TTN Eesti OU is a legal entity registered under the law of Estonia ("Company"/“We”). The Company respects your privacy and processes your Personal data in accordance with the EU General Data Protection Regulation ("GDPR") and the legislation of the country of residence of the Company (hereinafter referred to as the “data protection legislation”).
Contact details of the Company are following: Address: 5 Jõe St., Tallinn, Estonia, 10151; Identification number: 14038986; information on licenses and certificates is available at the following link, tel: +994 12 493 84 83 (24 hours a day, according to operator tariffs), email address: firstname.lastname@example.org
In general, we will hereby try to explain to you why, how and what Personal data the Company collects, uses, processes, and transfers. We will try to explain in details what security measures the Company takes to ensure the highest level of security of your Personal data processed.
“Personal data” are any data concerning an identified or identifiable natural person, regardless of the form or format in which such data exist (e.g. your name, e-mail address, IP address or the feedback you provide on the Website). Therefore, all the identifiable data about you that we collect shall be deemed the Personal Data.
“Sensitive Personal data” are the personal information regarding the ethnic or racial origin, religious or philosophical believes and political opinions, biometric data, data about health or health condition, sexual life and sexual orientation, trade union memberships.
“Processor” means a natural or legal person, which processes the Personal data on behalf of the Controller.
“Third Countries” means all the countries that are outside the European Economic Area.
“Processing” means operation or set of operation which is performed on the Personal data or sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Loyalty Program” means a loyalty program, which is organised, launched, and managed by the Loyalty program provider at the request of the Company in different countries. The details of the Loyalty Program within each separate country You can find at the website of the Loyalty program provider in each respective country.
“Loyalty Program member”/“Member”/“You” means a natural person who participates in a Loyalty program, and who is, at the time of registration in the Loyalty Program, at least 18 years old, and who holds a Visa payment card issued by the bank.
“Bonuses” means calculation units a respective bank charges to the Member's personal account in a result of the payment transactions made by the Member using a Visa card participating in the Loyalty Program.
“Visa” means a company Visa International Service Association, a Delaware corporation, which orders from the Company or the person engaged by the Company the launch and performance of the Loyalty Program.
“Loyalty program provider” means the company CARD INDUSTRIAL LLC duly registered in Ukraine.
"Applicable Legislation" means Data protection legislation of the country where the Company is established, the General Data Protection Regulation (EU) 2016/679 and any other legislation and/or regulation which amends, replaces, re-enacts or consolidates any of the data protection provision.
WHY AND WHAT PERSONAL DATA WE COLLECT
THE PERSONAL DATA WE OBTAIN FROM THIRD PARTIES.
You should admit and acknowledge that we do not obtain Personal data directly from you, as we do not have any technical abilities to do so. Herewith, we may obtain Personal data about you from Loyalty program provider and other third persons such as banks involved in the Loyalty Program. Loyalty program provider and other third persons transfer the Personal data about you to us solely for the purposes specified herein. Third parties, which provide us with your Personal data, act as the data controllers with regard to your Personal data and guarantee to us that the consent (where applicable) for the use of your Personal data was duly obtained from you or the other lawful grounds for the processing are in place.
Loyalty program provider and all other third persons we interact with ensure that the Personal data of underage persons are not transferred to the Company therefore, we officially state that the Company does not process the Personal data of underage persons. We will never bear any liability in a case when Loyalty program provider and all other third persons provide us with not correct, not full, not accurate, or misleading information or Personal data.
FOR WHAT PURPOSES WE USE PERSONAL DATA.
When ordering the launch and performance of the Loyalty program , the Company performs analytical and statistical research at the same time to find out a number of the Loyalty Program Members who take part in the Loyalty Program. Herewith, we will determine a number of the Bonuses accumulated and spent within the Loyalty Program by both the each Loyalty Program Member and all the Loyalty Program Members together.
Company has an obligation to provide Visa with the reports on the Loyalty program, which describe a number of the Loyalty Program Members as well the number of the Bonuses accumulated and spent within the Loyalty Program by all Loyalty Program Members together. Therefore, we use your Personal data to draw reports to be sent to Visa. It is worth to know that we do not transfer to Visa any Your Personal data or identifiable information.
