Trust of individuals whose personal data we process and ensuring compliance with the applicable laws are of paramount importance to us. We would like to inform you about our rules for collecting, processing, securing, transferring and using personal data, and provide the contact details of individuals whom you can contact with any issues concerning your personal data.
According to the requirements of REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “Regulation”, we would like to share with you the following information:
1. Controller of personal data
The controller of your personal data, hereinafter referred to as “Controller”, is:
Milo Solutions OÜ, Kentmanni 4-2K Tallin 10116 Estonia (hereinafter referred to as: Milo)
The Controller is responsible for the use of personal data in a safe manner, according to the purpose for which such data has been collected and in compliance with the applicable laws.
2. Controller’s contact details
Postal address: Milo Solutions OÜ, Kentmanni 4-2K Tallin 10116 Estonia
3. General provisions:
We use the collected personal data only for specific and legally justified purposes. The scope, purpose, period and legal basis for such processing as well as the categories of recipients are regulated by the laws binding on the Controller, and depend on the nature and scope of activities of the data subject.
4. Purpose of data processing, legal basis and storage period of personal data:
Purpose of data processing: Taking steps at the request of the data subject prior to entering into a contract (e.g. preparing an offer)
Legal basis for processing: Article 6(1)(b) of the Regulation (“ contract performance”)
Storage period: The data is stored for a period necessary for the performance, termination or expiry of the contract, or for a period after which possible claims become time-barred.
Purpose of data processing: Direct marketing (directing specific, personalised messages at carefully selected individual customers in order to elicit a direct reply)
Legal basis for processing: Article 6(1)(f) of the Regulation (“legitimate interests pursued by the Controller”)
Storage period: The data is stored for the duration of the legitimate interests pursued by the Controller and for a period after which possible claims become time-barred. If a data subject effectively objects to the use of their personal data, the Controller will no longer process the data for the purpose of direct marketing.
Purpose of processing: Sending information and advertising content concerning Milo’s offers by means of electronic communication
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to the continued processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.
Purpose of data processing: Expression of an opinion by a Customer
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: : The data is stored until the data subject withdraws their consent to the continued processing for this purpose.
5. Recipients of personal data
In order to perform a contract and to ensure the proper functioning of the Controller’s websites, the Controller uses services provided by third parties who work with the Controller (e.g. postal and courier service providers, and payment processors). The personal data is transferred to third parties only when and as necessary to achieve the purpose of processing. Third parties may use the transferred personal data only for the purpose of fulfilling the task entrusted to them by the Controller.
The personal data may be transferred to the following recipients who work with the Controller:
- postal, courier and similar service providers to the extent necessary for the purpose of deliveries and correspondence;
- providers of software, graphic, accounting, administrative services;
- providers of technical support for the Controller and providers of IT solutions which allow the Controller to pursue its business activity (e.g. software, e-mail and hosting providers): the Controller provides the personal data to a trusted provider whom it has commissioned only when and as necessary to achieve the purpose of processing;
- providers of solutions allowing customer opinions to be expressed/published: to the extent necessary for expressing an opinion.
6. Transferring data outside the European Economic Area
The personal data may be transferred outside the European Economic Area (which includes the European Union, Iceland, Liechtenstein and Norway) to Google LLC based on adequate legal safeguards, such as the standard contractual clauses concerning the protection of personal data approved by the European Commission. See also section 9. Online analysis.
The personal data may be transferred outside the European Economic Area when the data recipient cooperates with Milo and provides software/ graphic services and have his headquarters there. Another case is a client having the headquarters outside the European Economic Area.
7. Rights of the data subject whose data is being processed by the Controller (i.e. YOU)
If it is withdrawn, the data will no longer be used for the purpose covered by the concerned, but withdrawing the consent will not affect the legality of any processing activities which were performed based on the consent before its withdrawal.
According to the rules stipulated by the Regulation, the data subject also has the right to demand that the Controller provide access to their personal data, and to demand rectification, erasure (the right to be forgotten) or restriction of processing, and the right to object to processing as well as a right to data portability.
If the personal data is processed for the purpose of direct marketing, an objection can be made at any time to the processing of such data for marketing purposes, including profiling, to the extent to which the processing is linked to direct marketing.
In order to exercise the above rights, a request should be delivered to the Controller by e-mail, by letter, using the contact details provided in the introduction. To verify that the individual submitting the request is authorised to do so, the Controller may ask for additional information to confirm his/her identity.
The Regulation stipulates the extent to which each of these rights can be exercised. In particular, it will depend on the legal basis and the purpose for which the personal data is processed by the Controller. The above rights can be exercised free of charge once every 6 months. According to Article 12 of the Regulation, if requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may charge a reasonable fee.
The data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for the Protection of Personal Data (Urząd Ochrony Danych Osobowych).
8. Using data for advertising purposes
8.1 Case study
Case studies are made available only to Users who have given their consent and provided their e-mail address. They may also voluntarily agree to receive Milo advertising content. The consent to receive advertising information may be withdrawn at any time by contacting the Administrator at the address provided above: firstname.lastname@example.org.
The Controller may process the data included in the cookies to perform an anonymous analysis of visitors and their behaviour (e.g. the opening of certain websites) in order to deliver advertising that is personalised to what they are likely to be interested in, also when they visit other websites which are partners in the advertising networks of Google Inc. and Facebook Ireland Ltd., and in order to improve the administration of the Controller’s websites.
8.3 Onsite Targeting
8.4 Retargeting, third-party cookies and collection of data by third parties for advertising purposes
The Controller’s websites use retargeting (remarketing) technology.
– Google Analytics, Universal Analytics and Google Remarketing, delivered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). For details on how these services work, see Privacy notice and Privacy update.
– Facebook Pixel, delivered by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). For details, see their information.
8.5 How to block the saving of cookies?
To block the saving of cookies, the User should enable a browser setting that allows cookies to be saved only with the User’s consent.
To accept the use of the Controller’s cookies and block the use of third-party cookies at the same time, select the option “Block cookies from third-party websites” in the browser settings.
The User can disable cookies in the browser settings, but this may limit the website’s functionality and make it impossible to use all of its functions.
9. Online analysis
By using the website, the User consents that Google may process his/her data in the manner and for the purposes described above.
Google Analytics analyses the website with the “_anonymizeIp()” extension and, therefore, all IP addresses are processed only in an abbreviated form and cannot be directly linked to a specific User.
You can withdraw your consent to the transferring, collection and processing of your data to and by Google in the future by, for example, installing the Google Analytics Opt-Out tool.
10. Server log files
The web browser provides data on the user’s activity on the Controller’s websites, which is saved in server log files. Data records saved in this way include the following data: date and time of download, name of the visited website, size of the downloaded data, as well as information on the product version of the web browser being used, the IP address and URL of the reference website (address of the website from which the user has been redirected).
The data records in the server log file are analysed to correct errors, manage service efficiency, protect against DDoS attacks and personalise the offer.
11. Automated decision-making and profiling
The personal data will not be used for automated decision-making which results in legal consequences for the data subject, including for profiling.
12. Final provisions
The Controller’s websites may include links to third-party websites, which operate independently from the Controller and are not supervised by the Controller in any way. After accessing third-party websites, the Controller recommends familiarising yourself with their privacy policies. The Controller is not liable for how the data is handled on third-party websites.