Data protection terms and conditions
CityStock OÜ (‘we’, ‘us’ or ‘our’) is a company that provides storage services and container rental. We offer our customers a convenient and modern storage option that is easily accessible, properly supervised and continuously available.
Our contact details:
Tammsaare tee 47, Tallinn, Estonia
+372 5385 8880
2. Our customers
Our customers include both businesses and private individuals, who require the services we offer for storing their items.
If our customer is a legal person, we process the personal data of their representatives and employees.
If our customer is a natural person, we process their personal data.
We also process the personal data of our website (www.citystock.ee) users via ‘cookies’, and the personal data of those who have contacted us via our website.
3. Reasons for personal data processing
Personal data processing is a part of our day-to-day business, because we cannot provide services to an anonymous customer. Therefore, personal data processing is a natural part of our business activity.
In the case of storage services, we collect personal data about our customer in order to guarantee the customer or their designated person access to the warehouse, to organise communication with the customer regarding the performance of a contract, and to ensure both the customer’s and our responsibility for the quality of the services.
In the case of container rental, we collect personal data about our customer in order to ensure that the container is delivered to the correct location, to organise communication with the customer regarding the performance of a contract, and to ensure both the customer’s and our responsibility for the quality of the services.
We process the personal data of our website’s enquiry form users in order to reply to enquiries.
4. Types of personal data processed
We process, to the most limited extent possible and with a clear legal basis, those personal data that we need to conclude and perform the service agreement with our customer.
The personal data we process include:
(1) personal information, e.g. first name, last name, personal identification code, date of birth;
(2) contact information, e.g. address, phone number, email address;
(3) data related to service provision, e.g. information related to the performance of a contract, enquiries, complaints, data regarding payment behaviour;
(4) communication data, e.g. data collected through e-mail, data collected through social media, data forwarded by messages, etc.;
(5) data regarding participation in promotional campaigns, e.g. information regarding participation, rewards won.
5. Our role in processing personal data
We process the personal data of customers who are legal persons as a data processor, and the personal data of customers who are natural persons as a data controller. In the case of customers who are legal persons, we receive personal data from our customer, who is the data controller of those personal data.
In addition to being the data controller in the case of customers who are natural persons, we are also the data controller of the personal data of those who have contacted us via our website’s enquiry form.
6. Legal basis for processing personal data
We mainly process personal data to perform a contract (clauses 4.1, 4.2 and 4.3 of the Data Protection Terms and Conditions), to fulfil legal obligations (clauses 4.1 and 4.2 of the Data Protection Terms and Conditions), on the basis of consent (clause 4.4 of the Data Protection Terms and Conditions) and on the basis of our legitimate interest (clause 4.5 of the Data Protection Terms and Conditions).
7. Principles of personal data processing
We process personal data purposefully. We determine the purpose for personal data processing and we follow this in our subsequent activities.
We collect personal data to the most limited extent possible. In other words, we only collect those personal data that we need, that are relevant and essential. We determine the above based on the purpose for which we collect the personal data.
We process personal data legally, fairly and transparently. We always have a legal basis for personal data processing. We give notification of operations that we perform on personal data in a simple, clear and understandable manner.
We keep personal data accurate to our knowledge.
We implement various measures (physical, technical, organisational) to ensure the reliability and confidentiality of personal data. We protect personal data from illegal or unauthorised destruction, loss, transformation, disclosure, acquisition or unauthorised access.
If we transfer personal data to third parties, we use contractual partners that we trust. We require and we expect our contractual partners to be careful when processing personal data and to keep the personal data secure.
We consider it important and we are committed to ensuring that our employees are aware of, and comply with data protection regulations.
We only store personal data for as long as necessary. We determine this need based on the purpose for which we collect the personal data.
