EXPLANATION OF APPLICATION OF GDPR TO KLIENDITUGI OÜ, AND ACTIVITIES AGAINST SPAM
1. Legal instruments of the Republic of Estonia related to electronic direct marketing
In the Republic of Estonia electronic direct marketing is regulated by the following laws:
- Electronic Communication Act (Articles 103, 103′, 133(2)’, 184”);
- Information Society Services Act (Article 5(2));
- Personal Data Protection Act (especially Article 12 and Chapter 6).
The use of electronic contact details is not regulated by the following, acts, which, nevertheless should be taken into consideration for the purpose of direct marketing:
- Law of Obligations Act;
- Advertising Act;
- Consumer Protection Act.
Electronic direct marketing means commercial messages sent to the addressee via e-mail, fax, telephone messages (SMS, MMS, etc.) or Bluetoothˊ.
The laws provide for differentiation between direct marketing directed to legal entities and to natural persons. Directing direct marketing to a legal entity is permitted in any case, if the contact data of such entity is available from public sources, and it is unambiguously clear that the person is a legal entity. E-mail addresses that refer to general contacts of a legal entity, such as firstname.lastname@example.org or email@example.com, are always considered without reservations as addresses of legal entities. If an e-mail address includes a name of a person, for example firstname.lastname@example.org etc., as a rule it is considered as an address of a natural person, except where the content of the commercial message to be sent is related to the position of such person in the organization and his or her competence to adopt decisions. In such case such e-mail address can be interpreted as an address of a legal entity, and directing electronic direct marketing to such person is permitted.
According to the law, directing electronic direct marketing to a natural person is permitted only under prior written consent of such person.
In case of electronic direct marketing the law requires that every time when electronic contact data of a natural person is used for direct marketing, the addressee must be provided with a clear and understandable possibility to prohibit the use of his or her contact data for such purpose free of charge and in a simple way, and such person must be provided with a possibility to exercise such right via an electronic communication network. Also, the person on whose behalf the respective message is sent must also be clearly identifiable, and the forwarded information must clearly be identified as direct marketing information.
If the direct marketing operator sends on its behalf offers or messages to third persons, the message must contain information as to where the addressee can see offers of which partners were sent to the addressee through the direct marketing operator.
2. The database of Klienditugi OÜ containing companies and organizations, as well as responsible persons working with them
The database of Klienditugi OÜ containing companies and organizations, as well as responsible persons working in them, which is the property of Klienditugi OÜ and which is hereinafter also referred to as the Customer Database, includes companies and organizations operating in Estonia, together with their legal address and address of their main place of operation, contact data, as well as areas of responsibility and contact details of the responsible persons working in them.
Klienditugi OÜ makes every effort to keep the Customer Database up-to-date. For this purpose, the company performs checks via telephone which allow it to make sure that the data contained in the Customer Database is as exact and up-to-date as possible, and that it is checked at least once a year.
The data regarding responsible persons contained in the Customer Database is based on specific areas of responsibility inquired via telephone, due to which such persons are subject to requirements to electronic direct marketing applicable to legal entities, which allow to send respective messages to them also without their prior consent.
As the administrator of the Customer Database, Klienditugi OÜ always observes all requirements regarding personal data collectors and processors established by the Personal Data Protection Act.
Klienditugi OÜ regulates the right of use of the Customer Database by its customers separately for every individual customer on the basis of a written contract concluded with such customer.
3. Customer Database services
Klienditugi OÜ provides to its customers which are legal entities, among other, checks and updating of their own Customer Databases. According to this service Klienditugi OÜ administrates, checks and updates such databases based on the data of its own Customer Database. In such cases the owners of respective Customer Databases are those legal entities with which Klienditugi OÜ concluded a respective contract, and to which Klienditugi OÜ provides only the given service, without being responsible as to conformity of the use of such databases by such legal entities with the legislation of the Republic of Estonia
Klienditugi OÜ also provides to its customers that are legal entities the service of sale of Customer Databases. The service means that Klienditugi OÜ transfers to such customers under a contract concluded with them certain target groups from its Customer Database. Before that such target groups are designated and limited according to the criteria and goals stated in the contract. Such activity precludes unnecessary transfer of irrelevant data to customers, which helps to reduce its uses contrary to the legislation of the Republic of Estonia regulating electronic direct marketing.
Klienditugi OÜ constructed its Customer Database in a way that when the company’s customers use its services they have best possible conditions for directing their communication to target groups that are limited as precisely as possible.
4. Use of the Customer Databases according to the legal instruments of the Republic of Estonia
Klienditugi OÜ transfers contact data contained in its Customer Database only for the purpose of sending of information related to work duties and area of responsibility of the addressees. Contact details are transferred as the right of use of network services or as transfer of a target group of the Customer Database.
The right of use of the Customer Database is limited by the campaign(s) stated in the contract, and the use and saving of the data contained in the Customer Database after the end of the respective campaign is prohibited.
A customer of Klienditugi OÜ which is a legal entity or its employee does not have the right to use databases for the purpose and in a manner which is contrary to the legislation of the Republic of Estonia, or in a manner that constitutes competition with operation of Klienditugi OÜ. Klienditugi OÜ has the right to immediately terminate the contract concluded with its customer, if the customer breaches the above rules.
5. Instructions for recipients of messages
If a recipient of a message feels that the sender of the message sent a spam message to the recipient, and the data originates from the Customer Database of Klienditugi OÜ, please immediately inform the administrator of the Customer Database of Klienditugi OÜ thereof via e-mail address email@example.com
Klienditugi OÜ will immediately commence investigation of the case, and if necessary it will terminate the contract with the user of the Customer Database, if it discovers any circumstances in actions of the customer that are contrary to the legislation of the Republic of Estonia.
6. Rights of the person registered in the Customer Database
Every responsible person registered with the Customer Database ofKlienditugi OÜ has the right to review his or her data included in the Customer Database of Klienditugi OÜ, if such person has previously confirmed his or her identity to the responsible employee of Klienditugi OÜ.
Klienditugi OÜ improves and complements, or if necessary deletes from the Customer Database, upon its own initiative or request of a person registered with the Customer Database, any incorrect, incomplete or outdated information contained in the Customer Database.
Every person registered with the Customer Database additionally has the right to prohibit transfer of his or her contact data by Klienditugi OÜ to third persons for the purpose of direct marketing.