Data Protection Terms and Conditions of BCS Itera AS

Our privacy policy explains from whom and why we collect and process personal information.

Effective from April 1, 2025

These data protection terms and conditions describe the conditions for the processing of personal data that BCS Itera AS (hereinafter “Itera”) follows when processing personal data. We process personal data in accordance with the General Data Protection Regulation and the laws of the Republic of Estonia.

The purpose of these data protection terms and conditions is to provide clear and transparent information about how your personal data may be processed if you have contacted us or visit our website hrm4baltics.com.

We may amend these data protection terms and conditions as necessary. The current data protection terms and conditions are published on our website.

1. DEFINITIONS

TermDefinition
Data SubjectA natural person whose data is processed.
IteraBCS Itera AS (registry code 10653988, with registered address at Mäealuse tn 2/4, Tallinn 12618 Estonia).
GDPRRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC(General Data Protection Regulation).
Personal DataAny information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference toan identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of thatnatural person.
Applicable LawAll applicable legal acts of the European Union and all applicable legal acts of the Republic of Estonia, including, but not limited to, the national implementing acts of the GDPR, which are in force during the validity of these data protection terms and conditions or will enter into force after the publication of the data protection terms and conditions.
ProcessingAny operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such ascollection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, disseminationor otherwise making available, alignment or combination, restriction, erasure or destruction.
ControllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of thesedata protection terms and conditions, Itera is the controller of the personal data of employees.
ProcessorA natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
WebsiteThe website managed by Itera at hrm4baltics.com.

2. GENERAL PROVISIONS

2.1. As the controller, Itera processes personal data for the purposes set out in these data protection terms and conditions. When processing personal data, Itera complies with the Applicable Law, including the Personal Data Protection Act and other legislation concerning the processing of personal data.

2.2. When processing personal data, Itera adheres to the principles of personal data protection, including the principle of minimality, according to which we only process data that is necessary for the provision of services and the achievement of the purposes.

3. PERSONAL DATA PROCESSED AND PURPOSES OF PROCESSING PERSONAL DATA

3.1. Data processing for the performance of a contract or pre-contractual negotiations

Itera primarily processes personal data to provide services to its clients and to fulfill contractual obligations towards its clients. If Itera’s client is a data subject, the legal basis for the processing of personal data is Article 6(1)(b) of the GDPR. This means that the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. If the client or cooperation partner is a legal entity, we process data necessary to determine the right of representation.

The personal data processed primarily includes the contact details of the legal entity’s representative (name, email address, telephone number). We retain such data for up to 3 years after the termination of the contract or the last contact (General Part of the Civil Code Act § 146 (1)).

3.2. Data processing for compliance with a legal obligation

Itera also processes personal data when it is necessary for compliance with a legal obligation to which Itera is subject. For example, if Itera is required to disclose personal data by a court under a valid court order or judgment, or if personal data is requested by a law enforcement agency under a valid regulation. Similarly, if Itera is obliged to retain personal data, for example, under the Accounting Act or other applicable legislation. The legal basis for the processing of personal data in such cases is Article 6(1)(c) of the GDPR. This means that the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject. We retain such data (i.e., accounting documents) for 7 years in accordance with the Accounting Act (§ 12 (4) of the RPS).

3.3. Data processing based on consent

If you have given us separate consent to process your personal data, the legal basis for the processing of your personal data is the consent you have given. In this case, we process your personal data for the purposes specified in the consent and to the extent indicated in the consent. If you have given us consent to process your personal data, you have the right to withdraw the consent you have given us at any time. The legal basis for the processing of personal data in such cases is Article 6(1)(a) of the GDPR.

For example, with your consent, we may send you newsletters if you have expressed a desire to do so through our website. The information contained in the sent letter (including attachments) is intended for business use by the service user. The recipient of the information can unsubscribe from offers and newsletters sent to their email address at any time by informing us via email or by following the instructions in the email containing the offer.

3.4. Data processing based on legitimate interest

In certain cases, Itera may also process personal data when it is necessary for Itera’s legitimate interests. The legal basis for the processing of personal data in such cases is Article 6(1)(f) of the GDPR. Itera processes personal data based on legitimate interest only if such processing is not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Only data obtained from the data subject or generated in the course of the performance of a contract is processed based on legitimate interest.

Itera may have a legitimate interest in processing personal data when it is necessary for the establishment, exercise or defence of legal claims. For example, such a need may arise in a situation where the data subject has breached a contract. Also, when it is necessary to ensure the functionality of the website (see more details in the section on the use of cookies).

