CLIENT DATA PROCESSING RULES

In accordance with the requirements of the Personal Data Protection Act of the Republic of Estonia, the User/Client and the Company shall comply with the personal data protection laws, including, but not limited to, the General Data Protection Regulation (GDPR).

LensLegal OÜ (hereinafter “Company”) processes personal data only to the extent and in the manner necessary for the fulfilment of the Company’s obligations towards the Client and for the provision of Services. The main purpose of client data processing is to perform and manage the contracts concluded with the client. Processing may be carried out, for example, to conduct due diligence before signing a contract, or to enter into, perform and terminate a contract.

The Client is obliged to ensure the availability of all the required notifications and authorisations for the lawful provision of personal data to the Company and also to guarantee that all data subjects have been or will be notified of the processing of their personal data in connection with this Agreement.

Please read our Confidentiality Policy and give your consent to the processing of your personal data. If you have any questions, feel free to email us at info@lenslegal.ee. Thank you!

 

DEFINITIONS:

Client – any natural or legal person who uses, used or has declared their intention to use the Company’s services or is otherwise linked to them. The Rules also apply to client relationships which were in place before the Rules entered into force.

Company – LensLegal OÜ (registry code: 16132761), which is a private limited company registered in Estonia (hereinafter “Company” or “LensLegal OÜ”).

Client Data Processing Rules – the principles based on which the Company processes client data and which are described in this Confidentiality Policy (hereinafter also “Rules”).

Processor – any natural or legal person wo processes personal data on behalf of the Controller.

Controller – any natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. Under these Rules, the controller is the Company.

The Company’s website is www.lenslegal.ee.

Data protection enactments – all data protection enactments with which the Company is obliged to comply, including the EU General Data Protection Regulation (GDPR) and any domestic enactments ensuring the fulfilment of the said regulation.

Legislation – all legal enactments, orders and regulations applicable to the Company, including legal enactments pertaining to taxation, accounting, financial entrepreneurship, and prevention of money-laundering.

 

GENERAL PROVISIONS

1.1. These Rules provide explanations and information about how the Company gathers, stores, uses and protects personal data of users and clients. When starting to use the Company’s services, you accept this Confidentiality Policy by establishing a business relationship with the Company. You also undertake to comply with the laws of your jurisdiction.

1.2. The protection of your personal data is our priority. This document determines the procedure for using confidential information and the procedure for gathering and using your personal data. You give your consent to the method of processing your data described herein by putting a tick in the relevant box at the end of these Rules.

1.3. The Company undertakes to ensure the security of your information and manage it in accordance with our legal obligations under the laws regulating privacy and personal data protection in the Republic of Estonian and the European Union. The Company uses your personal data only in accordance with this Confidentiality Policy and the applicable laws of the Republic of Estonia. The Company may also gather anonymous demographic data which are not unique to you.

1.4. We do not gather any personal information about you if you do not provide it to us voluntarily. Nonetheless, we may need you to provide certain personal details if you decide to use certain services available on our website. Such details may include the following:

  • given name and surname;
  • telephone number;
  • e-mail address;
  • service description;
  • other details/information which you submit:
    • through our website (info@lenslegal.ee);
    • through our mobile app;
    • through our social media accounts in Facebook, LinkedIn, etc;
    • by communicating with us by phone, via e-mail or in another way; all the details/information are submitted by you on a voluntary basis.
  • information about reliability and due diligence, including, information about financial conduct; information allowing the Company to take due diligence measures to prevent money laundering and terrorist financing and to comply with international sanctions, including information about the purpose of a business relationship and the status of a politically exposed person; information about the origin of funds, including the Client’s business partners and business activities.

1.5. We store your data only for as long as is necessary to accomplish the purpose for which it has been registered and used. For instance, pursuant to the Money Laundering and Terrorist Financing Prevention Act, we can keep copies of identity documents of clients, identity details of beneficial owners and other details obtained in the course of the identity verification process and also original paperwork pertaining to bank accounts and/or contracts for five years after the completion of a legal transaction or termination of a business relationship with a client, and this term may be further extended for two years.

