Zone cares about the privacy of its Clients’ data. This Privacy Notice provides you information about the data that Zone as a controller collects and processes regarding its Clients and in which manner it is done.
Zone is the processor and the Client is the controller of the data that are uploaded by the Client to the servers of Zone, are created in the servers of Zone upon the use of services or are uploaded to the servers by the users of the application(s) of the Client.
The grounds for the processing of the Clients’ data by Zone consist of the consent of each Client for the processing of data, the necessity for processing of data in order to perform the Contract, as well as the legal obligations of Zone.
This policy is applicable upon provision of all services of Zone.
Client – any natural or legal person that has entered into a contract for using the services of Zone.
User – any natural person using the services of Zone.
Zone – ZONE MEDIA OY, registry code 3195211-9, whose contact data are set out on the website (https://www.zone.fi). Questions regarding personal data processing can be addressed directly to the Data Protection Officer of Zone at the address email@example.com .
Party – the Client or Zone; Parties – the Client and Zone together.
Personal Data – any information relating to a natural person.
Client Data – data relating to the Clients which are used by Zone to provide services to the Clients, including but not limited to the Personal Data of Clients that are natural persons, representatives of Clients, Users, and other natural persons.
Data Processing – operations performed on Client Data, whether or not by automated means.
Controller – Zone is the controller of Client Data.
Processor – a natural or legal person, public authority, agency or another body processing Personal Data on behalf of Zone.
Data Protection Officer – the employee of Zone who organizes supervision of the processing of Personal Data at the company. The contact details are set out on the website (https://www.zone.fi).
Recipient – a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed.
Third Party – a natural or legal person, public authority, agency or another body, except the Data Subject, Controller, Processor and the persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.
Contract – any contract (including the Central User Contract, Service Contract) between Zone and the Client / Central User.
Zone shall process Client Data in a manner that is lawful, fair and transparent.
Zone shall collect Client Data for legitimate purposes and shall not process them later in any manner which is in conflict with these purposes.
Zone shall process Client Data in a manner that shall ensure their appropriate security, including protection of the data against any unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
Zone shall act with the aim of ensuring that the collected data shall be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
Zone shall act with the aim of ensuring that the Personal Data that are inaccurate for the purpose of processing shall be deleted or rectified without delay.
Zone shall act with the aim of ensuring that the information and notices related to Data Processing would be easily accessible, understandable and compiled using clear and plain language.
Specific nature of Client Data
Zone may collect and process the following data in order to provide services to its Clients:
- Identifiers of the Client and the Client’s representatives – name, date of birth, personal identification code, Commercial Registry code, number of the document used for the purpose of identification of the person, copy of the document;
- Contact details of the Client and the Client’s representatives – e-mail addresses, telephone numbers, post addresses, usernames for cloud services;
- Language preference of the Client and the Client’s representatives – the language of communication preferred by the person or his or her representative;
- The data related to the devices of the Client and the Client’s representatives – the IP addresses of the devices, the IP addresses of the network gateway, cookies used for web browsers, and other data related to the devices;
- Data on any communication between Zone, the Client or the Client’s representatives – correspondence between the persons, messaging and audio recordings generated in the course of the customer service provided by Zone;
- Images of the Client or the Client’s representatives – footage of security cameras which may be recorded when a person visits the physical seat of Zone;
- Data on the payment behaviour of the Client – the data collected regarding a Client in the course of payment for the services;
- Data on the customer satisfaction of the Client – the data collected in relation to the use of services and the customer satisfaction with these services;
- The data set related to the Client – files, databases, logs, etc;
- Any other data related to the Client.
Ways of collecting Client Data
Client Data may be collected in the following ways: upon filling in the order forms for services; upon the use of services; upon payment for services; by telephone, by e-mail; while visiting a physical location; while using cookies or other technologies that monitor the visitors of our websites; while providing feedback or in other ways.
Purpose of processing Client Data
Zone processes Client Data in order to: enter into a Contract with the Client; provide the Client with an access to its services and products; maintain client relationships; enhance the user experience of the Clients; keep the Client Data up to date; settle accounts with the Client; send promotional notices or marketing information to the Client; organise satisfaction surveys; prepare market analyses and statistics; perform legal or contractual obligations; exercise its legal or contractual rights; for other reasonable purposes.
