Privacy Policy

This page outlines Lorai OÜ’s data protection terms (privacy policy).

Lorai OÜ

DATA PROTECTION TERMS

The purpose of Lorai OÜ’s data protection terms is to protect the personal data of data subjects in accordance with European Union legislation and the laws of the Republic of Estonia. The data protection terms are primarily based on Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), and additionally on the Personal Data Protection Act and this personal data processing guide.

1. DEFINITIONS

1.1. Data Subject: a natural person about whom Lorai OÜ has information or information by which the natural person can be identified. Data subjects include, for example, individual clients, visitors, cooperation partners, and employees about whom Lorai OÜ holds personal data.

1.2. Personal Data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.3. Processing of Personal Data: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.5. Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.6. Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

2. GENERAL PROVISIONS

2.1. Lorai OÜ is a legal entity, registry code 16729938, located at Lehe St 8-1, Räni borough, 61708 Kambja rural municipality, Tartu County.

2.2. Lorai OÜ may process personal data:

2.2.1. as a controller, by determining the purposes and means of processing;

2.2.2. as a processor, according to the controller’s instructions.

2.3. Access to modify and process personal data is restricted to persons authorized by Lorai OÜ. Lorai OÜ adheres to the principle of ensuring the confidentiality of personal data and discloses personal data only to a strictly limited extent to ensure data protection.

3. PRINCIPLES

3.1. All activities related to personal data processing are based on the following principles:

3.1.1. lawfulness, fairness, and transparency: personal data processing has a legal basis, is fair, and transparent to the data subject;

3.1.2. purpose limitation: personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

3.1.3. data minimization: personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;

3.1.4. accuracy: personal data is accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

3.1.5. storage limitation: personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

3.1.6. integrity and confidentiality: personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

4. CATEGORIES OF PERSONAL DATA

4.1. Data disclosed to Lorai OÜ by the data subject:

4.1.1. personal identification data (first and last name; personal identification code; date of birth; place of birth);

4.1.2. contact data (address; phone number; email address);

4.1.3. financial data (salary data; bank account number; taxation data);

4.1.4. other data (qualifications; education; hobbies; language skills; sick leave data; vacation data; data concerning third parties related to the data subject; data containing special categories of personal data of the data subject).

4.2. Personal data generated as a result of regular communication and service provision between the data subject and Lorai OÜ (including client employee data, client data).

4.3. Personal data generated as a result of website visits and use (cookies; website log data with IP addresses).

5. LEGAL BASES AND PURPOSES OF PERSONAL DATA PROCESSING

5.1. Lorai OÜ processes personal data based on the data subject’s consent, for the performance of a contract or to take steps prior to entering into a contract at the data subject’s request, for compliance with a legal obligation, or where there is a legitimate interest.

5.2. Data Subject’s Consent: based on consent, Lorai OÜ processes personal data precisely to the extent and for the purposes determined by the data subject. The data subject gives consent for personal data processing voluntarily, specifically, informedly, and unambiguously.

5.3. Conclusion and Performance of a Contract with the Data Subject: personal data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. For example, personal data processing may be necessary for establishing client relationships and concluding service agreements for providing accounting services, payroll services, tax advisory services, legal address services, contact person services, and for managing client documents.

5.4. Compliance with a Legal Obligation: personal data processing carried out for compliance with legal obligations occurs when Lorai OÜ is obliged to process personal data because it is required by applicable law. For example, such an obligation may arise from the Employment Contracts Act, the Money Laundering and Terrorist Financing Prevention Act (e.g., for conducting client due diligence), the Auditors Activities Act, or the Accounting Act.

5.5. Legitimate Interest: for the purpose of providing higher quality services and promoting business activities, Lorai OÜ may process the data subject’s personal data, taking into account the data subject’s fundamental rights and freedoms. On a legal basis, Lorai processes personal data only after careful assessment to determine that Lorai OÜ has a legitimate interest, on the basis of which personal data processing is necessary and in accordance with the data subject’s interests and rights.

6. DISCLOSURE OF DATA TO THIRD PARTIES

6.1. Lorai OÜ may transfer personal data to third parties within the scope of the services provided or as required by law, to a strictly limited extent (e.g., notary, translation agency, Tax and Customs Board, Unemployment Insurance Fund, Health Insurance Fund, Data Protection Inspectorate, auditors, Financial Intelligence Unit) to provide higher quality services.

6.2. Lorai OÜ transfers personal data of data subjects to third countries or international organizations only if adequate safeguards have been implemented.

