For AS Stokker (hereinafter Stokker), the privacy of individuals and the protection of personal data are important. We have developed a privacy policy that sets out the grounds, purposes, terms and conditions for processing personal data as well as rights related to the personal data of data subjects.
The privacy policy covers the processing of the customer’s personal data by Stokker and Tenor OÜ (hereinafter Tenor) in the provision of the service to the customer, incl. through the customer’s use of the www.stokker.ee website.
1. Definitions
1.1 Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier (e.g. name, an identification number, location data, an online identifier) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2 Processing means any operation which is performed on personal data or on sets of personal data, whether or not by automated means (e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction).
1.3 Controller means the natural or legal person, public authority which is the primary collector of personal data. The controller determines the purposes and means of the processing of personal data. In this case, the controller is AS Stokker, registry code 10165452, address Peterburi tee 44/4, 11415, Tallinn, Harju County, e-mail stokker@stokker.com.
1.4 Processor means a natural or legal person, public authority which processes personal data on behalf of and under the instructions of the controller. In the process of granting credit, the processor is Tenor OÜ, registry code 12249503, Peterburi tee 44/5, 11415 Tallinn; Harju County, e-mail finance@stokker.com.
1.5 Third party means a natural or legal person, public authority, agency or body.
1.6 Personal data breach means accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
1.7 Data subject means a person whose personal data is processed (e.g. owner of the device etc.). In particular, customers of Stokker and Tenor customers and other persons visiting the www.stokker.ee website.
1.8 Cookie means a small text file that a website stores on your computer or mobile device when you visit the website. First-party cookies are cookies set by the website you visit. They can only be read by this website. In addition, the website may use external services, which may also set their own cookies, so-called third-party cookies. Persistent cookies are cookies stored on your computer that are not automatically deleted when you close your browser, unlike session cookies, which are deleted when you close your browser.
2. Principles
2.1 Principle of lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
2.2 Principle of purpose limitation – personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
2.3 Principle of data minimisation – personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
2.4 Principle of accuracy – personal data shall be accurate and, where necessary, kept up to date, inaccurate personal data are erased or rectified without delay.
2.5 Principle of storage limitation – personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purpose.
2.6 Principle of integrity and confidentiality – personal data shall be processed using appropriate technical or organisational measures that ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
3. Security of processing
3.1 We implement organisational, physical and information technology security measures to protect personal data.
3.2 Stokker may, in certain cases, use processors to process personal data. Stokker ensures that the processors process personal data in accordance with this policy, in accordance with applicable law and by implementing appropriate security measures.
4. Categories and sources of personal data processed
4.1 Stokker mainly processes the following personal data (the list is not exhaustive):
· personal data: given name and surname, personal identification code, position of the contact person;
· contact details: e-mail address, contact phone number, postal address;
· Internet data: use session data, cookies, website log data, and IP addresses;
· data on the right of representation: legal representative (parent, guardian, member of the management board of a legal entity, etc.) and principal.
4.2 Tenor mainly processes the following personal data (the list is not exhaustive):
· personal data: given name and surname, personal identification code;
· contact details: e-mail address, contact phone number, postal address;
· financial data: e.g. income, assets, liabilities, risk tolerance, past payment behaviour and payment default data, information on the performance of contracts entered into;
· relationship with legal entities: beneficial owner, member of the management or supervisory board;
· data on the right of representation: legal representative (parent, guardian, member of the management board of a legal entity, etc.) and principal;
· other data: position.
4.3. Stokker and Tenor mainly obtain your personal data in the following ways:
· from you yourself;
· upon the provision of the service, when you use the services provided by Stokker or Tenor, in the course of customer communication (e.g. communication by e-mail, transmitted data and documents) or if you are otherwise connected to the service provided by Stokker or Tenor (e.g. representative of a legal entity, beneficial owner, etc.);
· from other sources, in particular public and private registers (commercial register, credit or payment default register, etc.).
5. Purposes and legal grounds of processing
5.1 Stokker and Tenor process your personal data, inter alia, for the following purposes and on the following legal grounds: to perform and ensure the performance of a contract entered into with you, on the basis of your consent, for the performance of a legal obligation, or on the basis of legitimate interest (e.g. proving and defending the claims of Stokker and Tenor in court and out of court).