Itera may also process personal data in connection with employment relationships or when you apply for a job at Itera. Itera has adopted separate personal data processing terms and conditions that apply in connection with employment relationships and which will be provided to you if you work at Itera or apply for a job at Itera.

4. TRANSFER OF PERSONAL DATA AND USE OF PROCESSORS

4.1. Itera does not transfer personal data to third parties, except when legally entitled to do so under Applicable Law.

4.2. Itera may transfer personal data outside the European Economic Area (EEA). Itera only uses cooperation partners or processors who meet the requirements set out in the GDPR, and the transfer of personal data generally takes place to countries with an adequate level of protection. If the country does not have an adequate level of protection, Itera implements additional safeguards as stipulated in the GDPR.

4.3. Itera may use processors for the processing of personal data. The processors appointed by Itera, who may process personal data in limited cases, include, for example, IT service providers (server service providers, IT software consultants and/or developers) or other support service providers.

4.4. Itera only uses cooperation partners as processors in whose reliability Itera is convinced and who have undertaken to process personal data in accordance with Applicable Law.

5. USE OF COOKIES

5.1. Itera’s website uses cookies. Cookies are small text files containing information that is stored on a computer and used for tracking or identification.

5.2. The website uses third-party cookies. We have embedded videos on our website that are presented through the YouTube platform. You can review YouTube’s privacy policy and terms on the cookie provider’s page: https://www.google.com/policies/technologies/cookies/.

5.3. Specifically, we use the following cookies:

CookieDescriptionValidityType
_gaGoogle Universal Analytics cookie that helps distinguish unique users by assigning them a randomly generated ID number.1 year 1 monthThird-party cookie
_gidGoogle Analytics cookie that stores and updates a unique value for each page visited and is used to count and track page views.1 year 1 monthThird-party cookie
_ga_V4LDWVQ157Google Analytics cookie used to persist session state.1 year 1 monthThird-party cookie
_ga_QC5KF69HFVGoogle Analytics cookie used to persist session state.1 year 1 monthThird-party cookie
_gatGoogle Universal Analytics cookie used to throttle request rate – limiting the collection of data on high traffic sites.52 secondsThird-party cookie

5.4. You have the right to disable the use of cookies at any time by changing your web browser settings. In this case, please note that not all functions of the web browser may work correctly. Cookies can be disabled by following the instructions in the “help” function of your web browser. More information on how cookies work or how to disable cookies can also be found at allaboutcookies.org.

6. RIGHTS OF THE DATA SUBJECT

6.1. Itera ensures all rights of the data subject arising from Applicable Law.

6.2. Every data subject has, among other things, the following rights:

  • Right of access: the right to ask at any time whether Itera holds personal data about them or not, and to receive information about which personal data Itera processes about them;
  • Right to rectification: the right to request Itera to specify or correct their personal data if it is inaccurate, incomplete or incorrect;
  • Right to object: the right to object to the processing of their personal data by Itera, for example, if the use of personal data is based on Itera’s legitimate interest;
  • Right to erasure: the right to request the erasure of personal data, for example, if personal data is processed with the data subject’s consent and the data subject has withdrawn their consent;
  • Right to restriction of processing: the right to demand that Itera restrict the processing of personal data under Applicable Law, for example, if Itera no longer needs the personal data for the purposes of processing or if the data subject has objected to the processing of personal data;
  • Right to withdraw consent: if the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw the consent given to Itera at any time;
  • Right to data portability: the right to receive from Itera the personal data that the data subject has provided to Itera and that is processed on the basis of the data subject’s consent or for the performance of a contract concluded with the data subject, in writing or in a commonly used electronic format, and, if technically feasible, to request that Itera transmit this data to another controller;
  • Right to lodge a complaint: If the data subject believes that their rights have been violated in the processing of their personal data, they always have the right to contact the Data Protection Inspectorate with a claim or complaint – Tatari 39, 10134 Tallinn, info@aki.ee, aki.ee.

6.3. The rights of the data subject listed in this chapter regarding the processing of their personal data are not absolute rights. In certain cases, the rights of other data subjects or Itera’s legal obligations may limit the data subject’s rights.

6.4. To exercise the rights related to the processing of personal data or to submit requests related to the processing of personal data, please contact us using the contact details provided in the “Contact” section below.

7. SECURITY OF PERSONAL DATA

7.1. Itera undertakes to ensure the security of the processing of personal data, with the aim of protecting personal data against accidental or unauthorized processing, disclosure or destruction.

7.2. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons posed by the processing, Itera implements appropriate technical and organisational measures to ensure the security of personal data.

8. CONTACT

If you have any concerns or questions regarding our data protection terms and conditions, please contact us at: itera@itera.ee.