Privātuma politika

1. Iepazīstinājums

Sveiki! Laipni lūdzam mūsu Privātuma politikā, un priecājamies, ka jūs rūpējaties par savu personisko informāciju.

Mēs esam eAgronom OÜ, uzņēmums, kas reģistrēts Igaunijā, reģistrācijas numurs 14092394.

Mūsu reģistrētā adrese ir Telliskivi 60/1, 10412 Tallinn, Igaunija.

Šajā Privātuma politikā mēs sniegsim jums pārskatu par to, kā mēs savācam, izmantojam un apstrādājam jūsu personiskos datus, kad jūs lietojat mūsu tīmekļa vietni un mūsu platformu.

Lūdzu, rūpīgi izlasiet šo politiku, jo tā kļūst saistoša, kad jūs lietojat mūsu programmatūru un piekļūstat mūsu tīmekļa vietnei. Mēs ļoti nopietni uztveram privātumu un jūsu datu aizsardzību, un apņemamies atbildīgi rīkoties ar personisko informāciju tiem, ar kuriem sazināmies, un veidā, kas atbilst valstu likumdošanas prasībām, kurās mēs darbojamies. Šī politika ir jālasa kopā ar attiecīgo līgumu, kuru jūs esat parakstījis ar mums, un mūsu sīkdatņu politiku.

2. Definīcijas

Līgums - nozīmē līgumu starp jums un eAgronom attiecībā uz jebkādām pakalpojumiem.

Datu vadītājs - nozīmē dabisku vai juridisku personu, valsts iestādi, aģentūru vai citu iestādi, kas viena pati vai kopīgi ar citiem nosaka personisko datu apstrādes mērķus un līdzekļus.

Datu apstrādātājs - nozīmē dabisku vai juridisku personu, valsts iestādi, aģentūru vai citu iestādi, kas apstrādā personiskos datus, darbojoties datu vadītāja vārdā.

Datu apstrāde - nozīmē darbības, kas tiek veiktas ar personiskajiem datiem, piemēram, to savākšana, reģistrēšana, organizēšana, strukturēšana, uzglabāšana, pielāgošana vai mainīšana, izgūšana, konsultēšana, izmantošana, pārsūtīšana, izplatīšana vai citādi pieejamības nodrošināšana, salīdzināšana vai kombinēšana, ierobežošana, dzēšana vai iznīcināšana.

eAgronom, mēs, mūsu - nozīmē eAgronom OÜ, Igaunijas reģistrācijas kods 14092394.

EEZ - nozīmē Eiropas Ekonomikas zonu.

GDPR - nozīmē Regulu (ES) 2016/679, kas tiek saukta par "Vispārējo datu aizsardzības regulu".

Pakalpojumi - nozīmē pakalpojumus, ko mēs sniedzam jums saskaņā ar Līgumu.

KYC - nozīmē "zināt savu klientu" un ir regulējoša saistība identificēt un verificēt klientus, kuri izmanto mūsu pakalpojumus.

Personas dati - nozīmē jebkādu informāciju, kas attiecas uz identificētu vai identificējamu fizisko personu - identificējama dabiska persona ir tāda, kuru var identificēt, tieši vai netieši, it īpaši, izmantojot identifikatoru, piemēram, vārdu, identifikācijas numuru, atrašanās vietas datus, tiešsaistes identifikatoru vai vienu vai vairākus faktorus, kas ir raksturīgi šīs dabiskās personas identitātei.

Platforma - nozīmē mūsu programmatūru, ar kuras palīdzību mēs sniegsim jums Pakalpojumus.

Politika - šī privātuma politika, tā kā tā tiek grozīta no laika uz laiku un pieejama Platformā un Tīmekļa vietnē.

Tīmekļa vietne - nozīmē eAgronom OÜ tīmekļa vietni, pašreizējā adrese: https://www.eagronom.com/

3. Kādus datus mēs savācam par jums?

Kad jūs reģistrējaties, lai izmantotu mūsu pakalpojumus, mums ir jāapstrādā jūsu personiskie dati. Kopumā mēs izmantojam un apstrādājam šādus datus:

• Personas dati:

  • Piemēram, jūsu pilnais vārds.

• Kontaktinformācija:

  • Piemēram, jūsu e-pasta adrese un telefona numurs.

• Dati par jūsu pakalpojumu izmantošanu: Dažādi statistikas dati par jūsu pakalpojumu izmantošanu, piemēram, cik reizes jūs izmantojat mūsu platformu.

• Dati, lai atvieglotu pakalpojumu izmantošanu:

  • Piemēram, jūsu pieteikšanās dati un parole, rēķina informācija, pārlūka tips un versija, laika joslas iestatījumi, jūsu ierīces operētājsistēma, ar kuru piekļūstat platformai.