DISPUTES AND CLAIMS
We store and process your Personal data for the purposes of resolving possible or potential future disputes that might be result of your participation in the Loyalty Program, including disputes of the legal nature. We may also process the Personal data for the purposes of establishment, exercise and defense of legal claims.
Company may be subject to some legal obligation imposed on by the applicable legislation in particular but not limited to the obligations of tax and accounting reporting, therefore, we may use some of your Personal data on the grounds of necessity for compliance with a legal obligation to which the Company is subject. In such a case, we do not need your consent or any additional confirmation.
We store your Personal data no longer than it is required for the purposes of processing of personal data. Where it is required by the applicable legislation, we may store some of your Personal data longer than it is defined by the initial purposes.
Generally, we store your Personal data transferred to us as long as it is required for the exercise of the purposes specified herein and not longer than 5 (five) years since the last day of your participation in the Loyalty Program, unless longer period is required by applicable laws. We may have another purposes and legal basis for processing of Personal data under the Applicable Legislation therefore, the period of storage may be changed. If so, we will inform you on this additionally.
TRANSFER OF PERSONAL DATA TO RECIPIENTS
We also may disclose Your Personal data when needed to affect the sale or transfer of business assets, to enforce our rights, to protect our property, or protect the rights, property or safety of others. We disclose your Personal data where permitted by law and the Applicable Legislation.
For the purposes of storing of the Personal data processed by TTN Eesti OU, we seek to use the services of the most secure and safe hosting providers. Therefore, for the storing of Personal data we use web-services 23media and/or Hetzner.
We engage only the Processors that warrant they have the level of security of Personal data processing appropriate to the requirements of the GDPR, and will never process the Personal data for their own purposes. If any of the Processors engaged sets its own purposes of use of your personal data, such data processor shall be considered separate Controller of your Personal data within such purposes. In this case, the respective Processor shall bear the liability before you by its own.
TRANSFER OF DATA TO THIRD COUNTRIES
Sometimes we need to transfer your Personal data to recipients located outside the European Economic Area (EEA).In the most cases the Recipients we transfer your Personal data to are Processors of Personal data. For example, we may transfer your Personal data to the Company registered in Ukraine, which provides us with the technical support.
In any case, when we transfer Personal data outside the EEA, we try to provide the highest level of security of such transfer under the GDPR and other applicable data protection legislation.
We seek to transfer your Personal data to the recipients that are established in the countries that have an adequate level of protection of personal data. If it is impossible, we provide the appropriate safeguards as specified in the article 46 of the GDPR in particular by using the standard contractual clauses approved by the European Commission. In some cases, the derogations specified in the article 49 paragraph 1(b) of the GDPR may be applied.
SECURITY OF PERSONAL DATA
AUTOMATED PROCESSING AND PROFILING
Company may create profiles about Loyalty Program member to the extent it is necessary for the purposes of execution of the Loyalty Program. The profile of the Loyalty Program member may contain contact details of the respective Loyalty Program member, the information on the Bonuses accumulated and used, and any other information relating to your participation in the Loyalty Program.
Company does not process the Personal data solely by automated means so that, the Company does not make any decisions on you without human involvement.
When processing your Personal data, we take all reasonable steps to ensure you have a proper control over your Personal data. To provide this, we will give you an ability to use the right specified in the GDPR and applicable Data protection legislation. Some of the rights may be used only based on some condition specified in the respective article of the GDPR. Generally, you have a right to (i) request access to personal data; (ii) request rectification of personal data; (iii) request erasure of personal data; (iv) request restriction of processing of personal data; (v) request data portability; (vi) object to the processing of Personal data (including objection to profiling); (vii) request not be subject to a decision based solely on automated processing.
You may submit any request to TTN Eesti OU, in particular those regarding the use of your rights contemplated by the GDPR.
If you think the Company or any other person engaged by the Company processes the Personal unlawfully, you may lodge a complaint with the respective supervisory authority of the European Union country of you habitual residence, place of work or of an alleged infringement. Contact information for these authorities can be accessed at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
You may submit any request to the Company, in particular those regarding the withdrawal of a consent, or explicit consent, or any other information regarding the Processing to the Company’s email address: email@example.com.