Privacy notice
This privacy notice (“Privacy Notice”) is adopted by 1oT OÜ (registry code 14611026, address Järvevana tee 7b, 10112 Tallinn, Estonia, e-mail hello@1oT.com (“1oT” “Employer” or “we”).
The purpose of this Privacy Notice is to provide information on how 1oT may process your personal data in connection with your employment at 1oT or during the recruitment process when you apply or have applied for a job at 1oT.
“Employment” in this Privacy Notice shall also include the situations and this Privacy Notice shall apply also when you as a data subject provide services to 1oT under a contract for services, for example under authorisation contract (in Estonian: käsundusleping) or contract for services (in Estonian: töövõtuleping) in the meaning of Estonian Law of Obligations Act or under any other similar type of contract under which you as a natural person provide services to 1oT.
If you have any questions about how 1oT processes your personal data or if you wish to submit an application for exercising your rights related to processing your personal data, please contact 1oT through the contact information provided in the section "Contacts" below. If you work at 1oT under an employment contract, you may also turn to your supervisor.
1. DEFINITIONS
In this Privacy Notice the following expressions have the following meanings:
“Applicable law” | all applicable legal acts in Estonia, including Estonian Employment Contracts Act and GDPR. |
“Candidate” | natural person who has applied for a job at 1oT or who has applied as a provider of services to 1oT. |
“Data subject” | Employee or Candidate whose Personal data 1oT processes. |
“Data controller” | natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. 1oT is Data controller in the means of this Privacy Notice. |
“Data processor” | natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
“Employee” | natural person who works for 1oT or provides services to 1oT, whether under employment contract or under contract for provision of the services or under any other agreement. |
“Employer” or “1oT” | 1oT OÜ (registry code 14611026, address Järvevana tee 7b, 10112 Tallinn, Estonia). |
“Employment” | the legal relationship between 1oT and Employee arising from the employment contract, contract for provision of services or under any other agreement. |
“GDPR” | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). |
“Personal data” | any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of such a record as the name, personal identification code, place of location information or network identifier, or on the basis of one or more physical, physiological, genetic, mental, economic, cultural or social identities. |
“Processing” | any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
2. WHY WE PROCESS CANDIDATE PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS ABOUT OUR CANDIDATES?
2.1 When you apply or have applied for a job at 1oT, we as your potential employer need to process certain personal data about you. In such cases, 1oT may process your personal data in the context of recruitment or other engagement for the purposes of processing your job application.
2.2 1oT may process the following types of personal data in the context of recruitment:
2.2.1 general personal information: first name; last name; personal identification code and/or date of birth;
2.2.2 contact details: address, phone number, email address that you have disclosed to us;
2.2.3 data about qualification: education, information about your qualification and previous employment or experience, provided that you have disclosed such data to us during the recruitment process (for example in your CV disclosed to us or data disclosed in your LinkedIn profile if you have sent us this profile address);
2.2.4 data about the application: position or job description you have applied for or services you intend to provide under any other contract, salary or other remuneration expectations and other data obtained by us in the course of the recruit- ment or engagement process.2.3 If you wish to obtain specific overview of the personal data 1oT has collected specifically about you, please contact Employer through the contact information provided in the section "Contacts" below.
2.4 1oT generally obtains personal data related to the Candidate directly from the Candidate himself/herself. Thus, we may receive personal data that:
2.4.1 you submit to us directly by applying via 1oT website;
2.4.2 you disclose to recruitment company or third-party service provider that we may use to find applicants (such as cv.ee, MeetFrank, etc.)
2.5 1oT may receive personal data about the Candidate’s former employer, provided that the Candidate has consented to it.
2.6 For certain specific positions we may also conduct background screening in which cases we may receive personal data also from other public sources. For some positions, such information may also include information on criminal records database (only valid information) and information concerning payment defaults from payment default registers.
Background screening will only be conducted where permitted by the Applicable law and to the extent necessary and proportionate to the position that you are being offered. We will inform you separately when the position you apply requires conducting background check and will inform you which data will be processed.
