logo

Privacy Policy



  1. Introductory Provisions
  2. Definitions
  3. Principles of Processing and the Security of Personal Data
  4. Processing of Personal Data When Providing Services on the Website
  5. Rights of Data Subjects


1.Introductory Provisions

CV-Online Estonia OÜ  is an organisation with a long tradition of providing services to entities operating on the labour market. It is the strategic objective of CV-Online Estonia OÜ to ensure financial and economic stability, improve the quality of the services provided, develop good relationships with its partners, and enhance the company's reputation.

Implementing these objectives depends on the constant improvement of the management quality, as well as the quality and efficiency of the provided services that apply the latest IT-assisted procedures. We realise that the security and protection of personal data is an integral part of the use of information technologies.

The Security Policy of CV-Online Estonia OÜ stipulates the necessary and economically appropriate measures to protect the assets of the information system, individuals, and property, and to implement security mechanisms into the system of technologies used.

The management of CV-Online Estonia OÜ is responsible for proper risk assessment and its efficient management with respect to the protection of assets that are essential for ensuring the proper functioning of the organisation. The primary objective of managing such risks is to prevent, manage, and recover from security incidents.

To protect vital assets falling within internal security, we have, in cooperation with experts, applied security measures that are adapted to the latest knowledge and needs of the organisation. In designing them, we implemented technical and organisational measures that aim to:


  • ensure the availability, integrity, and reliability of management systems through state-of-the-art information technologies,
  • protect sensitive commercial and personal data from being lost, damaged, stolen, modified, or destroyed, and to maintain the confidentiality of the processed data,
  • identify potential problems and sources of disruption and to prevent them.


Therefore, CV-Online Estonia OÜ has adopted appropriate technical and organisational measures to ensure the level of security in the processing of personal data (including the DPIA dossier), and has developed a security project that is regularly updated and defines the scope and method of security measures needed to eliminate and minimise threats and risks affecting our company's information systems.

CV-Online Estonia OÜ processes the personal data of the Data Subjects exclusively in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC on the protection of personal data. Profesia, spol. s r.o. is an operator of personal data as the company operating in the same group of companies as CV-Online Estonia OÜ (both owned by Alma Career Oy).

CV-Online Estonia OÜ has issued this document, which includes the basic rules for the processing of personal data in providing services through the website www.palgad.ee (the "Website"). CV-Online Estonia OÜ reserves the right to amend and supplement this document, while informing its business partners immediately by posting any changes on the Website and specifying the date from which such changes take effect. All rights which are not explicitly provided for herein shall be governed by the General Terms and Conditions of CV-Online Estonia OÜ and by the applicable Estonian legal regulations.

This document is in accordance with the applicable provisions of:


  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC on the protection of personal data (the "Regulation"),


The Privacy Policy is always available at www.palgad.ee


2.Definitions

Personal data is any information regarding an identified or identifiable natural person ("Data Subject"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or a reference to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Data Subject means the person to whom the personal data relates.

Operator is a natural or legal person, a public authority, an agency, or other entity that, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, the operator or the specific criteria for the operator's designation may be determined by Union law or by the law of a Member State.

Client is a natural or legal person who uses or plans to use the services provided on the Website.

What personal data do we request from you and why do we process it?

In order to handle your order properly and to provide good services, we need to know the Data Subject's e-mail address, as our services are rendered through electronic communication.


3.Principles of Processing and the Security of Personal Data

Personal data must be:


  • processed lawfully, fairly, and transparently in relation to the Data Subject ("legality, justice, and transparency"),
  • obtained for specified, explicit, and legitimate purposes, and may not be further processed in a way that is incompatible with those purposes ("purpose limitation"),
  • reasonable, relevant, and limited to the extent necessary for the purposes for which it is processed ("data minimisation"),
  • correct and, if necessary, updated; all necessary measures must be taken to ensure that personal data that is incorrect in respect of the purposes for which it is processed is erased, corrected, or deleted without delay ("correctness"),
  • stored in a form that permits the identification of Data Subjects as long as it is necessary for the purposes for which the personal data is processed ('minimisation of storage"),
  • processed in a manner that guarantees the reasonable protection of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage, through appropriate technical or organisational measures ("integrity and confidentiality").


The Operator is responsible for compliance with the above principles and must be able to demonstrate this compliance ("responsibility").

The processing of personal data is legal only if and only to the extent that at least one of the following conditions is met:


  • the Data Subject has consented to the processing of his/her personal data for one or more specific purposes,
  • processing is necessary for the performance of the contract to which the Data Subject is a party, or to take measures prior to the conclusion of the contract at the request of the Data Subject,
  • processing is necessary to fulfil a legal obligation of the Operator,
  • processing is necessary in order to protect the vital interests of the Data Subject or another natural person,
  • processing is necessary to fulfil a task carried out in the public interest or in the exercise of public authority entrusted to the Operator,
  • processing is necessary for the purposes of legitimate interests pursued by the Operator or a third party, except where such interests are prevailed over by the Data Subject's interests or fundamental rights and freedoms that require the protection of personal data, in particular where the Data Subject is a child.


