracy.
- business partners if we have your consent or it is enabled by law.
3. Purpose and legal grounds of processing personal data
We are processing personal data to:
- identify data subject;
- conclude, alter or fulfil our sales or service contracts;
- conclude, alter or fulfil our contracts with partners and employees;
- precontractual negotiations;
- proceed inquiries and applications by clients or partners, including via web;
- solve claims or guarantee demands by clients or partners;
- exercise rights and obligations arising from legislation;
- fulfil accounting and audit obligations;
- in the legitimate interests of Solarstone to avoid violation of law or damage;
We are processing personal data in accordance with EU regulations and Estonian legislation.
In order to provide you with the best possible service and price quotes we may need to transfer your personal data to external organizations including our service providers and business partners (Certified Partners). All such transfers will be in compliance with the General Data Protection Regulation (GDPR) and will only be made where necessary for the purpose of providing you with our services. We have taken appropriate technical and organizational measures to ensure the protection of your personal data during the transfer. You have the right to request information about the transfer agreements and the measures we have taken to ensure the protection of your personal data.
4. Principles of processing personal data
We are following principles upon processing personal data:
- legality and fairness – personal data is processed legally and fairly;
- purposefulness – personal data is collected for specified, explicit and legitimate purposes and it shall not be processed in any manner which is incompatible with these purposes;
- quality – personal data must be adequate and appropriate and must not be excessive given the purposes of the data processing;
- accuracy – personal data must be accurate and, if necessary, kept up to date; reasonable measures are taken to ensure that any personal data which is inaccurate with respect to the purpose of data processing shall be erased or rectified without delay;
- retention – personal data is retained in the format which enables to identify the data subject only until this is necessary for achievement of the purpose for which the personal data is processed;
- security – personal data is processed in a manner that ensures appropriate security thereof, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by means of implementing appropriate technical or organisational measures. We apply physical, technical and organisational measures to protect personal data and manage risks. We follow risk and keep them reasonably under control.
5. Rights of data subjects
Natural person has following rights according to General Data Protection Regulation:
- Right for information –right to know which personal data is retained and how it is processed.
- Right for rectification of the personal data of the data subject – right to demand for rectification of insufficient and false personal data.
- Right to withdraw consent for processing personal data – if processing of personal data is done with consent, this consent can be withdrawn.
- Right to erasure (‘right to be forgotten’) – right to demand that we delete personal data. We have the right to decline – if processing of personal data is necessary for compliance with legal obligations, for exercising the right of freedom of expression and information, for the establishment, exercise or defence of legal claims or for reasons of public interest.
- Right to restriction of processing – data subject has the right in certain cases to restrict or limit processing of personal data (e.g if the data subject has objected to processing)
- Right to object – the data subject has the right to object to processing of personal Fata concerning him or her, which we shall respond within reasonable time.
- Right to data portability – if processing of personal data is based on consent and is automatic, the data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format.
- Automated individual decision-making, including profiling – if we have notified person of making decisions based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, the person may demand not to be subject to a decision based solely on automated processing,
- Complaint procedure. Person has the right to file a complaint to the Estonian Data Protection Inspectorate (address Tatari 39, Tallinn, e-mail email@example.com, telephone + 372 627 4135). Additional information on website ee.
We ask you to send questions concerning processing of personal data to our e-mail firstname.lastname@example.org.
6. Confidentiality of personal data
We keep your personal data confidential. Personal data is not disclosed to third persons, unless data subject has explicitly asked for it or given consent, it is enabled by law or obligations towards Solarstone are not fulfilled. We have the right to use personal data for protecting our rights and forward data for the protection of our rights to third persons (court etc). If we ask another company to process personal data under subcontract, we shall use service provider guaranteeing us compliance with General Data Protection Regulation (including security measures). Personal data is processed in European Economic Area (EU countries, Norway, Iceland and Lichtenstein). If transmission of personal data outside European Economic Area is required, it is done according to General Data Protection Regulation.
7. Retention of personal data
Retention period is as long as it is obligatory or permitted by law or necessary for the interests of our business. The retention period of personal data processed for legal obligations is as long as such obligation is valid (e.g. obligation to preserve accounting source documents for seven years according to Accounting Act). The retention period of personal data concerning fulfilment of contract or dispute is the limitation period of claim. If the term for retention of personal data expires, we erase personal data permanently.
8. Security measures
Solarstone has implemented processing rules, organizational, technical (including IT) and physical security measures to protect personal data. Security measures apply to all information systems, processes of human activity, including employees, suppliers, clients and service providers. Solarstone retains personal data for minimum period necessary and erases it upon the end of retention period. Solarstone follows EU regulations and Estonian legislation of personal data protection.
9. Profile analysis and automated decision making
Solarstone does not perform automated processing, including automated processing of personal data with the aim of evaluating, analysing and estimating personal aspects of natural persons, including aspects connected to natural person’s work results, economic situation, health, personal preferences, interests, credibility, actions or location. Solarstone does not perform automated processing, including with the aim to evaluate personal data to make decisions limiting rights and liberties of a natural person.
Accepting cookies is consenting to the rules of this policy.
If you prefer not to receive cookies, you may set your browser to refuse all cookies. For that activate private browsing or cookies blocking function in your browser. Different browsers provide different measures on how to manage cookies. More information about how to manage cookies can be found on Data Protection Inspectorate webpage https://www.aki.ee/. Please note that if you opt out of the cookies, we cannot be sure that our website will function.
11. Data Protection Policy and Changes
Data protection rules are available on Solarstone website.
By using or interacting with the website or our services, you, as a user of our website or as our client, agree to the provisions of this policy and confirm that you have read and understood all of the provisions stated in the policy.
Data Protection Policy is renewed according to the relevant changes in data processing.