Here you will find the full information about the data processing principles of VITS Solutions OÜ (VITS). VITS seeks to be your trustworthy partner in Personal Data Processing who respects your rights and is an example to others on the market.
1.1 Data Subject is a natural person on whom VITS has information, or information with which the natural person can be identified. Data Subjects are, for example, natural persons who are a Client’s employees, Website Visitors, cooperation partners, and employees on whom VITS holds Personal Data.
1.3 Personal Data is information relating to an identified or identifiable natural person.
1.4 Personal Data Processing is any operation performed on the Data Subject’s Personal Data. For example, collecting, recording, organising, storing, altering and disclosing, allowing access to, querying and extracting, using, transmitting, cross–checking, combining, blocking, erasing or destroying Personal Data, or several of the aforementioned operations, regardless of the manner in which the operation is performed and the means used.
1.5 Client is a legal person who uses or has requested to use the Services of VITS.
1.6 Agreement is the Service provision or other type of agreement concluded between VITS and a Client.
1.7 General Terms and Conditions set out the general terms and conditions that apply when entering into an agreement with VITS.
1.8 Website is the website of VITS with the URL www.vits.ee.
1.9 Visitor is a person who uses the VITS website, including creating a user in the VITS online environment.
1.10 Child is a person under 13 years of age when providing information society services in the Republic of Estonia, in the context of Personal Data Processing.
1.11 Services are any services provided by VITS, primarily the document preparation and management platform related to activities pertaining to health and safety at work.
1.12 Cookies are data files that are sometimes stored on the device of the Website Visitor.
1.13 Sales Channels are the ways of communicating with the Data Subject,
the tools created for selling goods and providing services used by VITS. This includes, for example, e–mail, telephone, public and social media, various chatlines, customised and interactive advertising, and other similar tools on websites and elsewhere.
Agreement and the General Terms and Conditions.
2. GENERAL PROVISIONS
2.1 VITS is the legal person VITS Solutions OÜ, registry code 14232518, location 16 L. Koidula St, 90502, Haapsalu, Estonia.
2.2 VITS can Process Personal Data:
(1) as a data controller, by determining the purposes and means of processing;
(2) as a data processor, following the instructions of the data controller;
(3) as a data recipient to whom Personal Data is transmitted.
VITS uses the following data processors:
(1) Google Analytics, whose servers are located in the European Union, and in some cases outside the European Union (data from only those Visitors who create a User Account in the VITS online environment);
(2) Zone Virtual Server, whose servers are located in the European Union.
Here you will find the principles that VITS always follows when Processing your
all reasonable measures shall be implemented to ensure that Personal Data that
are incorrect from the perspective of Personal Data Processing shall be erased
or amended immediately;
data processor, VITS always Processes data following the Agreement between the
Client and VITS, ensuring the security of Personal Data and other requirements
to a data processor.
Here you will find information about how we collect Personal Data.
4.1 VITS collects the following types of Personal Data, among others:
name, e–mail address, company name, user type (position in the company), but
also other similar types of personal data if required);
(2) Personal Data created during ordinary communications between the Data
Subject and VITS (such as e–mail address, first and last name and other similar
(3) Personal Data that have been made manifestly public by the Data Subject (e.g.
via social media);
(4) Personal Data created during the consumption of Services;
(5) Personal Data created as a result of visits to, and usage of the Website (e.g. time
spent on the Website);
(6) Personal Data gathered from third parties.
Here you will find information
about for which purposes and on
what basis we can Process your
BASIS OF PROCESSING
5.1 VITS Processes the Personal Data of Website Visitors (but only those Visitors who have created a User Account) in order to obtain an overview of whether Clients and Visitors begin to use VITS, how much and at what times.
5.2 To Process these types of Personal Data, VITS uses the services of Google Analytics.
5.3 VITS Processes Personal Data exclusively on the basis of consent or the law. Legal basis for Personal Data Processing includes a legitimate interest or an Agreement concluded between the Data Subject and VITS or an Agreement concluded between the Client and VITS.
5.4 VITS Processes Personal Data on the basis of consent exactly within the limits, to the extent, and for the purposes defined by the Data Subject. With consent, VITS follows the principle that each request for consent must be clearly distinguishable from other questions, in a comprehensive and easily accessible form, and in clear and simple language. Consent may be given both in written or in electronic form or as an oral statement. The Data Subject gives consent voluntarily, specifically, knowingly and unambiguously by, for example, ticking a box on the Website.
5.5 Upon concluding and performing the Agreement, Personal Data
Processing may be further set out in the specific Agreement, however VITS can Process Personal Data for the following purposes:
(1) to take measures prior to concluding an Agreement at the request of the Data Subject;
(2) to identify the Client to the extent required by due diligence;
(3) to fulfil obligations to the Client regarding the provision of Services;
(4) to communicate with the Client;
(5) to ensure the Client’s compliance with payment obligations;
(6) to file, realise or defend claims.