The Operator is particularly obliged:


  • to determine, prior to the commencement of personal data processing, the purpose of personal data processing, which needs to be clear and defined unequivocally and specifically, and must be in compliance with the Estonian laws as well as the laws and international treaties by which the Estonian Republic is bound,
  • to determine the conditions of personal data processing so as not to limit the Data Subject's right stipulated by the law to obtain personal data exclusively for the designated or specified purpose; it is inadmissible to obtain personal data under the pretext of another purpose of processing or another activity,
  • to ensure that only personal data the scope and content of which match the said purpose of processing and are required to achieve said purpose is processed,
  • to ensure that personal data is processed and used solely in the manner corresponding to the purpose for which it was collected; the combining of personal data obtained for various purposes is inadmissible,
  • to ensure that the collected personal data is processed in a manner enabling the identification of the Data Subjects only during a period no longer than is necessary to achieve the purpose of the processing,
  • to destroy or anonymise personal data whose purpose of processing has ceased to exist; once the purpose of processing ceases to exist, personal data may only be processed to the extent necessary for historical research, scientific research and development, or for statistical purposes. When processing personal data for the purposes set forth in the previous sentence, the Operator is obliged to mark and anonymise such data.


4.Processing of Personal Data When Providing Services on the Website

Website visitors can easily compare their salaries or order a salary analysis, taking into account the job position and region specified in a short online form.

Website visitors can also enter their e-mail address when completing the online salary comparison form. Since under the Regulation and the Act an e-mail address may be considered personal data, it is essential that the Data Subject gives consent to the processing of personal data before submitting his/her e-mail.

The e-mail address of the Data Subject serves for the quarterly delivery of the salary comparison processed by the Operator. The consent can be revoked at any time, otherwise the consent will expire after 1 year from the date of its issue, and the data in the scope of the e-mail address will be deleted. Please send your request to revoke your consent to the e-mail address [email protected] or to the address of our registered office: CV-Online Estonia OÜ, Pärnu mnt 158/1, 11317 Tallinn, Harju county, Estonia.

What personal data do we request from you and why do we process it?

In order to handle your order properly and to provide good services, we need to know the Data Subject's e-mail address, as our services are rendered through electronic communication.

The user may also give individual consent to the use of personal data for a period longer than 1 year. Practically, this data will be used to statistically track the development of the salary of the individual who provided the e-mail address, which will not be communicated to anyone other than the user. In this case, you consent to the processing of your personal data for a period that is not expressly limited. You can still withdraw your consent to processing your personal information at any time using an e-mail message with information about your salary that we will send you.

Cookies

Cookies are small data files that are downloaded onto the device (PC, tablet, mobile phone, etc.) while using the Website. The Operator uses cookies to examine the effectiveness of the Website. Cookies generally do not contain any information intended to identify individual persons, but instead are used to identify the browser on a specific device. Cookies may be temporary or may permanently remain on the device even after closing the browser for the time specified in the cookie. These permanent cookies can be checked every time the Website is visited. The information we collect through the Website includes: browser type, the web address from which the Website was visited, the device operating system, and the IP address of the device. To display more relevant ads, some cookies are set up by a third party advertising system, such as Google Adsense. This can be disabled in the Google account. The computer can be set to refuse cookies, although in that case some of the page functionalities will not work.

5.Rights of Data Subjects

The Operator will take appropriate measures to provide the Data Subject with all the information referred to in Articles 13 and 14 of the Regulation and all communications under Articles 15 to 22 and Article 34 of the Regulation relating to processing, in a concise, transparent, comprehensible, and easily accessible form, clearly and easily formulated, especially in the case of information intended specifically for a child. Information shall be provided in writing or by other means, including where appropriate by electronic means. If the Data Subject so requests, the information may be provided orally, as long as the identity of the Data Subject has been proven in another way.

The Data Subject has the right to obtain from the Operator a confirmation if personal data concerning him/herself has been processed and, if so, he/she has the right to access this personal data and the following information:


  • processing purposes;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data has been or will be provided, in particular recipients in third countries or international organisations;
  • where possible, the foreseeable period of retention of the personal data or, if that is not possible, the criteria for its determination;
  • the existence of the right to require the Operator to correct personal data relating to the Data Subject or to erase or restrict the processing thereof, or to object to such processing;
  • the right to file a complaint with a supervisory authority;
  • where personal data has not been obtained from the data subject, any available information as to their source;
  • the existence of automated decision making, including profiling.


The Data Subject has the right to require the Operator to correct any incorrect personal data relating to him/her without undue delay. With regard to the purposes of the processing, the Data Subject has the right to supplement incomplete personal data, including through the provision of a supplementary statement.

The Data Subject is entitled to request that CV-Online Estonia OÜ delete his/her personal data. All consent to the processing of personal data provided to Profesia, spol. s r.o. is revocable. Please send your application to the e-mail address: [email protected]

The supervisory authority is the Estonian Data Protection Inspectorate of the Estonian Republic. The Data Subject is entitled to file a complaint with the supervisory authority.

In case of questions, please contact the person responsible for the processing of your personal data: Mr. Vesse Vesiaid, CV-Online Estonia OÜ, e-mail: [email protected]

In Estonia, on 24/05/2018        Mr. Agu Vahur, Chief Executive Officer of CV-Online Estonia OÜ