Privacy Policy
CUSTOMER, PARTNER, AND COMMUNICATIONS REGISTER
This privacy policy explains how TMV Green Oü (hereinafter “TMV”) processes personal data in the context of customer relationships and partnerships. The TMV group company responsible for the service you have shown interest in, have a contract with, or have interacted with is responsible for processing your personal data. The register consists of contact information of former, current, and potential customers or partners.
1. DATA CONTROLLER
Name: TMV Green Oü
Address: Harju maakond, Tallinn, Haabersti linnaosa, Meistri tn 16, Estonia
2. CONTACT PERSON FOR REGISTER MATTERS
Name: Jaanus Kivirand
Email: info@tmvgreen.ee
3. PURPOSE AND BASIS FOR PROCESSING PERSONAL DATA
The purposes for processing personal data are:
- Managing matters related to contractual relationships and compliance with contracts.
- Maintaining customer and partner relationships.
- Communication with customers, partners, and authorities.
- Managing and developing the company's business operations.
- Complying with or preparing contracts.
Personal data is processed only to the extent necessary. We process data solely for the purpose for which it was requested. The processing of personal data is based on a contract, consent, legal obligation (such as accounting or tax laws), or the legitimate interest of the data controller.
4. PROCESSED PERSONAL DATA
Customer and partner relationships:
- Company name and contact person’s name
- Phone number
- Title or profession
- Address
- Email address
- Organization
- Bank account number
- Contract-related information such as a description of the provided product or service, billing addresses
Wind power projects:
- Land leaseholder’s or contact person’s name
- Phone number
- Address
- Email address
- Property registry number and property owner
- Bank account number
- Contract-related information such as billing addresses
5. REGULAR SOURCES OF INFORMATION
Information is primarily collected from the data subject themselves, the data subject’s employer, or our stakeholders and suppliers concerning their subcontractors. Information may also be obtained from other registers maintained by the data controller or from authorities.
6. REGULAR DISCLOSURES OF INFORMATION
Personal data may be transferred or disclosed to third parties only within the limits allowed or mandated by law. Such recipients of personal data may include legal or financial consultants and companies responsible for payroll, accounting, and collection, acting as independent data controllers. Personal data may be transferred or disclosed to TMV group companies or to our strategic cooperation partners (like OX2 Estonia OÜ) within the limits of the aforementioned purposes of use.
7. TRANSFER OF DATA OUTSIDE THE EU OR EEA
Data will not be transferred outside the EU or EEA unless it is necessary to fulfill the aforementioned purposes of use. If personal data is transferred outside the EU or EEA, TMV will implement appropriate and suitable safeguards to comply with applicable data protection legislation. TMV may, for example, enter into an agreement with the recipient of the transfer outside the EU or EEA, utilizing the standard data protection clauses provided by the European Commission.
8. DATA RETENTION PERIOD
Data is processed for as long as necessary to fulfill the original purpose or legal obligations. Personal data is retained as long as necessary to fulfill the purpose for which it was collected, in accordance with this privacy notice. Personal data is processed at least for the duration of the customer or contractual relationship or other relevant relationship. It is also retained after the end of the customer or contractual relationship as long as necessary to fulfill the purposes specified in this privacy notice. We retain your personal data longer if applicable law so requires or allows for the verification, exercise, or defense of our legal rights.
Personal data will be deleted when the claim, complaint, or warranty period related to a specific customer relationship or service has expired, or there is no legal reason to process the personal data.
9. PRINCIPLES OF REGISTER PROTECTION
We use necessary technical and organizational security measures to protect personal data from unauthorized access and from accidental or unlawful destruction, alteration, disclosure, transfer, or other unlawful processing. Data security is maintained on a continuous basis. TMV personnel and external persons acting on its behalf are bound by confidentiality concerning all personal data. The use of registers is protected by user-specific identifiers, passwords, and access rights, and the stored data is handled confidentially by employees whose job description includes it.
10. USE OF COOKIES
We use cookies to improve the user experience of the website, to better understand how our website is used, and for marketing purposes. User consent is collected before using cookies. The user has the right to withdraw their consent at any time. You can manage or delete cookies—more information on managing cookies can be found at www.aboutcookies.org.
11. GOOGLE ANALYTICS
We use Google Analytics to understand how our website is used. Google Analytics collects information about the use of the website, which we use to create reports and improve the use of the website. All information is collected anonymously, and individual users cannot be identified.
12. RIGHTS OF THE DATA SUBJECT
The rights of the data subject are listed in the EU General Data Protection Regulation and Estonian Personal Data Protection Act. These rights are also described in more detail on the Data Protection Authority’s website and in Riigiteataja.
- Right of access: The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, and, if so, access to the personal data. The data subject has the right to inspect what data about them has been stored in the personal register and to obtain a copy of the data.
- Right to withdraw consent: The data subject has the right to withdraw consent to the extent that the processing of personal data is based on the given consent.
- Right to rectification: The data subject has the right to request that the data controller corrects inaccurate and incorrect personal data concerning them without undue delay and the right to have incomplete personal data completed, including by providing a supplementary statement.
- Right to erasure (“right to be forgotten”): The data subject has the right to request the erasure of personal data in the following situations:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- The data subject withdraws consent on which the processing is based and there is no other legal basis for the processing.
- The data subject objects to the processing of their personal data for direct marketing purposes or otherwise exercises their right to object, and there are no overriding legitimate grounds for the processing.
- The personal data has been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
- Right to data portability: The data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another data controller, under the conditions specified in the EU General Data Protection Regulation.
- Right to restriction of processing: The data subject has the right to obtain from the data controller the restriction of processing where one of the following applies:
- The data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The data controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) of the EU General Data Protection Regulation pending the verification of whether the legitimate grounds of the data controller override those of the data subject.
If processing has been restricted on the above basis, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
- Right to object to processing: When data is processed for the performance of a task carried out in the public interest, in the exercise of official authority vested in the data controller, or for the purposes of the legitimate interests pursued by the data controller or a third party, the data subject may object to the processing on grounds relating to their particular situation. In such cases, the data processing must be stopped, unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Right to lodge a complaint with a supervisory authority: If the data subject considers that the processing of personal data infringes applicable legislation or their statutory rights have been violated, they may lodge a complaint with the relevant contact person of the Data Protection Inspectorate.
- Notification of personal data breach to the data subject: If a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data controller shall communicate the personal data breach to the Data Protection Inspectorate and data subject without undue delay.
13. AUTOMATED DECISION-MAKING AND PROFILING
The data controller does not make decisions based on automated processing or profiling.
14. CHANGES TO THE PRIVACY POLICY
TMV reserves the right to change or update this privacy policy and privacy notice, for example, in case of changes in legislation or for the development of its business operations. Changes will be notified on this website. If the changes significantly affect the rights of users of TMV’s website or services, we will notify of the changes on the front page of our websites and, if possible, separately by email to registered users. This notice was last updated on: 19.06.2024.