5.6 In order to enter into an employment contract on the basis of an
agreement and a legitimate interest, the Processing of Personal Data of an applicant by VITS includes the following:
(1) Processing the data submitted to VITS by the job applicant for the
purpose of concluding an employment contract;
(2) Processing the Personal Data received from the person included as a
referee by the job applicant;
(3) Processing the Personal Data collected from national databases and
registries, as well as from public (social) media.
If the job applicant is not selected, VITS shall store the Personal Data
collected for the purpose of concluding an employment contract for
two years in order to make an offer to the job applicant in the event
that a suitable position becomes vacant. The Personal Data of an
unsuccessful job applicant shall be erased two years from the
submission of the job application.
5.7 Legitimate interest means the interest of VITS in managing and leading its company in order to offer the best possible Services on the market. VITS Processes Personal Data on a legal basis, only after a thorough evaluation in order to ensure that VITS has a legitimate interest on the basis of which Processing Personal Data is required and in accordance with the interests and rights of the Data Subject (after the completion of the so–called three–step test). In particular, the Processing of Personal Data based on legitimate interest may be carried out for the following purposes:
(1) to ensure a trustworthy client relationship, e.g. Processing Personal Data that is strictly necessary to identify the beneficial owners or to prevent fraud;
(2) to manage and analyse the client base in order to improve the accessibility, selection and quality of Services and products, and to provide the Client with better and more personalised offers if they consent to this;
Websites, mobile applications and other Services. VITS uses the data
collected to conduct web analysis or to analyse mobile and information
society services, to ensure functioning, improvement, to generate statistics, and to analyse User behaviour and User experience, as well as to provide a better and more personalised Service;
(4) to organise campaigns, including organising personalised and targeted campaigns, carrying out Client and Visitor satisfaction surveys, and measuring the effectiveness of marketing activities carried out;
(5) to analyse the Client and Visitor behaviour in various Sales Channels and on Websites;
(6) to monitor customer service. VITS may record notifications and orders
given in their own location and via means of communication (e–mail,
telephone, etc.), as well as information and other operations that VITS has
carried out, and use these recordings to prove orders or other operations,
(7) for reasons of network, information and cyber security, e.g. to fight piracy and to ensure Website security, as well as to take measures to backup and store data;
(8) for organisational purposes. Primarily for financial management and for intra–group transmitting of Personal Data for reasons of internal management, including for Processing Personal Data of Clients or employees;
(9) to establish, introduce or defend legal claims.
5.8 In order to fulfil legal obligations, VITS Processes Personal Data to fulfil obligations set out in the law or to implement uses permitted by law. For example, legal obligations arise when processing payments or complying with money laundering rules.
5.9 If Personal Data Processing is carried out for a new purpose, different from that for which the Personal Data were originally collected, or if it is not based on the consent of the Data Subject, VITS shall carefully assess the admissibility of this new type of Processing. When assessing whether Processing for a new purpose is in accordance with the purpose that the Personal Data were originally collected for, VITS shall take into account, among other things:
(1) the connection between the purpose for which the Personal Data were
collected and the purpose for the planned further Processing;
(2) the context for collecting Personal Data, in particular the connection between the Data Subject and VITS;
(3) the type of Personal Data, in particular whether the Processing is performed with a special type of Personal Data or with Personal Data associated with criminal convictions and offences in criminal matters;
(4) the potential consequences of the planned further Processing to the Data Subjects;
(5) whether appropriate defence measures are in place, including
encrypting and pseudonymisation.
Here you will find information
about when we may transmit
your Personal Data to our
6.1 VITS cooperates with persons to whom VITS may transmit data related to Data Subjects, including Personal Data, in the context of cooperation activities and for cooperation purposes.
6.2 These third parties may include advertising and marketing partners, companies conducting customer satisfaction surveys, debt collecting service providers, credit registers, IT–partners, (e–)mail service providers or mediators, authorities and organisations, on the condition that:
(1) the relevant purpose and Processing are lawful;
(2) Personal Data Processing takes place in accordance with the instructions of VITS and on the basis of a valid agreement.
6.3 VITS only transmits Personal Data outside the European Union if the country has sufficient protection in place; protective measures have been agreed on (e.g. binding intra–group rules or standard data protection clauses); the Data Subject has clearly and deliberately consented to this type of transmission; the transmission is unambiguously required under the agreement concluded with the Data Subject; the transmission is not repetitive, concerns only a limited number of Data Subjects, is necessary for the purposes of compelling legitimate interests pursued by VITS which are not overridden by the interests or rights and freedoms of the Data Subject, and all the circumstances surrounding the data transmission
have been assessed and suitable safeguards with regard to the protection of Personal Data have been provided, or if there is another legitimate basis for it. VITS shall notify the Data Protection Inspectorate of transmissions based on legitimate interest.
Here you will find a description of
how we protect your Personal Data
and where to find information
about the storage periods for
7.1 VITS stores Personal Data for strictly the time period necessary, depending on whether the Visitor or Client is using the Services of VITS or whether there is cause to think that they will do so in the future.
