Terms and conditions of data protection
The terms and conditions of data protection describe the general principles and values as well as the procedure for processing personal data by Maksekeskus AS created on their basis. Maksekeskus respects everyone’s right to the protection of their personal data and takes the protection of personal data very seriously.
1. About us
Maksekeskus AS (“Maksekeskus” or “We”) provides various payment options to online traders. Our objective is providing a convenient and innovative service allowing online traders to save time and money via automatised payment systems and making the purchase process more convenient and effective for the client.
We are a subsidiary of Luminor Bank AS. We have the activity licence of a payment institution and we are supervised by the Financial Supervision Authority.
2. Principles of processing personal data
We respect the right of protection of personal data of every person and do our best to ensure that the personal data transmitted to us and collected by us are protected and kept confidential.
We process personal data legally, i.e., we will always have legal basis for processing personal data.
We establish clear objectives for processing personal data, notify of them in a relevant manner before processing, and process personal data for only these purposes.
We collect and process only the personal data which are relevant to the objective of processing personal data.
We adopt various measures (physical, technical, organizational) to protect personal data from unlawful or unauthorized destruction, loss, editing, disclosure, acquisition or unauthorized access.
When we process personal data on the basis of a person’s consent then the petition for consent is clearly distinguishable, clear and worded in an understandable manner. We notify and take it into account that every consent can always be withdrawn.
We regularly assess the risks related to processing personal data and apply relevant mitigation strategies to alleviate risks.
Due to requirements of the law, we may be obligated to disclose or allow access to personal data for official and supervisory institutions.
We may transmit personal data to our processor if this is necessary to achieve the purpose of processing personal data.
We require that our contractual partners act with care when processing personal data, avoid the unauthorised disclosure or improper use of personal data, and process personal data honestly and lawfully.
We will store personal data only as long as it is required pursuant to the law or the contract or necessary for our business. Upon expiry of storage, we delete personal data permanently.
Adherence to the terms and conditions of data protection is integrated into our daily activities, services and processes and our development process.
We have internal procedure rules in force for performance of the requirements established in the terms and conditions of data protection. We understand that the performance of internal procedure rules takes place via our employees and therefore we consider it important and contribute to our employees being aware of and adhering to the requirements of the internal procedure rules. We expect each of our employees to respect the requirements of data protection.
3. Personal data, legal basis for processing personal data
We process personal data in the course of our daily economic activities in line with the requirements of law in force in Estonia, incl. the General Regulation. Depending on the given relationship, we may be a controller or processor of personal data.
As a processor, we obtain personal data from contractual partners, primarily e-traders. As a controller, we receive personal data directly from the data subject (“You”).
The controller establishes the purposes and means of processing personal data. As processor, we process personal data according to the written instructions of a controller.
4. Contents of personal data to be processed
We process, inter alia, the following personal data:
(1) personal information, such as name, job title, position, occupational identity numbers, country of issue of passport, passport number, business entity (incl. contact information collected for verification, incl. on the actual beneficiary);
(2) contact information, e.g., e-mail address, telephone numbers, IP address;
(3) payment data, such as the account number, our unique transaction code, transaction information, card information, etc.;
(4) bank information, such as account number, name of bank.
5. Purposes of processing personal data
We may process personal data, inter alia, for the following purposes:
(1) preparing and concluding a contract, performing a contract (incl. provision of service), exercising contractual rights and obligations;
(2) exercising statutory rights and obligations;
(3) processing your inquiries and petitions;
(4) conducting satisfaction surveys and analyses of using the services and use of analysis results, incl. for marketing and development of our products and services;
(5) sharing information on our services, sharing our newsletters;
(6) advertising our products and services.
We may also process personal data for other purposes. We will attempt to ensure that you are notified of the purposes of processing at the time of obtaining the personal data. If this is not possible or reasonable, then we will attempt to notify you at first opportunity after obtaining or otherwise processing the personal data.
6. Cookies
When visiting our website, you can consent to the use of cookies, notified by a text displayed upon initial visit to our website. Cookies are small data files saved by our website in your device. We use session and persistent cookies. There are three types of session cookies:
Essential cookies – these allow you to access various parts of our website and are saved on your device while you visit the site. These cookies are crucial to the functioning of the website and cannot be switched off. Essential cookies are installed depending on your activities on the website, such as filling in forms. We process personal data using necessary cookies based on our justified interest.