5.2 The table below shows the general cases of processing personal data, including the purposes, the data to be processed or their categories, and the legal basis for the processing:
Purpose | Category of data/data to be processed | Legal basis |
Establishing identity when providing services (incl. becoming a loyal customer, creating a user account on the website, entering into a cooperation agreement) | Personal identification data (incl. given name and surname, personal identification code) | Contract, law (Money Laundering and Terrorist Financing Prevention Act), consent |
Provision and proper performance of services (incl. entering into, preparation, performance of contracts, delivery of goods, invoicing, processing of warranty cases, issuing payment and credit conditions) | Personal identification data Contact details (e-mail address, contact phone number) Financial data Data on the right of representation Professional profile (incl. position) | Contract, law (Creditors and Credit Intermediaries Act), consent |
Assessing creditworthiness and managing credit risk (to ensure responsible lending and efficient risk management) | Financial data (incl. income, financial obligations, payment defaults) Professional profile | Law (Creditors and Credit Intermediaries Act, Law of Obligations Act), legitimate interest, contract, consent |
Promoting business activities (incl. making the website more user-friendly and carrying out technical improvements) | Use session data IP address | Consent |
Preparing anonymous usage statistics | Cookies, website log data | Consent |
6. Transmission of personal data to third parties
6.1 Stokker may transmit personal data to third parties if there is a purpose and a legal basis for doing so, inter alia, for the following purposes:
· to send marketing information;
· for feedback;
· to website hosting service providers to improve user experience;
· on a statutory basis to (investigative) authorities or insurers provided for by law.
6.2 Stokker may transmit personal data foremost to the following third parties:
· authorities – Stokker may be obligated to disclose and transmit the data of data subjects in order to perform their legal obligations (e.g. transmission of data to an investigative authority, Tax and Customs Board, out-of-court dispute resolution bodies, etc.);
· companies, persons and organisations for the performance of contracts entered into with the customer, for providing information and claims related to the contract and for providing services (e.g. sureties, guarantors, courier and postal service providers, persons carrying out customer surveys, etc.);
· financial and legal advisers;
· third parties maintaining registers (e.g. a payment default register or other registers in which customer data is stored or mediated, etc.);
· other persons providing services to Stokker and Tenor (incl. providers of video surveillance, communications, IT, web hosting).
6.3 Stokker and Tenor confirm that they transmit personal data to the aforementioned third parties only to the extent necessary to achieve the purpose of the specific processing. If a third party is considered to be a processor, Stokker and Tenor ensure that such third party implements adequate security measures to maintain the confidentiality of personal data.
6.4 A third party who processes personal data as an independent controller is obligated to inform the data subject about the processing of personal data, in which case Stokker and/or Tenor are not responsible for the circumstances related to the processing of personal data.
6.4. Under applicable law, Stokker and/or Tenor may be obligated to transmit personal data if this is mandatory in connection with a request made by an insurer pursuant to the Insurance Activities Act. In all such cases, Stokker and/or Tenor transmit personal data only if it is mandatory under applicable law and in compliance with all the principles applicable to the processing of personal data.
7. Processing of personal data of minor children
7.1 Stokker understands the importance of security in the processing of personal data of minors, implementing all relevant administrative and technological security measures in the processing of personal data of minors.
7.2 In the case of a child under the age of 13, the processing of personal data is carried out only if and to the extent that the child’s legal representative has given their consent.