1.6. We use your information primarily (but not solely) to communicate with you in connection with the services you have requested from us. We can also gather additional personal or non-personal information in the future.

 

ACCEPTANCE OF THE COMPANY’S CONFIDENTIALITY POLICY

2.1. Using the Company’s Website and/or services you confirm that you have read and understood these Rules. The Company reserves the right to revise these Rules at any time by posting the new version on the Website. It shall be deemed that you have read and understood the latest version every time you use the Company’s Website or services. We recommend that you visit this page regularly to receive the latest information about our methods for ensuring confidentiality.

 

EXCHANGE OF INFORMATION WITH THIRD PARTIES

3.1. The Company may share information with authorised partners who help the Company to conduct statistical analysis, send you electronic or regular mail, provide customer support or organise the delivery of paperwork. All those third parties are prohibited from using personal data for purposes other than the provision of the services listed above and are obliged to ensure the confidentiality of your information.

3.2. The Company may disclose your personal data without giving prior notice thereof if this is required by law or if the Company is acting in good faith to:

(a) comply with the statutory requirements for the provision of online services;
(b) protect the Company’s ownership rights; and/or
(c) protect the personal safety of the Company’s clients or the public in extraordinary circumstances.

The personal data we have may be provided to:

  • other partner companies (affiliated companies);

We may provide personal data to other (affiliated) companies only if this is necessary for administrative purposes and for rendering professional services to our clients.

  • third parties which provide data processing and IT services to the Company;
  • credit and payment institutions for identity and bank account verification purposes.

3.3. We use external organisations to receive support in providing our services and also assistance with launching, making available and managing our internal IT systems. The following tasks are outsourced to IT and cloud software providers: identification management, website hosting and administration, data analysis, backup, security and storage.  The servers that ensure and facilitate the work of cloud infrastructure are located in secure data processing centres around the world and personal data may be stored in any of them. Your personal data may be disclosed to the following entities for the purpose of fulfilling the client agreement and providing the services:

  • third parties which help us provide goods, services and information;
  • auditors, lawyers and other professional consultants;
  • law enforcement, government and regulatory authorities and other third parties in accordance with the requirements and applicable legislation.

3.4. We can receive requests from third parties authorised to obtain personal data (Financial Supervision Authority, Financial Intelligence Unit, etc.) for the purpose of making sure that the Company complies with the statutory provisions, investigating crimes and protecting the lawful rights of Clients. We will act on such requests only if we are permitted do so by the legislation and regulations in force.

3.5. The Company may track websites and pages of our users to establish which services are more popular.  This information is used to provide individualised content and advertisements within the Company to clients whose behaviour suggests that they may be interested in particular subject areas.

3.6. Information about your computer and software may be gathered by the Company automatically. This information may include your IP-address, browser type, domain names, time of access and websites to which you refer.  This information is used for the functioning of the services, maintenance of the quality of customer service and also for provision of general statistics about the use of the Company’s website.

 

YOUR RIGHTS

4.1. You can get information about what personal data we register and use and for what purposes. You can get information about how long your personal data is stored and who receives it to the extent to which we disclose it. Your right of access can be restricted by law, in order to protect the privacy of other persons, and in view of our activities and practice.  Our know-how, business secrets and internal assessments and materials may also be unavailable for examination.

4.2. If your personal data is incorrect, incomplete or not up-to-date, you can request that it be corrected.

 

PROTECTION OF INFORMATION

5.1. We invest heavily into the protection of your personal information from loss, inappropriate use, unauthorised access, modification and disclosure. However, no Internet website can be 100% secure, so we cannot be held responsible for any unauthorised or unintentional access which is beyond our control.

5.2. Access to information making it possible to carry out identification is granted only to those employees who need that information to perform their specific job duties (e.g. layers, internal control department).

 

CONTACT INFORMATION

6.1. If you have any questions or need more detailed information about our Confidentiality Policy and principles of personal data processing, feel free to email us at info@lenslegal.ee.

6.2. The Company’s contact details are also available on our website at www.lenslegal.ee.