Privacy Principles & Privacy Notice

Principles of Processing Personal Data

1. Introduction

These personal data processing principles (hereinafter "Principles") apply to personal data processing operations performed by Cybernetica AS (hereinafter "Cybernetica" or "we").

The principles apply to all our service providers, customers, guests, participants in studies and workshops and representatives of cooperation partners and related persons (hereinafter "data subject" or "you").

Technical and organizational information security measures have been implemented to protect personal data in accordance with ISO/IEC 27001: 2013 requirements.

2. Cybernetica as controller

Cybernetica collects or requests from the data subject only such personal data and in the amount necessary to achieve the set goals and for which there is a legal basis for processing.

Cybernetica processes the following personal data:

  • Personal data of representatives of Cybernetica's potential and existing service providers, customers and cooperation partners;
  • Personal data of Cybernetica guests and participants in studies and workshops conducted by Cybernetica, and
  • in certain cases, personal data of persons related to the above.

Cybernetica processes personal data on the following legal bases and purposes:

  • to fulfill the right or obligations arising from the legislation – Cybernetical has the obligation to receive and process breach reports as well as to comply with the requirements arising from international sanctions and other regulations, in connection with which the processing of personal data is necessary;
  • to fulfill contracts concluded with the participation of the data subject or to take measures prior to the conclusion of the contract – before concluding contracts with service providers, customers and cooperation partners, Cybernetica needs to make sure of the right of representation of the representatives of the mentioned persons and to process the data of the representatives in order to formalize the contract; it is also necessary for Cybernetical to process the data of representatives and other contact persons in connection with the fulfillment of contractual obligations and the prevention of conflicts of interest; In certain cases, Cybernetica needs to ensure that service providers, customers and cooperation partners have access to Cybernetica's premises and equipment on the basis of the contract, and to store access logs;
  • on the basis of legitimate interest – Cybernetica keeps records of potential and existing service providers, customers and representatives of cooperation partners and documents, software and other intellectual property created for them or in cooperation with them, including managing related intellectual property rights and confidential information; in connection with the above, Cybernetical needs to ensure network and information security, including controlling access to Cybernetica's infrastructure and services and storing information about it, which may contain personal data; Cybernetica also welcomes guests and organizes educational workshops and research; processes feedback data; monitors website visits; and market on social media channels; Cybernetica also participates in public procurements, in connection with which it is necessary to transfer personal data to state authorities;
  • on the basis of the data subject's consent – Cybernetica generally avoids processing on the basis of consent, as we usually rely on some other legal basis (see above); depending on the service offered to the customer and the position of the data subject, Cybernetica may need to perform a background check on the data subject through national databases, social networks and other sources not directly related to work through security authorities, for which Cybernetica requests the consent of the data subject; Cybernetica may wish to use the data subject's personal data as test data based on the data subject's consent; It is possible to subscribe to the Cybernetica newsletter via the Cybernetica website; if Cybernetica publishes the data subject's photo or other information on a social media channel, it will ask for the data subject's consent in advance, but in the case of recording as audio or image material in a public place, the data subject's consent will be replaced in accordance with the Personal Data Protection Act by informing him in a form that allows him to record audio or image material understand the fact and avoid recording yourself if you wish. The notification obligation does not apply to public events that can reasonably be expected to be recorded for the purpose of publicity.

Cybernetica refrains from:

  • processing of special categories of personal data, except if it is unavoidably necessary to fulfill a legal obligation or to provide the requested service to the customer – in the latter case, Cybernetica processes personal data as an authorized processor based on the instructions of the legal person customer or, in the case of a natural person customer, based on his consent.
  • From the processing of personal data of customers' employees and users of their products or services or other related natural persons, except if it is unavoidably necessary to provide the requested service to the customer – in this case, Cybernetica processes the personal data provided by the customer assuming that the customer has a legal basis to transfer the data to Cybernetica for the purpose of organizing work or as an authorized processor based on the customer's instructions to achieve the customer's goals.
  • the use of personal data as test data for testing its own products and services, unless the data subject has given Cybernetica their consent in advance.
  • the use of personal data for conducting research, unless the purpose of the research cannot be achieved in any other way.

