Welcome to genekas24.ee or profilegrupp.ee (hereinafter the website), a website operated by Osaühing Genekas24, registration code 16524219 (hereinafter we/us). We operate these websites and this privacy policy will, among other things, provide you with an overview of how and what personal data we process, why we do so and how we protect personal data.

Our aim is to provide our clients with the best solutions, including expert advice, and to this end, some processing of personal data is necessary. The processing of personal data is carried out in accordance with the principles described in the privacy policy and by emphasising the privacy of clients.

Our contact details:

Osaühing Genekas24
Registry code 16524219
Soometsa tee 11, Uulu, Häädemeeste vald
Pärnumaa 86502, Estonia 
E-mail: info@profilegrupp.ee

Our privacy policy provides information on:

1. our principles and values (clause 1);
2. who the controller and processor of the personal data are (clause 2);
3. the category of personal data being processed (clause 3);
4. the purpose of and legal basis for the processing of personal data (clause 4);
5. your rights concerning your personal data (clause 5);
6. security measures for personal data (clause 6);
7. the use of cookies (clause 7);
8. conduct upon breach of personal data processing regulations (clause 8);
9. disclosure of personal data (clause 9);
10. retention of personal data (clause 10);
11. where to find the privacy policy in effect (clause 11).

1. Our values and general principles in regard to the processing of personal data

We act in compliance with the law, ie we always have a legal basis for processing personal data and we process personal data on that basis. The processing is intelligible, understandable and fair to the person whose personal data we process.

We are purpose oriented, ie we determine the legitimate purpose for the processing of personal data and process personal data only for that purpose. We disclose the objective for which we process personal data in a clear and understandable way.

We collect personal data to the minimal extent, ie we collect only relevant and necessary personal data whereby we adhere to the objective of the processing of personal data. We do not collect more personal data than necessary.

We maintain the accuracy of personal data, ie we will update personal data as necessary and correct personal data, the accuracy of which is relevant for the purposes for which it is being processed.

We choose our partners carefully, ie we transfer personal data to our own processors with whom we have previously concluded a data processing agreement. We expect and require our contractors to be ethical and diligent in the processing of personal data and to keep personal data secure.

We protect personal data, ie we treat the processing of personal data with care and do our best to ensure that personal data is protected. We implement a range of measures (physical, technical and organisational) to protect personal data against unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access.

A restriction on retention means that we will retain personal data for as long as retention is required by law or authorised under an agreement, or is necessary for achieving the purposes set out in the privacy policy. We retain personal data relating to disputes until the claim expires. After the expiry of the retention period, we will erase the personal data permanently.

2. Our role as a processor of personal data

Our clients are both natural and legal persons.

We process personal data both as a data controller and processor. As a data controller, we determine the purposes and means of the processing of personal data. As a data processor, we follow the written instructions of the data controller when processing personal data. 

We process the personal data of our clients who are natural persons as a data controller, as well as the personal data of those who contact us through our website who are not our clients (you).
As a data processor, we process the personal data of our clients who are legal persons, representatives of our cooperation partners who have provided us their personal data.

3. Processed personal data

Personal data is data that can be associated, directly or indirectly, with you as a natural person and which makes it possible to identify you with reasonable effort.

When you contact us through our website, by email or by phone, we will process your personal data. 

If you are a representative of one of our clients who is a legal person, we will receive your personal data in the course of entering into and performing the agreement.

Where we process personal data on the basis of consent, we will ask for consent in a clearly identifiable and intelligible manner and we are aware that the consent can always be withdrawn.

We mainly process the personal data that is necessary for the performance of a sales agreement.

We process, inter alia, the following personal data:

(1) personal data, eg first name, surname;

(2) contact details, eg telephone number, address, including email address;

(3) data related to the performance of the sales agreement, such as your delivery address, your residency, gender, country of residence etc, including inquiries, complaints, information regarding payment history;

(4) payment details, including credit card number, bank details;

(5) details of participation in campaigns, eg participation information and prizes won;

(6) communication data, ie data collected through email, data collected through social media, data transmitted through messaging etc.

4. Purpose of and legal basis for the processing of personal data

We process personal data for the performance of sales agreements, for the purpose of negotiating the terms of a sales agreement, including making quotations, for the exercise of our rights and obligations under the law, including the performance of our accounting obligations; for the processing of your inquiries and requests, including replying to them; for the organisation of sales campaigns.

The legal basis for the processing of personal data is mainly the performance of agreements (clauses 3(1), 3(2), 3(3) and 3(4) of the privacy policy) and legal obligation (clauses 3(1), 3(2) and 3(3) of the privacy policy), but also your consent (clause 3(5) of the privacy policy) and our legitimate interest (clauses 3(1), 3(2) and 3(6) of the privacy policy).

5. Your rights concerning personal data

The General Data Protection Regulation gives you the following rights in relation to your personal data:

(1) Right to access personal data – you have the right to know what personal data about you we store and how we process it, including the purpose of the processing, the persons whom we disclose the personal data to, information about automated decision-making and the right to receive copies of your personal data.

(2) Right to rectification of personal data – you have the right to request the rectification of incomplete, insufficient or inaccurate personal data.

