Last update 25.10.2018
This document describes how Scanfil Oü (hereinafter ”Scanfil”) and its staff process the personal data of visitors visiting Scanfil’s premises. Scanfil acts as a controller to such personal data.
As a controller, Scanfil is responsible for such personal data, and for the processing of such personal data. Protecting the data subjects’ privacy and personal data is of utmost importance to Scanfil. Scanfil is committed to complying with the requirements of data protection regulation applicable to us in the processing of your personal data. The means and purposes of processing the personal data are described in more detail in this document.
The EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) applies to all processing of personal data as a general law. Processing of personal data must always be based on a legal ground set forth in the GDPR, throughout the entire processing time from collecting of data till anonymization of data.
Processing of visitors’ data is based on the following grounds:
Scanfil processes the following visitors’ personal data for the purposes of providing the visitors information during the visit, entering into nondisclosure agreements with visitors and for managing visitor records. Scanfil has additionally implemented camera surveillance in its premises for the purposes of protecting property and ensuring safety.
Visitors’ personal data processed by Scanfil:
Furthermore, Scanfil may process adjustments data of the above mentioned data categories.
Scanfil collects data concerning visitors primarily from the visitors themselves. Data is also collected through automatic camera surveillance in Scanfil’s premises.
Scanfil may transfer visitors’ personal data to third parties in the following manner in order to fulfil the purposes of processing described in this document. When personal data are transferred to a body which processes personal data on behalf of Scanfil (i.e. data processor) Scanfil has through contractual arrangements ensured that personal data is processed only in accordance with Scanfil’s written instructions and merely for the purposes described in this document and that access to personal data is only allowed for persons who need access to data based on their tasks.
In addition, Scanfil may disclose personal data with the entities belonging to the same group of companies with Scanfil for a number of different purposes (such as centralized group functions, including without limitation globally accessible business contact management services, intra-group communication, coordination and reporting). Such an exchange of information involves intra-group transfers of personal data between Scanfil group entities located in different parts of the world. Scanfil may additionally disclose personal data for instance to authorities within the limits allowed or required in currently applicable legislation.
Scanfil or such data processor that processes personal data on behalf of Scanfil retains personal data in accordance with applicable legislation for as long as data retention is necessary for the purposes of processing. When Scanfil no longer needs the data for the purposes de-scribed in this document, the data are removed from Scanfil’s and/or processors’ data systems and other data files and irrevocably anonymized. In normal cases data is removed after one year. The aforementioned does not, however, apply to data subject to statutory retention period.
Visitors’ personal data are principally removed when personal data is no longer necessary for the purposes of processing. Where the personal data is collected on the basis of an obligation based on applicable law, the retention time of personal data may also be subject to explicit statutory requirement. Scanfil may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should Scanfil need the personal data to establish, exercise or defend a legal claim, on a need to know basis only.
Scanfil ensures the safety and protection of visitors’ personal data against security breaches with firewalls, passwords and other technical safeguards. Data systems and their backups are located in locked facilities. Access is allowed only for persons who need access to the data in order to perform tasks or for fulfilling the purposes of processing. Persons processing the data are not allowed to disclose these data to third parties.
The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Scanfil to the extent Scanfil acts as the controller to the personal data of the data subject in question.
Requests relating to the aforementioned rights shall be directed to the contact person mentioned in section 2 of this document.
In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Estonia to the Estonian Data Protection Inspectorate, in accordance with its instructions. The website of the Estonian Data Protection Inspectorate can be found here.
Scanfil may, from time to time, change this document. You can tell when changes have been made to this document by referring to the “Last Updated” legend at the top of each page of this document. Scanfil encourages you to review this document regularly for any changes.
© Copyright Scanfil 2018. All rights reserved.
You may refuse to accept cookies from our website and delete existing cookies by selecting the appropriate settings on your browser. If you wish to do so, please refer to your browser’s user guide to find out how to control cookies by adjusting your browser’s preferences.
Full Privacy notice for our website visitors can be found here: http://www.scanfil.com/privacy.html.