3. WHAT IS THE LEGAL BASIS FOR PROCESSING CANDIDATE PERSONAL DATA?
3.1 1oT processes Candidate personal data to take steps to prepare the employment or other contract, if the Candidate is selected and the employment or other contract is concluded. Legal basis for such data processing is GDPR Article 6-1-(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
3.2 1oT also processes Candidate Personal data where processing your personal data is necessary for the purpose of our legitimate interests pursued by us, i.e. to carry out the recruitment or engagement process. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate, and your privacy is not infringed.
3.3 In certain specific situations 1oT also might process Candidate personal data based on Candidate’s consent (for example if you have not been selected as a result of the recruitment or engagement process but have granted a consent to contact you when the position that might interest you will be vacant). In such cases Candidate is never obliged to grant consent and consent shall be based on the free will of the Candidate. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process your personal data on the terms as provided in the consent that you have granted to us.
4. WHY WE PROCESS EMPLOYEE PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS ABOUT OUR EMPLOYEES?
4.1 When you have concluded an employment contract (or any other contract for services as a natural person) with 1oT, 1oT as your employer (or recipient of the services you provide) in the meaning of the Applicable law needs to process certain personal data about you.
4.2 1oT processes your personal data in the context of Employment for the following core purposes:
4.2.1 complying with Applicable law and other regulations;
4.2.2 performing or ensuring the performance of the contract entered into with you (whether this is employment contract or any other contract for services);
4.2.3 managing and planning the Employment relationship and fulfilling obligations arising from the Employment relationship;
4.2.4 ensuring safety and health concerns while working for Employer in accordance with Applicable law (and especially in accordance with Occupational Health and Safety Act).
4.3 1oT processes following types of Personal data in the context of Employment:
4.3.1 general personal information: first name; last name; personal identification code and/or date of birth;
4.3.2 contact details: address, phone number, email address that you have disclosed to us;
4.3.3 contract data: position, salary or other remuneration, banking account details and other data from the employment or other contract entered into with you;
4.3.4 data about qualification: education, information about your qualification and previous employment or work experience, provided that you have disclosed such data to us during your Employment relationship with 1oT or prior to Employment during the recruitment process (for example in your CV disclosed to us);
4.3.5 data obtained by us during the Employment relationship: data concerning your Employment at 1oT, for example data about your vacation dates, trainings, performance information, medical examination decisions in accordance with Occupational Health and Safety Act, etc;
4.3.6 photo/video: photo and/or video of you made during the Employment.
4.4 If you wish to obtain more specific overview of the personal data 1oT processes specifically about you, please contact 1oT through the contact information provided in the section "Contacts" below or turn to your supervisor.5. WHAT IS THE LEGAL BASIS FOR PROCESSING EMPLOYEE PERSONAL DATA?
5.1 1oT processes Employee personal data to fulfil our obligations under employment or other contract entered into with you. Legal basis for such data processing is GDPR Article 6-1- (b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
5.2 1oT also processes Employee personal data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation. Main legal acts that 1oT is subject to in the context of a relationship under an employment contract is Employment Contracts Act, Accounting Act and Occupational Health and Safety Act. Legal basis for such data processing is GDPR Article 6-1-(c).
5.3 In certain specific situations 1oT also processes Employee Personal data where processing your personal data is necessary for the purpose of our legitimate interests pursued by us. For example, when we administer our IT systems or organize work or retain data until the end of the limitation periods under Applicable laws to protect our rights in case of any legal disputes. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate, and your privacy is not infringed.
5.4 In certain specific situations 1oT also might process Employee personal data based on Employee consent (for example if we want to offer certain benefits for our Employees that require personal data processing). In such cases Employee is never obligated to grant consent and consent shall be based on the free will of the Employee. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process your personal data on the terms as provided in the consent that you have granted to us.6. WHEN DO WE SHARE YOUR PERSONAL DATA AND USE OF DATA PROCESSORS?