(3) Right to withdraw your consent for processing personal data – you have the right to withdraw the consent you have given us to process your personal data. However, please note that withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

(4) Right to erasure of personal data (right to be forgotten) – you have the right to request that we erase your personal data (eg if you withdraw your consent to the processing of personal data or if the personal data is no longer necessary for the purposes for which it was collected). We have the right to refuse to erase personal data if the processing is necessary for performing our legal obligations, for the establishment, exercise or defence of legal claims.

(5) Right to restriction of processing – in certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (eg if you have objected to the processing of your personal data).

(6) Right to object – you have the right to object to the processing of your personal data by us if the processing of your personal data is based on our legitimate interest. We will respond promptly to objections to the processing of personal data for direct marketing purposes.

(7) Right to data portability – where the processing of your personal data is based on your consent and the personal data is processed by automated means, you have the right to receive the personal data concerning you, which you have provided to us as the data controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another data controller. You also have the right to request that we transmit personal data directly to another data controller, where technically feasible.

(8) Automated decision making (including profiling) – where we have informed you that we will carry out automated decision making (including profiling) which produces legal effects concerning you or has a significant impact on you, you may request that an automated decision is not made solely on the basis of automated processing.

You can find more information about your rights in Chapter 3 of the General Data Protection Regulation.

If you wish to exercise any of your rights in relation to the processing of your personal data or if you have a question regarding the processing of your personal data, please send us an email at: andmekaitse@genekas24.ee We will usually respond within one (1) month and, if the response requires the release of personal data, we will verify the identity of the applicant in advance.

If you are not satisfied with our response, you can always file a complaint with the supervisory authority (www.aki.ee).

6. Security measures for personal data

We implement a range of technical, physical and organisational measures to protect personal data against unlawful or unauthorised alteration, disclosure, destruction, loss, acquisition or access. 

We have set personal data access restrictions for our employees and our data processors. Access to personal data is limited to those persons who need it for the performance of their duties.

We only use such data processors who have provided us with adequate guarantees and whose ability to process personal data securely we trust. We enter into written agreements with all of our data processors to ensure that each of them implements adequate safeguards to protect personal data.

7. Cookies and other technology

Our website uses cookies, which you can accept if you choose to use our website. Cookies are small text files that are stored on the hard disk of the computer of a visitor of the website and help us to improve the website’s services offered to you and make them more convenient for you. We need cookies so that you can select goods from the website, add them to your shopping cart and then order/purchase them.

We also use web beacons that allow us to recognise certain types of information on your computer (such as the number of the visitor's cookie, the date and time the page was viewed, and a description of the page where the web beacon is located) and allow us to determine whether and how many times you have visited a particular section or sub-page of the website.

We use third-party cookies to analyse traffic to and from the website (new or repeat visitors, which sections of the website are visited and for how long etc) and to measure the effectiveness of the advertisements published on the website.

For example, we use Google Analytics cookies to analyse the traffic on the website, whether a visitor is new or returning, which sub-pages of the website are visited, how long the visitor stays on the website and where the visitor is coming from. This type of information is important to us in order to better understand the behaviour of visitors to the website and to improve their user experience.

We may also collect information about your computer or device, such as your IP address, the browser you are using and your language settings. We use this data for statistical purposes to improve our website and to display content tailored to you.

We use MailChimp cookies to analyse the effectiveness of the newsletters and other marketing communications we send. We mainly use them to analyse whether the newsletter we sent you has been opened and whether the links in that newsletter have been clicked on.

This type of information is necessary for us to analyse the effectiveness of the newsletters sent.

If you prefer not to have your personal data processed on the website, you can activate the private browsing function on your browser, ie disable or limit the storage of cookies. In the same way, you can delete cookies that have already been stored.

However, it should be kept in mind that certain functionalities of the website may not work if cookies are disabled.

8. Breach of personal data processing regulations

Palun teavitage Meid koheselt Teile teadaolevatest isikuandmete töötlemise rikkumisest või rikkumise ohust aadressil andmekaitse@genekas24.ee Me suhtume isikuandmete turvalisuse teemasse tõsiselt ning reageerime koheselt võimalikule rikkumisjuhule.

9. Disclosure of personal data

We will disclose or give access to your personal data to public authorities or supervisory authorities to the extent that we are under a legal obligation to do so.

We will disclose your personal data to our data processor, as well as to persons who have a legal right to receive personal data.

Our data processors include, for example, postal or courier service providers (for delivery of goods), payment service providers (for payment of goods), financial service providers (for the provision of credit to pay for goods).

We process personal data mainly within the EU and the European Economic Area (Norway, Liechtenstein, Iceland). If we need to transfer personal data outside the European Economic Area, the transfer will be carried out in accordance with the requirements of the General Data Protection Regulation.

10. Retention of personal data

We will retain personal data for as long as required or permitted by law or necessary for the purposes stated in the privacy policy.

For example, personal data processed for the purposes of a legal obligation will be retained for as long as the legal obligation is in force (eg seven (7) years for an obligation set out in the Accounting Act). We retain personal data relating to disputes until the claim expires.

After the expiry of the retention period, we will erase the personal data permanently.

11. Privacy policy in effect

The privacy policy currently in effect is available on our websites www.genekas24.ee, www.profilegrupp.ee

Please note that we may update the privacy policy from time to time.