Personal Data with an expired storage period shall be destroyed according to best practices and in accordance with the relevant procedures set by VITS.
7.2 In the event that any incident involving Personal Data takes place, VITS shall implement all necessary measures to mitigate the consequences and to manage relevant risks in the future. Among other things, VITS shall record all incidents and notify the Data Protection Inspectorate and the Data Subject where required directly (e.g. via e–mail) or publicly (e.g. via the news).
The Services of VITS are not
intended for Children.
8.1 The Services of VITS, including information society services, are not intended for Children.
8.2 VITS does not knowingly collect information on persons below 13 years of age, i.e. Children, and in cases where this is done, we shall follow the wishes of the parent or guardian (including consent to send products addressed to the Child’s name).
8.3 In the event that VITS becomes aware of having independently collected Personal Data from a Child or about a Child, VITS shall do its best to cease the Processing of such Personal Data.
Your Personal Data belong to you and here you will find information about your
rights in regard to protecting your Personal Data.
9. RIGHTS OF THE DATA SUBJECT
9.1 Rights related to consent:
(1) The Data Subject has a right to notify VITS at any time with a request to withdraw their consent to Personal Data Processing.
9.2 The Data Subject also has the following rights related to Personal Data Processing:
(1) Right to information i.e. the Data Subject has the right to receive information about Personal Data collected on them.
(2) Right of access to the data, including the Data Subject’s right to obtain a copy of the Personal Data being Processed.
(3) Right to rectify incorrect Personal Data. The Data Subject also has the
option to rectify incorrect data on their User Account.
(4) Right to erasure i.e. in certain cases the Data Subject has the right to request that the Personal Data be erased, for example when Processing is carried out solely on the basis of consent.
(5) Right to restrict the processing of Personal Data. This right arises, for
example, when Personal Data Processing is not permitted on a legal basis or when the Data Subject contests the accuracy of Personal Data. The Data Subject has the right to request that the Personal Data be restricted for a period of time that would enable the data controller to verify the accuracy of the Personal Data, or if the Personal Data Processing is unlawful, but the Data Subject does not request that the Personal Data be erased.
(6) Right to data portability i.e. the Data Subject has a right in certain cases to receive the Personal Data in a machine–readable format or to transmit those data to another data controller.
(7) Rights relating to automated Processing mean, among other things, that the Data Subject has the right to object at any time, on grounds relating to their particular situation, to the Processing of their Personal Data which is based on automated decision–making. To be clear – VITS can Process Personal Data for making automated decisions that promote business (e.g. in the context of marketing to segment Visitors in order to target them with personalised messages, in the context of employment to ensure that our employees follow internal security rules). Automated Processing can partly be based on data collected from public sources. You have a right to avoid any decisions based on automatic Personal Data Processing, if these can be categorised as profiling.
(8) Right to an evaluation by a supervisory authority on whether the
Processing of a Data Subject’s Personal Data is lawful.
(9) Right to compensation.
Here you will find information about how to request explanations or how and where
to submit a complaint.
10. EXERCISING RIGHTS AND SUBMITTING COMPLAINTS
10.1 Exercising rights. The Data Subject has the right to contact VITS in relation to a question, request or complaint involving Personal Data Processing, using the contact details listed in clause 13.
10.2 Submitting complaints. The Data Subject has the right to contact VITS, the Data Protection Inspectorate, or the court with a complaint if the Data Subject finds that their rights have been violated by Personal Data Processing. Contact details for the Data Protection Inspectorate can be found on their website: http://www.aki.ee/
Here you will find information about what Cookies or other technology we use and how you can control the use of these technologies.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.2 VITS uses the data collected to enable the provision of the Service in accordance with the habits of the Visitor or the Client; to ensure the best Service quality; to inform the Visitor and the Client about the content and to make recommendations; to make adverts more relevant and to enhance marketing efforts; to facilitate logging in and data protection. Data collected are also used to count Visitors and to record their usage habits.
11.3 VITS uses session, persistent and advertising Cookies. Session Cookies are automatically erased after each visit; persistent Cookies are kept if the Website is visited repeatedly, and advertising and third party Cookies are used by the Websites of partners of VITS that are connected to the VITS Website. VITS does not control the creation of these Cookies, therefore information about these Cookies can be obtained from third parties.
11.5 Most web browsers allow Cookies. Website functionality is not available to Visitors without fully allowing Cookies. Allowing or disabling Cookies and other similar technologies is under the control of the Visitor via their web browser settings, the settings of information society services, and platforms that enhance this kind of privacy.
Here you will find our contact details.
12. CONTACT DETAILS AND INFORMATION
12.1 Contact details relevant to Data Subjects of VITS:
(1) VITS can be contacted in matters relating to Personal Data via the e–mail address firstname.lastname@example.org.
13. OTHER CONDITIONS
-Applicable to existing Visitors and Clients
-Applicable to new Visitors and Clients
We don’t just demo. We offer insights
Our experts will show how VITS can benefit your company