Valid from: 26 February 2023
At Sustaxo LLC (“Sustaxo” or we), we take your privacy seriously and work hard to ensure the privacy of your personal data. The services we provide are designed for businesses, however, we may need to process some personal data of individuals. This Privacy Notice explains what types of personal data Sustaxo collects, uses, and processes, how long we keep it, with whom we share it and to whom we transfer it, and what rights you can exercise in relation to your personal data.
This Privacy Notice applies to users of our self-assessment service on data.sustaxo.eu, visitors of our website and the processing of personal data of our business partners, customers, and vendor representatives.
1.
THE CONTROLLER AND PROCESSOR
The data controller is Sustaxo OÜ (registration code: 14306441), Tallinn, Estonia. The personal data collected is controlled and processed by the controller.
Processors of personal data are third parties with whom we may need to share your personal data to help us provide you with services and products.
2.DATA SUBJECT RIGHTS
Respect for the rights of the data subject is important to Sustaxo and will therefore be treated with particular attention. The data subject has the right to ask Sustaxo for information about the processing of his or her personal data. Please note that we need to verify your identity before we can assist you with any request relating to your personal data.
This means that when reviewing your request and in case of doubt, Sustaxo may ask for additional information to identify you as the data subject. We do this to be sure of the identity of the data subject and to make sure that we are providing the right information to the right person.
2.1. RIGHT FOR THE INFORMATION AND ACCESS
You have the right to access your personal data processed by Sustaxo. This right allows you to be aware of and control the type of personal data that Sustaxo processes about you and how it is processed. You can also contact Sustaxo and ask for the purposes for which we process your personal data if it is unclear or if you want to ask us further questions. We will endeavour to respond to you as soon as possible, but not later than within one month. In the case of more complex requests, we may need to extend the response time by one month or ask you to clarify your request or ask for more information.
2.2.RIGHT TO WITHDRAW YOUR CONSENT
Where the processing of personal data is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. Sustaxo will cease further processing of personal data where consent is the sole basis for the processing. If the processing is based on another legal ground (e.g., contract, legitimate interest), the processing may continue based on the valid legal ground.
2.3.RIGHT TO ERAUSRE („RIGHT TO BE FORGOTTEN “)
This right allows the data subject to have his or her personal data erased if one of the following conditions apply:
- the personal data are no longer necessary for the purposes for which they were collected or processed;
- the data subject has withdrawn his or her consent;
- the data subject objects to the processing and there is no overriding legitimate interest of the controller or a third party to continue the processing;
- the personal data have been unlawfully processed;
- personal data have been erased to comply with a legal obligation.
The right to erasure is not an absolute right and therefore your request to erase your personal data does not necessarily mean that all your data will be erased after you have submitted the request. Sometimes we are required by law to retain certain data and in such cases, we may not be able to comply with your request for erasure. This may also be the case if we need to retain that data to pursue or defend legal claims.
2.4.RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
If you are not satisfied with the way Sustaxo processes your personal data, please contact us at privacy@sustaxo.eu. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority. The national supervisory authority in Estonia is the Data Protection Inspectorate.
3.PURPOSES OF THE PROCESSING OF PERSONAL DATA
- Sustaxo processes personal data for various purposes, including:
- managing our customer and vendor relationships;
- billing and related correspondence with customers;
- responding to enquiries and complaints;
- receiving and handling customer feedback;
- managing, evaluating, and improving our business (including developing, improving, and analysing our services; managing our communications; performing data analytics; performing accounting, auditing, and other functions);
- conducting research to gather customer feedback and improve our service;
- defending against, detecting, and preventing fraud and other illegal activities, claims and other liabilities;
- complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations, and our policies.
- sales activities; marketing, direct marketing through profiling and sales and promotional offers; data analytics for marketing purposes;
- legal objectives and legal obligations, e.g., complying with mandatory requirements under applicable laws.
4. CATEGORIES OF PERSONAL DATA WE PROCESS
The personal data processed by Sustaxo includes the following data about the data subject:
- contact data (such as name, postal address, e-mail address and telephone number);
- other personal data voluntarily disclosed to Sustaxo by data subjects;
- personal data collected as a result of visiting and using our websites or using our services.
5.LEGAL BASIS FOR DATA PROCESSING
Sustaxo processes personal data on several legal bases, which are:
- Sustaxo may process your personal data based on your consent.
- Sustaxo may process personal data where the processing is necessary for the performance of a contract.
- Sustaxo may process personal data where the processing is necessary for compliance with a legal obligation.
- Sustaxo may process personal data where the processing is necessary for the purposes of legitimate interests.
6.STORAGE OF DATA
We store personal data collected in our systems in a manner that permits identification of data subjects for no longer than is necessary for the purposes for which the data was collected or further processed. We will determine this specific period of time, taking into account:
- the need to retain personal data collected for the provision of user-generated services;
- to protect the legitimate interests of the data controller as described in the purposes;
- the existence of specific legal obligations that make the processing and related retention necessary for a certain period of time.