6.1 1oT may share your personal data with third party suppliers or service providers, e.g. IT suppliers or other service providers or intra-group. At the moment of adopting this Privacy Notice, we use the following core service providers:
6.1.1 accounting services provider provision for payroll and holiday calculation.
6.2 All our third-party service providers and other entities with whom we share personal data are required to take appropriate security measures to protect personal data in accordance with Applicable law. 1oT never allows third party service providers to use your personal data for their own purposes, but we only permit them to process your Personal data for specified purposes and in accordance with our instructions.
6.3 As a general rule, 1oT processes personal data only within EU/EEA area. When transferring personal data to third countries, we will ensure that the transfer is subject to appropriate safeguards under GDPR and that your rights are protected. If your personal data is transferred outside the EEA, you may ask to receive a copy of adopted safeguards.7. HOW LONG IS YOUR PERSONAL DATA RETAINED?
7.1 1oT does not retain personal data longer than it is necessary for the purposes of processing personal data or required pursuant to Applicable law.
7.2 1oT retains personal data in line with the following retention periods:
7.2.1 employment contracts are retained for the duration of the employment contract and for 10 years after the expiry of the contract pursuant to Employment Contracts Act;
7.2.2 accounting documents are retained for 7 years as of the end of the financial year when a business transaction was recorded in the accounting journals and ledgers on the basis of the source document pursuant to Accounting Act;
7.2.3 data concerning investigations of occupational accidents and occupational diseases are retained for 55 years pursuant to Occupational Health and Safety Act;
7.2.4 occupational health medical examination decisions are retained for 10 years after the termination of the employment relationship with an Employee pursuant to Occupational Health and Safety Act;
7.2.5 other documents collected during the term of the employment contract (if you have entered into employment contract with 1oT) containing personal data are retained for 1 year after the termination of the employment relationship on the basis of our legitimate interest pursuant to GDPR until the end of the limitation periods under Employment Contracts Act and under Equal Treatment Act;
7.2.6 contracts for services and other data and documents collected during the term of the contract for services (if you have not entered into employment contract with 1oT, but provide services to 1oT under contract for services) containing Personal data are retained for 3 years after the termination of contractual relationship on the basis of our legitimate interest pursuant to GDPR until the end of the limitation periods under General Part of the Civil Code Act;
7.2.7 personal data collected about the Candidates with whom we did not enter Employment are retained for 1 year after making the recruitment decision on the basis of our legitimate interest pursuant to GDPR until the end of the limitation periods under Equal Treatment Act.
7.3 If you wish to obtain more specific overview of the retention periods of the personal data 1oT processes specifically about you, please contact 1oT through the contact information provided in the section "Contacts" below.
8. HOW DO WE PROTECT YOUR PERSONAL DATA?
8.1 To protect your personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.9. YOUR RIGHTS
9.1 1oT is dedicated ensuring that all data subject rights arising under Applicable law are always guaranteed to you. In particular, any data subject has:
9.1.1 the right to access the personal data processed by 1oT;
9.1.2 the right to request that Employer rectifies any inaccurate personal data about him/her; 9.1.3 the right to request 1oT to erase personal data and/or restricts of processing of personal data if we do not have valid legal basis for processing;
9.1.4 the right to receive personal data processed about him/her in a structured, commonly used and machine-readable format and have the right to transmit Personal data to another controller, provided this is technically doable;
9.1.5 the right to object to the processing of personal data by 1oT;
9.1.6 right to lodge a complaint to the supervisory authority if Data subject believes that his/her rights have been infringed (Data Protection Inspectorate in Estonia address Tatari 39, Tallinn 10134, info@aki.ee, www.aki.ee) or to court.
9.2 If you wish to exercise any of your data subject rights, please contact 1oT through the contact information provided in the section "Contacts" below or turn to your supervisor.10. GOVERNING LAW
10.1 This Privacy Notice is governed by the laws of the Republic of Estonia.11. CONTACTS
11.1 If you have any questions about this Privacy Notice or if you have any concerns about how Employer uses your Personal data or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information:
1oT OÜ
e-mail: hello@1oT.com
address: Järvevana tee 7b, 10112 Tallinn, Estonia