Information you provide
You may provide personally identifiable information (“personal data”) about yourself when you use our services and, of course, when you fill in your personal data in “contact us form” or “job application form” on our Website (name, e-mail address, phone number, job title, the company you are part of, your CV).
Persons that are under 16 years old cannot provide their personal data through this Website. If you are below the age of 16 years, please provide consent for personal data submission and processing by the holder of parental responsibility over you.
Information collected automatically
We may collect following data automatically when you browse our Website:
- IP addresses
- Information about what type of device you use to connect to our website
- How you interact with our website.
Purposes of the processing and legal basis
We process personal data for the sole purposes of Direct Maintenance, namely:
a) for the organisation, management and functioning of the Website;
b) for replying to queries submitted via Website;
c) for considering job applications submitted via Website;
d) for performance of internal business administration including fulfilling any legal requirements (e.g. forwarding of information to investigative bodies, etc.)
The legal basis for the processing of your personal data for the purposes indicated under sections a), b) and c) of the previous paragraph is Article 6.1.a. of the GDPR. The legal basis for the processing of your personal data for the purposes indicated under section d) of the previous paragraph is Article 6.1.f. of the GDPR. The provision of your personal data is voluntary, but any refusal to provide such data will not allow the correct use of Direct Maintenance services.
Recipients of Data
We may share your data with the following entities:
Affiliates and Partners. We may share your data with Direct Maintenance group companies and partners involved in services provision. These entities may receive your information only to the extent necessary for the proper execution of the purposes defined above.
Data Processors. We may share your data with partners providing technological services, which were formally bound by means of a data processing agreement, pursuant to article 28 of the Regulation (EU) 2016/679. The full list of data processors is available by simple request to Direct Maintenance by sending an email to firstname.lastname@example.org. In addition, personal data may be transferred in case any Direct Maintenance group company merges, re-organises or transfers all or part of its business in which case your information may be disclosed to potential or actual successors of the business.
Parties when required by law or as necessary to protect our services.
Other Parties in Aggregated Form.We may also share your data with third parties in aggregated or non-personally identifiable form. In this case the Regulation (EU) 2016/679 does not apply.
Where we store your personal data
We primarily store and process your personal data in the EU/European Economic Area (“EEA”). If we do transfer your personal data outside the EEA it will be because you have consented or because we have a legal reason to do so.
If your personal data cannot be processed within the EEA, we will:
- Comply with all other data protection principles;
- Where possible, be to a country that is on the list of the EU Commissions’ countries that provide adequate protection for the rights and freedoms of data subjects;
- Make sure we have assessed the adequacy of protections in all other cases.
Period of storage
Your personal data will be kept for no longer than is necessary for the specific purposes for which the personal data are processed, unless a longer retention period is required or permitted by law.
Pursuant to Article 25 of the Regulation (EU) 2016/679, we implement appropriate technical and organisational measures, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the Regulation and protect the rights of data subjects. Furthermore, according to Article 32 of the Regulation (EU) 2016/679, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and safeguard personal data in our possession against accidental or unlawful destruction, loss, theft, alteration or unauthorised use or disclosure. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.
Changes to this policy
Exercise of users’ data protection rights
You may contact us, via email at email@example.com or via post at Väike-Sõjamäe 1A, 11415 Tallinn, Estonia, in order to assert your rights, as described in Articles 15 to 22 of the Regulation (EU) 2016/679, namely to demand: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the erasure (Article 17) or the rectification of data (Article 16); the restriction of processing (Article 18); the right to object (Article 22) and the right to data portability (Article 20).
We shall provide information on action taken on a request under Articles 15 to 22 to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Direct Maintenance shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the request is made by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by you.
We inform you that you have the right to lodge a complaint to the competent data protection authority, pursuant to Article 77 of the Regulation (EU) 2016/679 if you believe that your personal data have been processed in violation of any applicable law concerning data protection.