General Principles for Processing Personal Data
To best serve customers and ensure appropriate fulfilment of contractual obligations, Smart Accounts OÜ shall collect and preserve data on customers and other persons communicating with Smart Accounts OÜ in accordance with the following principles:
- In its activities, Smart Accounts OÜ shall adhere to the principles for protection of personal data and safekeeping of confidential information.
- Smart Accounts OÜ shall protect the personal data entrusted to it from any unjustified use. Smart Accounts OÜ shall collect personal data in accordance with the law and in the scope required for ensuring fulfilment of contracts and providing the best service to customers.
- More detailed principles for processing customer data are provided in the Terms and Conditions of Smart Accounts OÜ.
- Smart Accounts OÜ shall apply IT and other necessary safety measures for ensuring protection of personal data and for monitoring processing of personal data.
- Smart Accounts OÜ employees shall be aware of the personal data protection principles and the safekeeping obligation for confidential information, and shall be responsible for any violation of the abovementioned obligations.
- Smart Accounts OÜ shall not disclose personal data to third parties, unless if so required by law, or corresponding permission is granted by the person whom the data concerns.
- Within the framework of product and service advertising campaigns, Smart Accounts OÜ may send customers offers from Smart Accounts OÜ, or, more infrequently, offers from other contractual partners. The customer shall have the right to disallow advertising offers at any time by informing Smart Accounts OÜ thereof.
- Smart Accounts OÜ shall preserve the personal data in their databases, with the person having the right to access his/her personal data at any time, as well as to demand at any time that changes be made to personal data, if the data has changed or is inaccurate for other reasons.
- Smart Accounts OÜ’s use of correct and accurate data ensures more appropriate and faster service. Personal data may be reviewed and inaccurate data corrected in SmartAccounts software or by contacting Smart Accounts OÜ.
- If necessary, Smart Accounts OÜ shall collect personal data from other sources besides the person himself/herself in order to make offers. If the personal data has not been obtained from public databases, Smart Accounts OÜ shall demand from the data issuer a guarantee on the lawfulness of the collection of the personal data.
- Smart Accounts OÜ shall record client orders given via SmartAccounts software or email and, if necessary, shall use these recording for proving and/or reproducing client orders and transactions or for other purposes named in the Terms and Conditions of Smart Accounts OÜ.
- Smart Accounts OÜ’s categories of recipients of personal data are: hosting service providers, email service providers, e-invoice service providers, postal service providers, software development service providers.
- If you have any questions about data processing, please call Smart Accounts OÜ’s information line at 660 3303 or send an email to firstname.lastname@example.org.
Procedure for Processing Client Data
Client is a person who has expressed their wish to use the services of Smart Accounts OÜ (e.g. submitted an application for entering into an Agreement) or who uses or has used a service provided by Smart Accounts OÜ or is in other ways connected to the services provided by Smart Accounts OÜ.
Client Data are all data incl personal data that Smart Accounts OÜ has about the Client.
Data Processor is a person who processes Client Data at the request of Smart Accounts OÜ.
Data Controller is a Client, at the request of whom Smart Accounts OÜ processes Client Data.
- Smart Accounts OÜ processes Client Data in accordance with this Procedure for Processing Client Data (hereinafter procedure). The procedure applies to the processing of the Client Data of all Clients of Smart Accounts OÜ, including the client relationships established before this procedure entered into force.
- Additional or more detailed requirements for processing Client Data may be agreed upon in an agreement concluded with a Client.
- In the issues not regulated in the procedure, Smart Accounts OÜ is guided by relevant Estonian and EU legislation, primarily by the Personal Data Protection Act, the General Data Protection Regulation of the European Union, and the guidelines of supervisory authorities.
- Smart Accounts OÜ ensures the confidentiality of Client Data by implementing the necessary organisational, physical, and information technology security measures. Smart Accounts OÜ requires the same of their cooperation partners to whom Client Data is forwarded in accordance with the procedure.
- Unless the law provides otherwise, Smart Accounts OÜ can unilaterally amend the Procedure for Processing Client Data at any time, provided that they inform the Client of changes on the Smart Accounts OÜ website at smartaccounts.eu at least one month in advance.
- The Client may not send Smart Accounts OÜ (via SmartAccounts software or by other means) sensitive personal data i.e. data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data processed to uniquely identify someone, health data or data about a person’s sexual activity or sexual orientation.
Composition of Client Data and Purposes of Processing
- Smart Accounts OÜ processes the Client Data primarily for the following purposes:
- personal data (name, personal ID code, data of the identity document, etc.) for the identification of the person;
- contact data (phone number, address, e-mail address, etc.) for communication of information and offers to the Client;
- user data (username, password, etc.) for identifying users at login;
- user request data (IP address, etc.) for access logs compiled for security purposes;
- Data collected and entered into SmartAccounts software by the Client (data of clients, vendors, employees, etc.) for providing accounting software services.