7. RIGHTS OF THE DATA SUBJECT

7.1. Right to withdraw consent at any time. The data subject has the right to withdraw their consent at any time if the processing of personal data is based on consent. This does not affect the lawfulness of processing carried out before the withdrawal of consent.

7.2. Right to information. The data subject has the right to receive information about the personal data collected about them. Information regarding personal data processing can be obtained from Lorai OÜ by submitting a written request via email at numeri@numeri.ee.

7.3. Right of access to data. The data subject has the right to request access to their personal data and to obtain a copy of the personal data being processed.

7.4. Right to rectification of inaccurate personal data. The data subject has the right to request the rectification and completion of inaccurate personal data.

7.5. Right to erasure of data. In certain cases, the data subject has the right to demand that personal data be erased, and Lorai OÜ is obliged to erase personal data without undue delay if one of the following circumstances applies:

7.5.1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

7.5.2. the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

7.5.3. the data subject objects to the processing of personal data and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of personal data;

7.5.4. the personal data have been unlawfully processed;

7.5.5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Lorai OÜ is subject.

7.6. Right to request restriction of personal data processing. The data subject has the right to restrict the processing of their data in the following cases:

7.6.1. the accuracy of the personal data is contested by the data subject, for a period enabling Lorai OÜ to verify the accuracy of the personal data;

7.6.2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

7.6.3. Lorai OÜ no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

7.6.4. the data subject has objected to processing pending the verification whether the legitimate grounds of Lorai OÜ override those of the data subject.

7.7. Right to data portability. In certain cases, the data subject has the right to receive the personal data concerning them, which they have provided to Lorai OÜ, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

7.8. Right to object. The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by Lorai OÜ or by a third party. Lorai OÜ shall no longer process the personal data unless Lorai OÜ demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

8. RETENTION OF PERSONAL DATA

8.1. Lorai OÜ retains personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, unless Lorai OÜ has a legal requirement that stipulates different retention periods for personal data:

8.1.1. accounting documents must be retained in accordance with the Accounting Act;

8.1.2. data collected under the Money Laundering and Terrorist Financing Prevention Act are retained in accordance with the law.

8.2. If a candidate is not selected during recruitment, the data subject’s curriculum vitae is retained for 1 year from the date of the rejection decision. After one year from the submission of the job application, the personal data of the unselected job applicant will be deleted.

8.3. Lorai OÜ securely destroys and/or erases all personal data for which there is no longer a purpose for retention or whose retention period has expired.

9. COOKIES

9.1. Lorai OÜ uses cookies directly or through third parties (Google Analytics) to provide a better user experience on the website www.numeri.ee.

9.2. Cookies are small text files that a website stores on the data subject’s computer or mobile device to retain information about the website visit. Visitors to Lorai OÜ’s website are deemed to have agreed to cookies if the visitor has enabled them in their browser settings.

9.3. Cookies are used based on a legitimate interest to ensure the proper functioning of the website’s features. In other cases, for cookies used, we rely on the visitor’s consent on the website.

9.4. Lorai OÜ uses different types of cookies.

9.4.1. Session cookies are stored only temporarily for the duration of a website visit and are automatically deleted after each visit. Lorai OÜ uses session cookies for statistics and analysis, and to remember language selection.

9.4.2. Persistent cookies remain even after repeated use of the website, and persistent cookies are used for user statistics and analysis.

9.5. The website visitor has the right to disable the use of cookies in their browser, but if cookies are not used, it may happen that not all parts of the website function correctly and not all services may be available. It is possible to opt out of cookies at any time by changing the browser settings of the device in use and deleting stored cookies.

10. EXERCISE OF RIGHTS AND SUBMISSION OF COMPLAINTS

10.1. Exercise of Rights: In case of any questions, requests, or complaints related to personal data processing, the data subject has the right to contact Lorai OÜ.

10.2. Submission of Complaints:

10.2.1. The data subject has the right to file a complaint with Lorai OÜ, the Data Protection Inspectorate (AKI), or a court if the data subject believes that their rights have been violated during personal data processing.

10.2.2. The contact details of the Data Protection Inspectorate can be found on the website: https://www.aki.ee/et/inspektsioon-kontaktid/tootajate-kontaktid.

11. CONTACT DETAILS

For all questions and suggestions regarding personal data processing, please contact us using the following details:

Lorai OÜ

Lehe St 8-1, Räni borough

61708 Kambja rural municipality, Tartu County

info@lorai.ee