Necessary cookies, including marketing and analytics – these allow us to count visits to the website and origin of traffic, analyse your movements on the website in order for us to measure and improve the capacity of the site. These cookies also allow us to be aware of your preferences of content on the website, allowing to provide the most relevant information on our products and services, improve the quality of our targeted marketing and improve user experience on the site. These cookies are forwarded to the social media channel in certain cases. We process personal data using analytical cookies based on our justified interest.
You may visit our website without consenting to cookies, by changing the privacy settings of your own browser. You can also delete cookies saved in your device so far. At the same time, all functions of the website may not work with prohibited or restricted cookies.
A persistent cookie is generated if you decide to use the option on our website to save your personal data in the scope of the Simple Checkout solution. We use the persistent cookie to offer you the Simple Checkout solution and to make your online shopping more comfortable with selected traders.
7. Your rights regarding personal data.
You have the following rights regarding your personal data:
The right to review personal data – You have the right to know which personal data we store about you and how we process them, incl. the right to know the purpose processing, persons to whom personal data are disclosed, information on making automatised decisions and the right to request copies of personal data.
(2) The right to amend personal data – You have the right to request that insufficient, incomplete and untrue personal data be amended.
(3) The right to withdraw consent to process personal data – You have the right to withdraw your consent to us processing personal data at any time. Please keep in mind that the withdrawal of consent does not impact the legality of processing which took place on the basis of the consent before the withdrawal.
(4) The right to deletion of personal data (“the right to be forgotten”) – You have the right to request that we delete your personal data (e.g., if you withdraw consent to processing of personal data or if personal data are no longer needed for the purpose for which they were collected). We have the right to refuse to delete personal data if processing of personal data is necessary to perform our legal obligation, exercise the right to freedom of speech and information, prepare, submit and defend legal claims, or in public interests.
(5) Right to restrict processing – In certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (e.g., if you have objected to data processing).
(6) Right to object – You have the right to object to the processing of your personal data if the processing of your data is carried out based on our justified interest or public interest. Processing of data for the purpose of direct marketing may be objected to at any time and we will react immediately.
(7) Right to transfer of data – If the processing of your personal data is based on your consent and personal data are processed automatically, then you have the right to obtain personal data concerning you, which you have submitted to us as controller, in a structured, generally used format and machine-readable form, and you have the right to forward personal data to another controller. You also have the right to request that we forward personal data directly to another controller if this is technically viable.
(8) Making automated decisions (incl. profile analysis) – if we have informed you that we carry out decisions based on automated processing (incl. profile analysis) which results in legal consequences that concern you or has a significant impact on you, then you may request that an automatic decision not be made based on automated processing alone.
(9) Submitting a complaint. You have the right to submit a complaint against us regarding the processing of personal data to the Data Protection Inspectorate (www.aki.ee).
If you want to exercise your right regarding personal data or ask questions about the terms and conditions of data protection, please send us an inquiry by e-mail at support@maksekeskus.ee. We will respond to your inquiry by e-mail within one month at the latest as a rule. Please keep in mind that we have to verify your identity before we can issue any requested information regarding your personal data.
8. Safety of personal data
- Safety measures applied
We adopt various measures (physical, technical, organisational) to protect personal data from unlawful or unauthorised editing, disclosure, acquisition, destruction, loss or unauthorised access.
- Reporting and processing violations
If you have any information regarding an actual or suspected violation, please report this to us immediately at support@maksekeskus.ee. We will immediately handle the issue, drawing up a solution plan if necessary and notifying the Data Protection Inspectorate.
9. Disclosing personal data
Please keep in mind that due to requirements of the law, we may be obligated to disclose or allow access to your personal data for official and supervisory institutions.
We will disclose your personal data to persons in the same group as us, to our processors, as well as persons who are legally entitled to receive personal data.
If we conclude a contract with a processor for processing personal data then we ensure the presence of suitable contractual measures to protect personal data.
10. Geographic area of processing
As a rule, we process personal data within the EEC. If we need to transmit personal data outside the EEC then the transmission occurs according to the requirements of the GDPR.
11. Storing personal data
We store personal data as long as it is mandatory or permitted according to the law or necessary to achieve the objectives specified in the terms and conditions of data protection.
After the expiry of the term of storing personal data, we will delete personal data for good.
12. Our contacts
The contact information of Maksekeskus is available at the website https://makecommerce.net/contact.
The email address of our data protection specialist: dpo@maksekeskus.ee.
13. Updating the terms and conditions of data protection
We may update the terms and conditions of data protection from time to time. The currently valid terms and conditions of data protection are available on our website.