- The main purpose of processing each data category has been given in the previous clause. Additionally, Smart Accounts OÜ processes Client Data to:
- assess after reviewing the Client’s application whether provision of the service and conclusion of the agreement are possible;
- administer and perform the concluded agreement. For this, Smart Accounts OÜ may verify the transactions and operations carried out on the basis of the agreement, update the data gathered from the Client, prepare lists of the Client Data, analysed on different grounds (e.g. the list of debtors), collect the debt, etc.;
- assess the quality of services provided to the Client, incl. conduct client surveys;
- analyse and forecast Client’s consumption habits, to offer more suitable service and make special offers to them;
- organise statistical researches and analyses on the market shares and other financial indicators of client groups, product and service;
- offer services and products of Smart Accounts OÜ, organise marketing campaigns, including lotteries and draws, and offer the services of another partner;
- manage and mitigate risks and prepare reports;
- fulfil the obligations established by law (incl. respond to inquiries of state authorities and submit tax returns);
- protect its rights, including forwarding data to legal advisors and dispute settlement authorities (arbitral tribunal for resolution of insurance disputes, conciliation body, court, etc.).
- For the purposes listed in clauses 7 and 8, Smart Accounts OÜ processes the data which is publicly available on the Client (e.g. data received from different search engines as well as from the databases of the state and the local government) and received from third parties, if these have been presented to Smart Accounts OÜ considering the requirements of law.
- After termination of the agreement, Smart Accounts OÜ shall continue processing of the Client Data for meeting an obligation stipulated in the legislation or for preserving the data for the purpose of settling a dispute arising from an agreement concluded with the Client. Smart Accounts OÜ shall preserve Client Data in general for up to 6 months after the termination of the client relationship, i.e. when all agreements concluded with the Client have ended, unless legislation provides a direct obligation to preserve Client Data for another term.
Processing of Client Data Pursuant to Law
- Smart Accounts OÜ processes the Client Data specified in clause 7 for the purpose of fulfilling the tasks and exercising the rights stipulated in the Personal Data Protection Act, the Accounting Act, and other legislation regulating the activity of the company..
- Smart Accounts OÜ forwards without the consent of the Client the Client Data to persons to whom they may or are required to disclose the information by law, above all
- to a court, pre-trial investigation authority, prosecutor’s office, tax administrator, bailiff and other persons specified in laws to perform duties established to these by law;
- to AS Creditinfo Eesti or to any other payment default registry, if the Client has an outstanding monetary obligation, with the aim to provide information regarding the payment history of the Client to the users of the registry (e.g. to banks and other creditors). The Clients can familiarise themselves with the Client Data processed in the payment default registry of AS Creditinfo Eesti and the terms and conditions of disclosing and processing, the grounds and extent of forwarding the data, on the website at creditinfo.ee;
Processing of Client Data to Conclude, Perform, or Secure the Performance of the Agreement
- Smart Accounts OÜ processes the Client Data to conclude, perform, or secure the performance of the Agreement, including forward the Client Data to the following persons and the Client shall not consider this kind of forwarding a violation of the obligation to maintain confidentiality (incl. the business secrecy):
- to a person and organisation who is involved in the performance of the Agreement (such as an issuer of e-invoices, translation, printing, communication, and postal service provider, etc.);
- registrar of a state database (such as the commercial register, population register), if it is necessary to verify the accuracy of Client Data and documents presented to Smart Accounts OÜ and ensure their timeliness;
- to a person providing services to Smart Accounts OÜ (such as an auditor, providers of IT, archiving, and legal assistance services, customer survey provider, etc.);
- to creditors, providers of collection services, and other third parties with whom Smart Accounts OÜ holds negotiations to transfer an agreement or assign the claims arising from the agreement;
Other Cases of Processing Client Data
- Smart Accounts OÜ processes the Client Data upon the Client’s consent in order to
- conduct marketing campaigns, lotteries and draws, research consumer habits and satisfaction, and offer and advertise to the Client all services of Smart Accounts OÜ; for that purpose, Smart Accounts OÜ may make inquiries from registers and data registries. Offers may also be based on the decisions made by the information systems of Smart Accounts OÜ without the interference of natural person (automated processing). The Client may request the reviewing of the decision if they do not agree with the offer or the data it is based on;
- offer and advertise the products or services of another contractual partner.
- The Client may withdraw the consent stated in clause 14, as well as to refuse the advertisements and offers at any time by informing Smart Accounts OÜ thereof. Information about waiving the advertisements and offers is also included with every electronically sent offer or advertisement.
Client’s Rights upon Data Processing
- The Client may request Smart Accounts OÜ for information concerning them and demand rectification of their data if these have changed or are inaccurate for any other reason. The Client is required to submit this request to Smart Accounts OÜ in a format which can be reproduced in writing, if necessary.
- Smart Accounts OÜ shall reply to the submitted claim within the deadlines provided by legislation, but no later than within one month from the day of receiving the claim. If circumstances need to be clarified and checked before replying, Smart Accounts OÜ may extend the deadline of replying.
- The Client may demand from Smart Accounts OÜ the termination of processing their data, except if the right and obligation to process the data is foreseen by law or if this is necessary to perform or secure the performance of the Agreement concluded with the Client.
- Any disputes related to processing Client Data will primarily be solved through negotiations. If an agreement is not reached, the Client may submit an inquiry to the Estonian Data Protection Inspectorate or file a complaint with a competent court.