Sīkāka informācija par to, kā mēs konkrēti apstrādājam jūsu personiskos datus, ir sniegta sīkā pārskatā par personisko datu apstrādi pielikumā 1 zemāk. Lūdzu, ņemiet vērā, ka mēs varam savākt informāciju, kas norādīta pielikumā 1, bet atkarībā no konkrētajiem apstākļiem, mēs ne vienmēr savācam visus šos datu punktus attiecībā uz katru atsevišķu datu subjektu.

4. Kādēļ mēs izmantojam jūsu datus?

Mums ir nepieciešams apstrādāt jūsu datus, lai sniegtu jums pakalpojumus un izpildītu mūsu likumiskos pienākumus. Ja jūs atteicaties sniegt mums pieprasītos datus, mēs nevaram jums sniegt pakalpojumus. Mēs izmantojam jūsu personiskos datus šādiem mērķiem:

• Veikt mūsu pienākumus attiecībā uz jūsu līgumu ar mums un sniegt jums informāciju, produktus un pakalpojumus;

• Ievērot visus attiecīgos likumdošanas un regulatīvos noteikumus;

• Paziņot jums par izmaiņām mūsu pakalpojumos;

• Nodrošināt mūsu pakalpojumu drošību un aizsardzību;

• Administrēt mūsu pakalpojumus un veikt iekšējās darbības;

• Uzlabot mūsu pakalpojumus;

• Novērtēt vai saprast reklāmas efektivitāti, ko mēs sniedzam, un piedāvāt jums attiecīgas reklāmas;

• Apvienot informāciju, ko mēs saņemam no citiem avotiem, ar informāciju, ko jūs sniedzat mums, un ar informāciju, ko mēs par jums apkopojam. Mēs varam izmantot šo informāciju un apvienoto informāciju iepriekš minētajiem mērķiem (atkarībā no saņemtās informācijas veidiem).

5. Juridiskais pamats datu izmantošanai

To use the information as provided in section 4, we rely on following data processing grounds:

• Consent (GDPR Article 6 (1)(a)). We can process your data based on your consent. We for example may send you marketing materials based on your consent;

• Performance of a contract (GDPR Article 6 (1)(b)). We may process your data to perform our obligations pursuant to the Agreement to provide the Services to you. This might for example be the case if you contact customer support with any questions you might have;

• Legal obligations (GDPR Article 6 (1)(c)). We may process your data if it is necessary to meet legal obligations we are subject to. This for example might be data processing we conduct during our anti-money laundering activities;

• Legitimate interest (GDPR Article 6 (1)(f)). We may process your data if we have a legitimate interest to do so. Such necessity might arise for example for business development, to ensure information security, during fraud investigations, if required so by our external cooperation partners or if necessary to protect our legal interest.

6. Sharing data

We aim to share as little personal data on your as possible to service providers, especially outside the EEA region. Whenever possible, we anonymize the shared data so that you cannot be identified based on that data. In addition to that, we may transfer your personal data to countries outside the EEA area if it is necessary for the purposes as provided in Annex 1 of this Policy. In such cases we shall ensure that adequate safeguards are in place to protect your rights. You may request a copy of such safeguards we have put in place by contacting us via email.

We may also share your personal data if we are legally required to do so, for example in cases of court, tax authority or other relevant authority requesting personal data from us.

We also share your personal data with other eAgronom group entities or resellers which may also reside outside the EEA region. eAgronom entities are subject to same internal data processing principles to ensure sound safeguarding of personal data within our group.

More specifically, we may share your data to following parties:

• eAgronom group companies - we share your personal data with other eAgronom group entities to provide you the Services. Our group entities are and in the future shall be located either in within the EEA region or in countries who are subject to adequacy decisions issued by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). If we establish any group companies outside the EEA region, we shall make sure that adequate safeguards are in place to protect your personal data. Each eAgronom group company can function as an independent controller in such scenarios;

• Public authorities – upon receiving a valid request from a public authority, we shall share personal data to comply with our legal obligations. Public authorities are deemed to function as independent controllers in such cases;

• Service providers – in order to provide you with the best Service, we are cooperating with various service providers to (this list is high-level and not conclusive):

  • facilitate the participation in carbon market (for example partners to validate and certify carbon credits; registries; cooperation partners for establishing joint-carbon programs);

  • deliver to you the relevant data (such as market data)

  • support and maintain our IT infrastructure (for example servers);

  • meet our regulatory obligations (KYC and sanction-related monitoring for example), etc. In such situations the service providers will function as data processors.

7. Where we store your data

Protection of personal data is very important to us. We use various technical and organisational measures to ensure that your data is safe with us. 

Your personal data is either in our databases or in databases of our service providers. Servers storing such data are physically located in the EEA region. In some instances, we may share your data with service providers located outside the EEA region, please see Section 6 for more details.

8. How long we keep your data

We generally store your personal data as long as necessary for the purpose under which we collected the information. We will delete data that is no longer required by a relevant law or jurisdiction in which we operate. Our general data retention period is 5 years after ending the business relationship with you. This is a statutory data retention period which we have to follow to be compliant with our legal obligations. In some cases we may need to hold your personal data for longer to meet our legal obligations or if we have a legitimate interest (if longer data retention is for example required by our cooperation partners) to do so.

