Last update 25.10.2018
This document describes how Scanfil Oü (hereinafter ”Scanfil”) and its staff process the personal data of the representatives of Scanfil’s business contacts. Scanfil acts as a controller to such personal data.
As a controller, Scanfil is responsible for such personal data, and for the processing of such personal data. Protecting the data subjects’ privacy and personal data is of utmost importance to Scanfil. Scanfil is committed to complying with the requirements of data protection regulation applicable to us in the processing of your personal data. The means and purposes of processing the personal data are described in more detail in this document.
The EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) applies to all processing of personal data as a general law. Processing of personal data must always be based on a legal ground set forth in the GDPR, throughout the entire processing time from collecting of data till anonymization of data.
Processing of business contact representatives’ data is based on the following grounds:
A legitimate interest may be, for instance, Scanfil’s groupwide information sharing, marketing and CRM administration activities, prevention of fraud or misuse of IT systems or money laundering, physical as well as IT and network security, as well as potential merger and acquisition activities.
The provision of personal data of the relevant business contact representative as described in this document is necessary for the conclusion and/or performance of the relevant agreement entered into between Scanfil and its business partner. If the relevant representative does not provide personal data to Scanfil, it may no longer be able to manage and administer the contractual relationship with the business partner in question, in which case Scanfil may have to terminate the relevant agreement.
Scanfil processes the following business contact representatives’ personal data for the purposes of operating, managing and improving business contact relationships, sending releases to analysts and media, communicating with business contact representatives as well as for managing registrations for different occasions.
Business contact representatives’ personal data processed by Scanfil:
Furthermore, Scanfil may process change data of the above mentioned data categories.
Scanfil collects data concerning business contact representatives primarily from the business contact representative him/herself. Data is also collected from systems that record data processed in the register as well as from other permitted sources, including public sources as allowed in applicable legislation.
In addition, Scanfil may collect data from other sources based on the business contact representative’s consent.
Scanfil may transfer business contact representatives’ personal data to third parties in the following manner in order to fulfil the purposes of processing described in this document. When personal data are transferred to a body which processes personal data on behalf of Scanfil (i.e. data processor) Scanfil has through contractual arrangements ensured that personal data is processed only in accordance with Scanfil’s written instructions and merely for the purposes described in this document and that access to personal data is only allowed for persons who need access to data based on their tasks.
Some of the data processors used by Scanfil are located outside the EU or EEA area. Scanfil has contractually ensured that these entities undertake to apply an appropriate level of data protection in their processing practices, and thus the data transfers are subject to appropriate safeguards. More information on cross border transfers of personal data and on the appropriate safeguards applied thereto from time to time is available from the contact person mentioned under Section 2 of this document.
In addition, Scanfil discloses personal data with the entities belonging to the same group of companies with Scanfil for a number of different purposes (such as centralized group functions, including without limitation globally accessible business contact management services, intra-group communication, coordination and reporting). Such an exchange of information involves intra-group transfers of personal data between Scanfil group entities located in different parts of the world. Scanfil may additionally disclose personal data for instance to authorities within the limits allowed or required in currently applicable legislation.
Scanfil or such data processor that processes personal data on behalf of Scanfil retains personal data in accordance with applicable legislation for as long as data retention is necessary for the purposes of processing. When Scanfil no longer needs the data for the purposes described in this document, the data are removed from Scanfil’s and/or processors’ data systems and other data files and irrevocably anonymized. The aforementioned does not, however, apply to data subject to statutory retention period. Business contact representatives’ personal data are principally removed at request and at the latest when personal data is no longer necessary for the purposes of processing.
Where the personal data is collected on the basis of an obligation based on applicable law, the retention time of personal data may also be subject to explicit statutory requirement. Scanfil may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should Scanfil need the personal data to establish, exercise or defend a legal claim, on a need to know basis only.
Scanfil ensures the safety and protection of business contact representatives’ personal data against security breaches with firewalls, passwords and other technical safeguards. Data systems and their backups are located in locked facilities. Access is allowed only for persons who need access to the data in order to perform tasks or for fulfilling the purposes of processing. Persons processing the data are not allowed to disclose these data to third parties.
The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Scanfil to the extent Scanfil acts as the controller to the personal data of the data subject in question.
Requests relating to the aforementioned rights shall be directed to the contact person mentioned in section 2 of this document.
In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Estonia to the Estonian Data Protection Inspectorate, in accordance with its instructions. The website of the Estonian Data Protection Inspectorate can be found here.
Scanfil may, from time to time, change this document. You can tell when changes have been made to this document by referring to the “Last Updated” legend at the top of each page of this document. Scanfil encourages you to review this document regularly for any changes.
© Copyright Scanfil 2018. All rights reserved.
You may refuse to accept cookies from our website and delete existing cookies by selecting the appropriate settings on your browser. If you wish to do so, please refer to your browser’s user guide to find out how to control cookies by adjusting your browser’s preferences.
Full Privacy notice for our website visitors can be found here: http://www.scanfil.com/privacy.html.