Zone shall also process Client Data to ensure compliance with the laws and regulations applicable to us; to respond to inquiries in public law and inquiries from governmental authorities, including public bodies and governmental authorities located outside the country of residence/host country of the Client; or to protect the rights, privacy, security or property of Zone and/or of any subdivisions of the company.
Zone will transfer Client Data to Third Parties if it is necessary and proportionate for ensuring network and information security by public sector authorities, Computer Emergency Response Teams (CERT), Computer Security Incident Response Teams (CSIRT), providers of electronic communications networks and services, and providers of security technologies and services.
Obligations of Zone
Zone shall apply appropriate data protection principles and measures if these are proportionate to the Client Data Processing operations.
Zone shall implement appropriate technical and organisational measures to ensure and to be able to evidence the processing of Client Data in compliance with applicable legal acts.
Zone shall, both at the time of the determination of the means for processing and at the time of the processing of Client Data, implement appropriate technical and organisational measures which are necessary for effective implementation of data protection principles.
Zone shall publish the information security principles on its website (https://www.zone.ee – Information Security Principles of Zone Media OÜ)
Rights of Zone
Zone will be entitled to process the Client Data during the client relationship as well as after the end of the client relationship. After the end of the client relationship, Zone will be entitled to process the Client Data for 3 years or for a longer period of time if it is necessary in relation to a legal obligation (e.g. under accounting laws or laws regulating limitation periods or other private law), contract or legitimate interest.
Zone will be entitled to engage processors in the processing of Client Data. Zone shall engage the processors who provide a sufficient security that they shall implement appropriate technical and organisational measures in such manner that the processing of Client Data shall be in conformity to the requirements set out in the respective laws and that the protection of the rights of data subjects shall be ensured. We may disclose Client Data to the extent permitted by law to the following parties: the parent company, shareholders, subdivisions and subsidiaries of the company; third parties involved in the settlement of accounts with the Client; auditors or consultants; lawyers; entities maintaining registers (top-level domain registrars, network information registrars, etc); debt collectors; postal service providers; information technology maintenance providers and developers; providers of identification or abuse prevention services; other parties providing services to Zone.
Zone shall publish a list of the significant processors engaged in the processing of Client Data on its website (Processors of the Client Data of Zone Media OÜ, list maintained in Estonian).
Zone may rectify, supplement and update the collected Client Data based on its internal and external sources.
Rights of Client
The Client has the right to receive information on whether Zone is processing his or her data and which data are being processed.
The Client has the right to apply for a copy of the Client Data pertaining to him or her from Zone.
The Client has the right to request rectification or deletion of the Client Data or limitation of the processing of the Client Data from Zone, as necessary, or submit an objection to the processing of the Client Data. Zone shall use its best efforts to accommodate the request.
The deletion of Client Data shall not be applied if: the data are necessary to perform a legal obligation which prescribes processing of the data; the data are necessary for compiling, filing or defending a legal or debt claim; the deletion of the data is not possible due to the nature of the technical solution or is not possible without an unreasonable effort.
Zone has the right to charge a reasonable fee for processing the Client’s request if it is permitted or if the Client’s inquiry is excessive in the opinion of Zone.
If the Client considers that Zone has violated his or her rights upon Personal Data Processing, the Client will be entitled to file a complaint regarding the activities of Zone with a respective supervisory authority, in the given case being the Data Protection Inspectorate (http://www.aki.ee).
Location of Data Processing
Client Data shall be stored, both in electronic as well as physical form, at our company and with Third Parties. As a rule, Zone shall process Client Data within the European Union / European Economic Area.
Zone may transfer Client Data to outside the European Union / European Economic Area, if there are legal grounds for it, e.g. performance of a legal obligation or the Client’s consent, and if appropriate protective measures are implemented: there is a contract containing the standard clauses conforming to the General Data Protection Regulation, approved codes of conduct, certifications, etc; there is a sufficient level of data protection in place in the state of location of the Recipient in accordance with the decision of the European Commission; or the Recipient has been certified under the data protection framework Privacy Shield.