9. Your data protection rights

Under relevant data protection laws and this Policy, you have various rights related to your personal data as provided below:

• Right to access. You have the right to request access to the information we hold about you. Please be aware that this right can sometimes be limited by our regulatory obligations. We are unable to provide you access to personal data that would cause us to break the law.

• Right to rectification. You have the right ask us to update any of the information about you that you think is inaccurate or incorrect.

• Right to erasure and restriction of processing. You have the right to ask us to delete, stop processing or limit our use of your information that we hold. Please be aware that if we have a regulatory obligation to still retain this information, we might be unable to facilitate this request until the required retention period has elapsed.

• Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to request us to transmit this data to another data controller if the data was gathered by your consent, pursuant to the Agreement between us or via automated means.

• Right to withdraw your consent. Your consent is voluntary, and you have the opportunity to withdraw your consent at any time. Please be aware that in such cases we may not be able to provide Services to you. In addition to that, you always have the right to withdraw your consent from receiving marketing materials from us. We provide you with the option to unsubscribe from such communications in each email, via the unsubscribe link. We still shall send you relevant information regarding the Services and our Agreement.

10. Automated decisions

We may make automated decisions about you. This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. We do this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information. Most of automated decisions we make are connected to providing the Services to you. If we make automated decisions about you that limit your rights or access to the Platform, we will review those decisions manually as soon as possible.

Our Platform can only be accessed from regions in which we have decided to operate in. We automatically restrict access to our Platform in regions that we do not operate in.

11. Complaints

If you have any concerns about our use of your personal data, you can make a query or a complaint to us at legal@eagronom.com and we will do our best to address the issue.

If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to the Estonian Data Protection Inspectorate (www.aki.ee) if you are unhappy with how we have used your data. You have a right to bring an action before a court.

12. Applicable law and jurisdiction

This Policy will be governed by and construed in accordance with the Estonian law. Without prejudice to any rights you may have to refer a complaint to the authorities, the courts of Estonia have exclusive jurisdiction to settle any dispute arising in connection with this Agreement and for such purposes we and you irrevocably submit to the jurisdiction of the Estonian courts.

13. Changes to this Policy

We continuously review our policies and procedures. We’ll post any changes we make to this policy on this page and let you know about any significant changes via email.

Annex 1

Personal data processing details

1. Personal data: first and last name, phone number, date of birth, personal identification number (or equivalent)

   • Purpose: To meet our regulatory obligations for the provision of Services

   • Source: Directly from the data subject, some data points are verified using public databases, which depends on the residence of the data subject

   • Legal basis: Performance of a contract (GDPR art 6 (1)(b)), legal obligations (GDPR art 6 (1)(c))

2. Contact information: email address, residence address, geographical location (IP address)

   • Purpose: To know how we can contact you and for regulatory purposes

   • Source: Directly from the data subject

   • Legal basis: Performance of a contract (GDPR art 6 (1)(b)), legal obligations (GDPR art 6 (1)(c))

3. Background information: bank account information, IP address, tax residency and tax ID number, if applicable, citizenship, employment information, personal identification card data points (date of issue, expiry date, picture, country of issuance)

   • Purpose: To understand to whom we shall provide the Services and to fulfil our regulatory obligations (related to KYC)

   • Source: Directly from the data subject, some data points are verified using public databases, which depends on the residence of the data subject

   • Legal basis: Legal obligations (GDPR art 6 (1)(c)), legitimate interest (GDPR art 6 (1)(f))

4. Data on how you use the Services: information on how long and how often you use the Services, what features you use the most and what not, etc.

   • Purpose: To improve the Platform and our Services

   • Source: Directly from the data subject

   • Legal basis: Legitimate interest (GDPR art 6 (1)(f))

5. Marketing: email address, citizenship, etc.

   • Purpose: To provide you with marketing materials

   • Source: Directly from the data subject

   • Legal basis: Consent (GDPR art 6 (1)(a))

6. Financial data: your payment information (cards, bank accounts, etc.), orders.

   • Purpose: To provide the Services

   • Source: Directly from the data subject, from service providers used by the data subject

   • Legal basis: Performance of a contract (GDPR art 6 (1)(b)), legitimate interest (GDPR art 6 (1)(f))

7. Customer support: different kinds of communications (emails, other messages, phone calls, etc.), information provided in those communications

   • Purpose: To provide the Services

   • Source: Directly from the data subject

   • Legal basis: Performance of a contract (GDPR art 6 (1)(b))

8. Data related to information security measures (technical information on how our Website and Platform is accessed and used)

   • Purpose: To provide the Services

   • Source: Directly from the data subject, public databases

   • Legal basis: Legitimate interest (GDPR art 6 (1)(f))