Dear Sir/Madam,

Effective from May 25, 2018, the existing legislation in the field of personal data protection is amended with the implementation of the General Data Protection Regulation (GDPR) dated April 27, 2016. Therefore, we are sending this message to our current and potential clients to inform you about how we process your personal data.

Data Controller

The data controller, i.e., the legal entity that determines the purposes and means of processing your personal data, is Eselcom OÜ, located in Tallinn, Estonia, address: Mustamae tee 16/6, Business Centre «Marienthali», 10617 Tallinn, Estonia (hereinafter referred to as “Eselcom”). Providing data is voluntary, but mandatory for the purpose of concluding a contract and subsequently providing a service.

Obtaining Information About Personal Data Processing

If you have any questions related to personal data protection, you can contact the Data Protection Officer via email at dpo@eselcom.com or in writing at our office address.

Data Collection and Purpose of Processing

We process your personal data because it is necessary to fulfill the contract concluded with you, i.e., to provide a service (in accordance with Article 6, Paragraph 1, Letter b GDPR), including:

  • Registering the User in the order system and providing user support, including presenting product offers and fulfilling orders (in accordance with Article 6, Paragraph 1, Letter b GDPR);
  • Handling complaints and claims (in accordance with Article 6, Paragraph 1, Letter c GDPR);
  • Investigating claims related to concluded insurance contracts (in accordance with Article 6, Paragraph 1, Letter f GDPR), where the legitimate purpose is the right to investigate claims;
  • Archiving purposes (in accordance with Article 6, Paragraph 1, Letter c GDPR);
  • Statistical purposes (in accordance with Article 6, Paragraph 1, Letter f GDPR), where the legitimate purpose of the controller is to possess information about the statistics of our actions, allowing us to improve our activities;
  • Ensuring compliance with our legal obligations, including combating money laundering and terrorism financing, as well as countering support for aggression against Ukraine (in accordance with Article 6, Paragraph 1, Letter c GDPR).
  • Additionally, legislation requires us to process your data for tax purposes and financial settlements.

Furthermore, we may process your data for marketing purposes, i.e., promoting our products and services. If we do this without using electronic means of communication, the legal basis for such activities is Article 6, Paragraph 1, Letter f GDPR, where the legitimate purpose of the controller is to conduct marketing activities. However, if we use electronic means of communication for this purpose, such as email or phone, taking into account other applicable legal requirements, we process data only based on your consent (in accordance with Article 6, Paragraph 1, Letter a GDPR).

Data Recipients

Your personal data may be transferred to other legal entities that process your data on their behalf, including, but not limited to:

  • Legal entities providing postal or courier services;
  • Banks and payment intermediaries (depending on the payment method chosen by the client) – for the purpose of returning overpaid funds;
  • Payment intermediaries (if the client chooses such a payment method) – for processing payments;
  • Government authorities or other legal entities authorized under applicable law – for fulfilling obligations imposed on us (tax authorities, law enforcement agencies, etc.);
  • Legal entities managing our teleinformation systems (hosting companies, IT service providers);
  • Legal entities providing us with legal assistance, accounting, tax, or consulting services.

Data Retention Periods

Your personal data will be stored until the expiration of the contract term (service provision) and after its termination:

  • Data contained in contracts – until the statute of limitations for claims arising from the contract expires (a maximum of 10 years from the date of contract completion);
  • For purposes arising from legal requirements, including obligations to retain accounting documents, issue invoices, etc.;
  • Documents related to warranties and claims will be stored for 1 year after the warranty period or claim settlement;
  • Data submitted via contact forms – until the statute of limitations period for potential claims expires (a maximum of 3 years).

Data for marketing purposes:

  • If data is processed based on consent – until consent is withdrawn;
  • If data is processed based on Eselcom’s legitimate interests – until an objection is raised.

Rights Related to Data Processing

You have the right to access the content of your data, as well as the right to correct, delete, restrict processing, transfer data, object to processing, and withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (if processing is based on consent).

Additionally, if you believe that our processing of your data violates GDPR requirements, you have the right to lodge a complaint with the supervisory authority in the field of data protection.

Automated Data Processing (Profiling)

Your personal data will be processed automatically (including in the form of profiling), but this will not have any legal consequences for you or significantly affect your situation in a similar manner.