8. Rights of the data subject
8.1 In relation to the processing of personal data, the data subject has the following rights:
· right of access – the data subject has the right to know what data have been collected concerning them and for what purposes they are being processed, to whom the data are disclosed, how long the data are stored, and what are the rights of the data subject in respect of rectification, erasure and restriction of processing;
· right to rectification – the data subject has the right to have personal data concerning them rectified if these data are inaccurate or incomplete;
· right to erasure – in certain cases, the data subject has the right to request that collected personal data concerning them are erased. This is in particular when the processing is based on the data subject’s consent, which has subsequently been withdrawn;
· right to restriction of processing – in certain cases, the data subject has the right to prohibit or restrict the processing of their personal data for a certain period of time (e.g. if the data subject has objected to data processing);
· right to object – the data subject has the right to object to the processing of their personal data if the processing is based on the legitimate interest of Stokker and/or Tenor (e.g. sending marketing offers or participating in a survey);
· right to data portability – if the processing of the personal data of the data subject is based on the consent of the data subject or on a contract entered into between Stokker and the data subject and the data are processed automatically, the data subject has the right to receive the personal data, which the data subject has provided to Stokker and/or Tenor, in a structured, commonly used and machine-readable format. The data subject also has the right to demand that Stokker and/or Tenor transmit the data directly to another service provider (where technically feasible);
· right to withdraw the consent to processing;
· right to lodge a complaint about the processing with the Data Protection Inspectorate or a court – if the data subject considers that the processing of personal data concerning them infringes the General Data Protection Regulation and other data processing requirements, the data subject has the right to turn to the Data Protection Inspectorate (website www.aki.ee) or a court to protect their rights and interests.
8.2 If the data subject wishes to exercise any of the rights specified in clause 8.1 (except for the right to turn to the Data Protection Inspectorate or a court), please contact Stokker at the e-mail address stokker@stokker.com. When submitting any request, take into account that Stokker is obligated to first verify the identity of the person, so we ask you to sign all requests digitally.
9. Retention of personal data
9.1 Stokker retains personal data in a manner that allows identification of data subjects for as long as it is necessary for the purposes provided above, excl. legal requirements.
9.2 Stokker destroys and/or deletes all personal data for the retention of which there is no purpose.
10. Use of cookies
10.1 A cookie is a small text file that a web browser automatically saves on the user’s device. We use cookies to collect anonymous and generalised statistics about the number of visitors to the website.
10.2 Website www.stokker.ee uses cookies to make the user experience more convenient.
10.3 By not accepting the use of cookies, you can block the cookies stored on the device. To do this, you need to change the browser settings. If cookies are not used, not all services may be available.
11. Amendments to the privacy policy
11.1 Stokker updates the privacy policy as necessary. Stokker has the right to unilaterally amend the privacy policy at any time in accordance with the legislation, notifying customers of the changes via the website no later than one month before the changes take effect.
12. Contact
12.1 If you have any questions regarding the processing of personal data, please contact the data protection specialist: AS Stokker, Peterburi tee 44, Tallinn, 11415, stokker@stokker.com, tel. 6 201 134
How can the user change and restrict the use of cookies?
If the user does not want to use cookies on their device, they need to change the privacy settings of their browser. It is worth considering that blocking all cookies may help to protect the user’s privacy, but at the same time limit the possibilities of using some websites. The user may start by blocking the use of all cookies in the browser. In the future, based on the user experience, they will only allow cookies for websites that they trust. The following links provide instructions on how the user can configure cookie and security settings of the most common web browsers:
Cookies necessary for the functioning of the site
Name | Description | Expiration period/validity |
ci_sessions2018 | Used to correctly display the content of a website. | 24 hours |
CookieConsent.necessary | Used to track which cookies have been accepted. | 7 days |
CookieConsent.statistics | Used to track which cookies have been accepted. | 7 days |
CookieConsent.nonclassified | Used to track which cookies have been accepted. | 7 days |
CookieConsent.preference | Used to track which cookies have been accepted. | 7 days |
CookieConsent.advertising | Used to track which cookies have been accepted. | 7 days |
Statistics cookies
Name | Description | Expiration period/validity |
Google Analytics | ||
_ga | Used to generate statistical data on how a visitor uses a website. | 2 years |
_gid | Used to generate statistical data on how a visitor uses a website. | 24 hours |
_gat | This cookie is used to control the rate of requests in order to limit the collection of data on frequently visited websites. | 1 minute |
Advertising cookies
Name | Description | Expiration period/validity |
_fbp | Used to show advertising on Facebook to distinguish unique visits. | 90 days |
_fbc | This cookie is set only when the user lands on our website through advertising and the destination URL contains the click identifier “fbclid” | 90 days |