3. Recipients

  • Cybernetica transmits data to the following recipients in the following cases:
  • service providers from whom Cybernetica either regularly or permanently purchases service for its own use (internal use) or to whom Cybernetica needs to provide personal data in connection with the provision of the service (for business);
  • cooperation partners with whom Cybernetica cooperates regularly or permanently to achieve its goals (to achieve internal goals) or to whom Cybernetica needs to provide personal data in connection with the object of cooperation (for business);
  • customers to whom Cybernetica regularly or permanently offers products or services in connection with which it is necessary to provide personal data;
  • state authorities to whom Cybernetica submits personal data to carry out background checks or to fulfill other obligations;
  • public channels where Cybernetica discloses personal data for marketing purposes.

Cybernetica will only transfer personal data to a recipient or to an international organization located in a third country in the event of a commission decision on the adequacy of protection, appropriate safeguards or an applicable exception.

4. Rights of the data subject

Data subjects have the following rights regarding their personal data:

  • access of personal data – the data subject has the right to receive confirmation from the controller as to whether personal data concerning him/her is being processed, and in such case, to peruse the personal data concerning him/her and to receive information of interest to him/her;
  • correction and completion of personal data – the data subject has the right to request correction of incorrect personal data concerning him and/or completion of incomplete personal data;
  • erasure of personal data – the data subject has the right to request the erasure of personal data provided that the personal data is no longer needed for the purpose for which it was processed, the data subject withdraws the consent given to the processing of personal data and there is no other legal basis for processing personal data;
  • restriction of personal data processing – the data subject has the right to request the restriction of personal data for the duration of a dispute or other objection regarding their correctness, which allows the responsible processor to check the correctness of the personal data, as well as for the duration of the processing of another objection, including to assess whether the reasons for processing on the part of the processor outweigh the data subject's reasons for not processing, as well as for deletion instead of or until the data is needed by the processor to prepare, present or defend legal claims;
  • transfer of personal data – the data subject has the right to receive the personal data concerning him/her that he/she has submitted to the data controller in a structured, commonly used format and in machine-readable form and the right to transfer this data to another data controller, provided that the processing is based on consent or a contract and is processed automatically;
  • objecting to the processing of personal data – the data subject has the right to object to the processing of personal data, which takes place on the basis of a legitimate interest, and the controller does not process the personal data further, unless the controller proves that the processing is for a compelling legitimate reason that outweighs the interests, rights and freedoms, or for the purpose of preparing, presenting or defending legal claims;
  • withdrawal of consent – if Cybernetica processes personal data on the basis of consent, the data subject has the right to withdraw his consent at any time without affecting the lawfulness of the processing based on consent prior to the withdrawal.

5. Data retention

We retain personal data until the necessary goals have been achieved or until a legal obligation requires it.

6. Contact information

If you have any questions about how and why we process personal data, want to exercise your rights or file a complaint, please contact us at the contacts below.

  • Address: Mäealuse 2/1, 12618 Tallinn, Estonia
  • E-mail: data-protection@cyber.ee
  • Phone: +372 639 7991

In addition, you always have the right to file a complaint with the Data Protection Inspectorate.

Privacy Notice

Welcome to the web site www.cyber.ee (hereinafter “the Web Site”)!

The Web Site is administered by Cybernetica AS (hereinafter also “we”), who may be contacted using the following details:

  • address: Mäealuse tn 2/1, Tallinn 12618, Estonia
  • e-mail: info@cyber.ee
  • telephone: +372 639 7991

This Privacy Notice explains which information we collect about the visitors (hereinafter also “you”) of the Web Site and the subscribers to our newsletter and feedback forms, and how we use that information.

Processing of information about the Web Site visitors

The data processed by Cybernetica AS when you visit our Web Site is limited to the following categories, which are typically made available by web browsers and servers when you use the internet (hereinafter “Data”):

We use the Visit Data based on our legitimate interest and only for the following purposes:

  1. to better understand how visitors reach the Web Site,
  2. to improve user experience for our Web Site, both with regard to its design and content (based on visitors’ activities on the Web Site) and its technical functioning (depending on the web browser, operation system and device used by the visitor), and
  3. to better plan our marketing activities based on the interest from specific countries or referring sites.

What cookies do we use and which categories of Visit Data we process:

We use cookies necessary for the operation of the site (provided in the below table) that help us make the Web Site more usable by activating basic features such as page navigation and accessing the secure parts of it. The Web Site cannot function properly without these cookies.

localStorage — This cookie is used to activate basic features such as page navigation and accessing the secure parts of it. (Cookie duration: 30 days)

We also use statistical cookies (provided in the below table) that help us understand how a particular visitor uses the website. This gives us information on how many visitors visit the page in a given period of time, how different pages are navigated and clicked on. Statistical cookies provide us with information that help us improve customer experience.

