PRIVACY POLICY FOR BUSINESS PARTNERS

Last updated: March 8th, 2023

This Privacy Policy for business partners (“Privacy Policy”) stipulates how Höhle OÜ as the personal data controller processes the personal data of its business partners and their representatives in connection with the business relationship or any other contractual relationships concluded between the business partner and Höhle OÜ, as well as privacy rights available to data subjects. This Privacy Policy applies to all our business partners’ (legal persons’) representatives and contact persons acting as a management board member, employee or in any other capacity.

The controller of your personal data is Höhle OÜ (“Höhle”, “we”, “us” or “our”). Höhle is responsible for ensuring that your personal data is processed in accordance with this Privacy Policy and applicable personal data protection laws, in particular with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Contact details of the controller:

Höhle OÜ

Registry code: 12805467

Address: Torupõllu, Lõiuse, Rapla vald 79405, Estonia

Phone number: +372 514 7676

E-mail: margus.maasing@hohle.ee

If you have any questions regarding this Privacy Policy or the personal data we process about you, please contact us at the contact details provided above.

  1. processing of personal data

As your or your employer’s business partner, we collect your personal data in a variety of ways. In particular, we collect personal data provided directly by you when you place sales order otherwise communicate with us (for example, through our website or by directly contacting our representatives) prior to or after entering into a contractual relationship with you acting on behalf of a legal person. We may also receive your personal data from legal persons with whom we have a contractual relationship. To the extent permitted by applicable law, we may also collect your personal data from third parties, such as government authorities and public databases.

Due to our contractual and statutory rights and obligations related to our business relationship and the values of Höhle, we may collect certain personal data, including:

We may also collect other personal data about you that you voluntarily provide to us in the course of our contractual relationship. You can provide us with other personal data if you wish, but this is not required for the purposes related to our contractual relationship.

  1. purpose and legal basis of data processing

We process your personal data for the following purposes on the basis of Article 6(1)(b) (for the performance of the contract or in order to take pre-contractual steps), Article 6(1)(c) (to comply with legal obligations applicable to us) and Article 6(1)(f) (our legitimate interests) of the GDPR, depending the circumstances under which you communicate with us. In some situations, we may also process your personal data based on your consent (Article 6(1)(a) of the GDPR).

  1. Processing sales orders and/or managing our contractual relationship

The primary purpose of collecting personal data is to enable us to process submitted sales orders with the objective to conclude a contract, perform our contractual obligations, invoicing the other party to the contract, manage and maintain a business relationship with our business partner. In these cases, the processing of personal data is based on our legitimate interest if a sales contract is concluded between us and the company you represent. If you are a sole proprietor, the legal basis for the processing of personal data is the contract entered into between us, or taking steps at your request to enter into such contract.

  1. Accounting purposes

We process personal data in order to comply with our obligations under applicable accounting and tax legislation. In these cases, the processing of personal data is based on legal regulations that oblige us to keep certain accounting data, such as accounting source documents.

  1. Data related to legal claims

If necessary, we may process personal data for the purposes of our legitimate interest in filing, processing or defending legal claims arising from the contractual relationship between us and our business partner.

  1. Marketing purposes

We may also process personal data for marketing purposes, in particular to provide you with information about our goods and services or to provide our business partners corporate gifts. In these cases, the legal basis for the processing of personal data is your consent or our legitimate interest to promote our business activities.

  1. Purposes of security

We also process personal data for the purposes of ensuring the safety of our assets and intellectual property rights, security of our systems, preventing fraud or malicious activities and enhancing the security of our employees. In these cases, the legal basis for the processing of personal data is our legitimate interest in ensuring an adequate level of data security and security in our systems and facilities.

  1. recipients of your personal data

We may disclose your personal data to third parties:

More specifically, we may disclose your personal data:

As a rule, we do not transfer personal data outside of the European Economic Area.

  1. retention of personal data

We process and retain your personal data as long as necessary to achieve the specific purposes described in this Privacy Policy, including to comply with legal requirements applicable to us.

Most of your personal data will be retained until the end of the contractual relationship between the legal person you represent and us. Certain personal data may be retained after the end of the contractual relationship, if required or permitted by applicable law. For example, we retain the accounting source documents (eg, copies of invoices) for 7 years from the end of the relevant financial year when a business transaction was recorded, as required by applicable law.

In some cases, personal data may be also retained for a longer period if storage of personal data is required in order to protect our or any third parties’ legitimate interests, e.g. in case of a legal dispute.

We will delete or anonymise your personal data when processing is no longer necessary for intended purposes.

  1. security measures

We use reasonable security measures (including physical, electronic and administrative) to protect your personal data from loss, destruction, misuse and unauthorised access or disclosure.

Please note that while we take reasonable steps to protect the security of your personal information, no system completely eliminates all potential security risks.

  1. your rights

Subject to the restrictions and conditions set out in law, you have the following rights as a data subject:

In some cases you may have a right to request restriction of processing of your personal data or to object to processing of your personal data.

If you wish to exercise your rights as a data subject, please contact us at the contact details provided in the beginning of this Privacy Policy.

If you think there is a problem with the way we are handling your personal data, you have a right to lodge a complaint to your national data protection authority in the EU/EEA, or seek judicial remedy. In Estonia, the competent supervisory authority is the Estonian Data Protection Inspectorate. You can find contact details of the Estonian Data Protection Inspectorate here: www.aki.ee. However, we encourage you to first contact us with any concerns that you may have, although you have no obligation to do so.