8. Use of ‘cookies’ on the website
‘Cookies’ are small text files that are stored on the website visitor's device and help to improve the user experience and the proper functionality of the website. You can accept the ‘cookies’ we use on our website when you choose to use our website. Each website visitor also has the option to limit or disable the storage of ‘cookies’ on their device by changing their device’s privacy settings. However, please note that our website’s functionality may be impaired when ‘cookies’ are limited or disabled.
We also use third party ‘cookies’:
Google Analytics cookies help to analyse web traffic, provide information about whether a website visitor is a new or repeat visitor, which parts of the website they visit, how much time they spend on those webpages, etc. This information is important to us, because it allows us to better understand the behaviour of our website visitors, and to make our website better and more user-friendly.
Google cookies enable us to target advertising and to measure its effectiveness.
SharpSpring cookies help to analyse the web behaviour of contacts in our contact database, in particular the open rates of newsletters sent to them and the performance of other marketing messages. For example, whether a newsletter was opened and whether the included link was clicked on. We require this data to change the sending frequency, content and other parameters of our newsletters to enable us to send our customers what they need.
MailChimp cookies also help to analyse whether our newsletter was opened and the included link clicked on, i.e. they help to assess the effectiveness of newsletters.
9. Rights related to personal data
The General Data Protection Regulation grants the data subject (person) significant rights in relation to their personal data, and the controller of the personal data must guarantee these rights with their actions. Nonetheless, a person cannot be denied control over their personal data.
The data controller guarantees:
(1) Right to access your personal data – You have the right to know what kinds of personal data we hold about you, how we process these, and to receive a copy of your personal data.
(2) Right to rectify personal data – You have the right to request insufficient, incomplete and incorrect personal data to be rectified.
(3) Right to withdraw consent regarding personal data processing – This right applies in cases where personal data is processed on the basis of consent.
(4) Right to the erasure of personal data (‘the right to be forgotten’) – You have the right to demand that we erase your personal data (e.g. if your personal data is no longer needed for the purposes for which they were collected). We have the right to refuse to erase personal data when the processing of personal data is necessary to fulfil our legal obligations, to establish, submit or defend legal claims, or if it is in the public interest.
(5) Right to the restriction of processing – In certain cases you have the right to forbid or restrict the processing of your personal data for a limited time (e.g. if you have objected to the processing of personal data).
(6) Right to object – You have the right to object to us processing your personal data, when the processing of your personal data is performed due to our legitimate interest or in the public interest. You may object to the processing of personal data for the purpose of direct marketing (sending of newsletters) at any time and we shall react immediately.
(7) Right to data portability – If the processing of your personal data is based on your consent and your personal data is processed automatically, then you have the right to obtain the personal data about you that you have submitted to the data controller, in a structured, commonly used format and in machine-readable form and you have the right to transfer personal data to another controller. In addition, you have the right to demand that personal data be transmitted directly to another controller when it is technically feasible.
(8) Automated decision-making (incl. profiling) – In the case of decision making based on automated processing (incl. profiling) that have legal consequences to you or have a significant impact on you, you may demand that the decision not be made based solely on automated processing.
A more detailed description of the rights of the data subject can be found in Chapter 3 of the General Data Protection Regulation.
If you have any further questions or requests regarding personal data, please get in touch with us (email@example.com). You have the right to file a complaint with the Data Protection Inspectorate (www.aki.ee).
10. Storage of personal data
We shall store personal data for as long as it is required or permitted according to legislation or necessary for the purposes set out in the Data Protection Terms and Conditions.
We shall store personal data relating to disputes until the expiration of the claim.
At the end of the personal data storage period we shall erase the personal data permanently.
11. Code of conduct in the case of a personal data breach
If you are aware of a personal data breach or of a risk of a personal data breach, please notify us immediately via the e-mail address firstname.lastname@example.org. We take the subject of personal data security seriously and respond immediately to any possible case of breach.
12. Publication of the Data Protection Terms and Conditions
The Data Protection Terms and Conditions currently in force are available on our website www.elmorent.ee. Please note that we may update the Data Protection Terms and Conditions from time to time.