_pk_ses — This cookie is used to temporarily store a unique session ID. (Cookie duration: 30 minutes)

_pk_id — This cookie is used to store a unique user ID, source and duration of the visit, date and time of the visit, IP address of the visitor, country of the visitor based on the IP address, web browser of the visitor, operation system of the visitor's device, type of the visitor's device, user behaviour on the site, referring site, internet service provider of the visitor, information about user behaviour events. (Cookie duration: 13 months)

Visit Data may be disclosed by us to third party service providers acting as our data processors for managing statistics, who assure adequate technical and organisational security measures for data protection. Transfer of personal data to a third country takes place only in the existence of an adequacy decision by the European Commission, or in case suitable safeguards are in place which can be made available upon your request.

Enabling of cookies is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the Visit Data by enabling the statistical cookies and you face no consequences of failure to provide such data.

If you want to disable the use of cookies, change the consents given in your browser. You can read more about this on the following website http://www.allaboutcookies.org/manage-cookies/. Changing your selection shall not affect the lawfulness of processing done before the change. Cookies necessary for the operation of the site cannot be disabled.

We do not use the Visit Data to further identify the visitors of the Web Site.

Processing of information about the subscribers to Cybernetica’s newsletter

We use the data that is submitted by you via the subscription form for Cybernetica’s newsletter (hereinafter “Contact Information”) based on your consent only for the following purposes:

  1. for delivering the newsletters and,
  2. managing and monitoring the subscriptions.

The provision of Contact Information is not a statutory or contractual requirement, or a requirement necessary to enter into any contract. You are not obliged to provide Contact Information and you face no consequences of failure to provide such information except for not receiving the newsletter.

Upon submitting the subscription form, you will receive an e-mail, which enables you to approve or reject your subscription.

You have the right to withdraw and unsubscribe any time by clicking on the “Unsubscribe” button provided with every newsletter e-mail. After unsubscribing, you will no longer receive any newsletters from us. The withdrawal of consent and unsubscribing shall not affect the lawfulness of processing based on your consent before its withdrawal. Statistics about the subscriptions will be stored for a period of 12 months.

Contact Information may be disclosed to third party service providers acting as our data processors managing subscriptions and newsletter deliveries, who assure adequate technical and organisational security measures for data protection. Transfer of personal data to a third country takes place only in the existence of an adequacy decision by the European Commission, or in case suitable safeguards are in place which can be made available upon request.

Processing of information about the feedback forms

We store and process the data that is submitted by you via the feedback form available at: https://cyber.ee/tagasiside/ or https://cyber.ee/feedback/ (hereinafter “Feedback Information”) based on your consent, based on our legitimate interest and on the terms provided in this Privacy Notice.

We process the Feedback Information only for the following internal purposes:

  1. to analyse our visitors' satisfaction with our contacts, products and services
  2. to improve satisfaction regarding our contacts, products and services

The provision of Feedback Information is not a statutory or contractual requirement, or a requirement necessary to enter into any contract. You are not obliged to provide the Feedback Information and you face no consequences of failure to provide such information except for not being able to submit the feedback.

You have the right to request from us rectification or erasure of your feedback form by turning to: kvaliteet@cybernetica.ee or data-protection@cyber.ee, and we will no longer process feedback provided by you. This request shall not affect the lawfulness of processing based before the submission of such request.

Your feedback form will be stored for a period of 12 months from the year end from its submission.

Feedback Information may be disclosed to third party service providers acting as our data processors analysing feedback forms, who assure adequate technical and organisational security measures for data protection. Transfer of personal data to a third country takes place only in the existence of an adequacy decision by the European Commission, or in case suitable safeguards are in place which can be made available upon request.

We do not use the Feedback Information to further identify the feedback provider of the Web Site, unless Feedback provider has requested us to contact them for a further discussion.

General

We do not collect any other Data from our Web Site visitors, unless you disclose any additional personal data to us yourself, e.g., by contacting us via e-mail. Information provided by you by e-mail (“Provided Information”) will be stored for 12 months from the year end of its disclosure unless you are informed otherwise.

You have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability (provided we have developed respective technical solution for it). If you feel your rights have been violated, you have the right to lodge a complaint with a supervisory authority.

Cybernetica retains the right to update this Privacy Notice any time by publishing the updates on this Web Site.

Are you OK with statistical cookies? No personalised marketing, because we value your privacy.

Read more on our privacy policy page.

Ära lange õngitsusskeemide ohvriks! Beware of phishing attempts on behalf of Cybernetica.

Read more