7.DATA SHARING
We will not disclose any personal data we collect about you to third parties, except as described in this Privacy Notice or in specific notices provided in connection with particular activities.
We may share personal data with our processors who provide services on our behalf under our instructions. We do not permit them to use or disclose personal data for any other purpose except as necessary to provide services on our behalf or to comply with legal requirements.
- In addition, we may disclose your personal data (i) if we are required to do so by law or legal process; (ii) to law enforcement or other government officials pursuant to a lawful disclosure request. We also reserve the right to disclose personal data we have about you if we sell or dispose of all or part of our business or assets (including in the event of reorganization, dissolution, or liquidation).
8.LINKS TO OTHER WEBSITES
- From time to time, we may provide links to other websites for your convenience and information. These websites operate independently of our services and websites and are not under our control. These websites may have their own privacy notices or terms and conditions of use, which we encourage you to review when you visit any linked website. We are not responsible for the content of these websites, nor the products or services offered through them or any other use of the linked websites.
9.INTERNATIONAL DATA TRANSFER
We may transfer the personal data we collect about you to countries outside the country where the data was originally collected. These countries may not have the same data protection laws as the country where you originally provided the personal data. When we transfer your personal data to other countries, we will protect that data in the manner described in this Privacy Notice and such transfers will be in accordance with applicable laws.V
The countries to which we may transfer personal information may be located:
- Within the European Union
- Outside the European Union
Where we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer will be made on the following bases:
an adequacy decision of the European Commission; or
b) in the absence of an adequacy decision, other legally permissible bases (a) a legally binding and enforceable document between public authorities or bodies; (b) binding internal rules; (c) standard contractual clauses or other legally recognised means.
10.USE OF COOKIES
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device. Cookies allow a website or service to know whether your computer or device has visited that website or service before. Cookies can then be used to understand how the website or service is used, help you navigate between pages efficiently, help remember your preferences and generally improve your browsing experience. Cookies can also help ensure that online marketing is more relevant to you and your interests.
We use cookies for website functionality, preferences, analytics, and marketing purposes. Functionality cookies help us make our website usable by enabling basic functions such as page navigation, authentication, and access to secure areas of the website. The website cannot function properly without these cookies. Preference cookies allow our website to remember information that changes the way the website behaves or looks, such as your preferred language or the region you are in. Statistical cookies help website owners understand how visitors interact with websites by collecting and presenting information anonymously. Marketing cookies are used to track visitors to different websites. The aim is to display ads that are relevant and appealing to a particular user and therefore more valuable to publishers and third-party advertisers.
Some of the purposes for which we use cookies include:
Recording your preferences and settings. We use cookies to store your preferences and settings on your device and improve your user experience. When you store your preferences with cookies, such as your preferred language, you do not have to set your preferences repeatedly.
Security. We use cookies to process information that helps us protect our products, as well as to detect fraud and abuse.
Storing information submitted to the websites. We use cookies to remember the information you share.
Analytics. We use first and third party cookies and other identifiers to collect usage and performance data. For example, we use cookies to count the number of unique visitors to a website or service and to compile other statistics about the performance of our products.
Performance. We use cookies to understand and improve the performance of our products. For example, we use cookies to collect data to help with load balancing; this helps ensure that our websites stay up and running.
Some of the cookies we commonly use are listed below. This list is not exhaustive, but illustrates the types of cookies we use and their purposes:
We may use both session cookies and persistent cookies. We can use both session cookies and persistent cookies. We can use both session cookies and persistent cookies. We use both session cookies and persistent cookies. persistent cookies remain after you close your browser and may be used by your browser on subsequent visits to the service. persistent cookies can be used by your browser to access the service.
In addition, third parties may set cookies when you visit our website to provide services on our behalf, such as site analytics, to deliver videos or other content. These third parties will use the data they process in accordance with their own privacy policies.
Please refer to the 'Help' section of your web browser to find out how to change your cookie settings. Please note that if you set your browser to disable cookies, you may not be able to access certain parts of our Service and other parts of our Service may not function properly.
For more information about cookie settings, please visit third party information sites, such as www.allaboutcookies.org.
11.MICELANNEOUS PROVISIONS
Sustaxo reserves the right to make changes to this Privacy Notice, taking into account possible changes in legislation, law, and the evolution of the practices of technologies that ensure the protection of personal data. Therefore, this Privacy Notice will be periodically reviewed and, if necessary, amended.
12.CONTACT INFORMATION
If you have any questions or comments about this Privacy Notice or if you wish to exercise your rights, please contact us:
Sustaxo OÜ, registration code 14306441, address: Tulimulla tn 4, Tallinn, 13516, Estonia, e-mail address:
privacy@sustaxo.eu .