Klaus provides its corporate clients system/platform for storage, management, analysis and evaluation of their customer support and has no direct relation with the customers of its corporate client and no individual interest in the processing of the personal data of such customers, the corporate client of Klaus is the controller of such personal data and we act as the processor in the meaning of General Data Protection Regulation ((EU) 2016/679). This means that we are processing the personal data of the customers of our corporate clients in accordance with the agreement between us and our corporate client and for the purposes of rendering services to our client.
Who is the data controller?
Tallinn 10134, Estonia
Your data will be collected when you sign-up to use our web or mobile services, participate in a marketing campaign or survey, provide feedback, contact our customer service or otherwise interact with us as the representative of our client.
We mainly process your data in the course of performance of the services ordered by the client or communicating with the cooperation partner but also in our marketing and client communication, as well as in our customer services.
From where do we obtain your data?
We obtain data about you when you:
- as a representative of our corporate client: sign-up as a user of our services; use our services via the web or mobile application; give us marketing permission and receive messages from us; give us feedback, leave us a message to contact you or otherwise get in touch with us; take part in one of our marketing campaigns or a marketing survey we organize;
- as a contact person of our other corporate partner contact us or communicate with us in the course of our relationship with the corporate partner.
What data we may collect about you?
We collect the following data through the use of our services:
- Name and contact information – first and last name, address, email address, telephone number, position in the company (i.e. our client).
- Demographic data – age and/or date of birth, language, and country.
- Access data – registration information regarding online services, such as user ID and password and other similar security information.
- Client relationship data – this mainly concerns the corporate client or partner (for example, info on the use of services, client feedback, complaints, payment data) but may sometimes include some limited information on you as the representative.
When collecting your data (for example when opening a client account with Klaus), we indicate which information is obligatory to provide. If you do not provide such data, we may not be able to render to the client the services (e.g. to create a user account for the client) it requires.
Please note that if you act as a representative of our corporate client or partner (e.g. as an employee, member of management body, etc), we presume that the information you provide about yourself is not strictly personal and may be used by us in connection with rendering services to and communicating with the corporate client or partner.
How do we use your data and what is the legal basis for the use?
As explained above, we use your data for the rendering of the services which the corporate client has ordered from us or for communicating with the corporate partner you represent. The legal basis for doing this is our legitimate interest – we need to communicate with a legal person and if you act as representative of one, we assume that there is a balance of interest and we do not conflict with your interests, rights, and freedoms.
In the case of processing of the personal data on the basis of the legitimate interest, a data subject always has the right to object to such processing. If you do object, we will inform our corporate client/partner asking to provide us with a new contact person or otherwise comment on your objection.
We may also use your data for direct marketing of our services and products to our corporate customer, i.e. not to you personally. If you receive marketing communication like this from Klaus, you can always opt out by unsubscribing through the link at the end of the message you receive from us or by emailing us to email@example.com.
How long do we store your data?
When processing the personal data of the representatives of our corporate clients and partners we retain your personal data until we no longer need it for the purpose it was collected for, or until you no longer perform the tasks in the company on the basis of which your personal data is processed.
Please note that notwithstanding the above, we may have an obligation due to mandatory legislation to process certain data concerning you. For example, we have an obligation deriving from accounting law to retain all original accounting documents for 7 years. If such documents in relation to our corporate client or partner include your name, e-mail, or other personal data we retain this data because we have to retain the document. However, in such a case, we will only process your personal data for the purpose of complying with the legislation in question and not for any other purposes. We may also need to retain your personal data longer if this is needed in relation to a legal claim made against us or making a legal claim by us against the company you are representing.
In addition, we may process the data in an aggregated or anonymized format, for example for analysis and statistical purposes and to improve and develop our services.
Who else can use your data?
As a general rule, your data is processed within Klaus. In connection with the rendering of our services to our corporate client, we may disclose your data or some of it to third parties. Such third parties include for example our partners offering us for example the following services: payment services in our web or mobile application (e.g. Braintree and Chargebee), accounting services, hosting, maintenance, etc.
When we use third-party service providers in the processing of personal data, we have data processing and protection agreements in place not allowing the third-party processors to use your data for other purposes than those determined by us.
We may also disclose your data to the authorities if this is required under applicable laws.
Do we transfer your data out of the EU or EEA?
We do not store or transfer your data outside the European Union or the European Economic Area.
What are your rights in connection with your data?
Right to access – you have the right to know which data we hold about you (if any).
Right to data rectification – you have the right to require corrections to your personal data in case they are inaccurate or incomplete.
Right to data deletion – you have the right under certain conditions to request the deletion of your personal data including in situations where the processing of your personal data is no longer necessary for the purposes for which it was collected, or if the processing of your personal data was based on your consent and you wish to withdraw your consent, and there are no other grounds for processing your personal data.
Right to restrict processing– you have the right under certain circumstances to forbid or restrict the processing of your personal data for a certain period (e.g. you have submitted an objection concerning data processing).
Right to object– You have the right to object to data processing based on our legitimate interest. Klaus must stop processing your personal data upon such objection, except if it can argue that your personal data is processed for effective legal reasons (decided case by case).
In order to exercise your rights, please send respective inquiries to firstname.lastname@example.org. We have the right to respond to your query within 30 days.
How do we protect your data?
Klaus has taken necessary legal, organizational, physical, and technical security measures to protect your personal data. Some examples of the measures we use:
Technical measures – all computers used inter alia for processing of personal data are protected with password-protected screensavers; it is ensured that the IT-system does not accept new login attempts and locks the username when a certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).
Physical measures – IT-systems are sufficiently protected against fire, overheating, water, current instability, and power outages.
Organizational means – all IT system users are assigned roles and profiles; it is ensured that access rights are deleted when the employee leaves Klaus; it is ensured that there is no access from publicly used rooms to rooms where personal data is being processed.
The right to submit a complaint to a supervisory authority
Should you desire further information concerning your personal data or exercising your rights, you have the possibility to contact us at email@example.com.
If you believe that the processing of your personal data breaches the requirements of the General Data Protection Regulation ((EU) 2016/679), you have the right, without prejudice to any other administrative or judicial remedy, to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Estonia, the relevant supervisory authority is Andmekaitse Inspektsioon.
What about cookies?
We use automatically-collected information and other information collected on our service through cookies and similar technologies to (i) personalize our service, such as remembering a user’s or visitor’s information so that the user or visitor will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of the service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as a total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the service. You can obtain more information about cookies by visiting http://www.allaboutcookies.org.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site, and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify visitors or users.