I. Data controller
NP House OÜ
NP House OÜ is accountable for the processing of the personal information described below (referred to hereinafter as “we”, “us”, “our”).
You can contact our data protection officer by writing to firstname.lastname@example.org or writing to us at the postal address indicated above by using the reference ‘For the attention of the Corporate Data Protection Department’.
In addition, we may work with other partners, which are clearly marked.
II. Processing of personal information
1. General remarks
According to the GDPR, “personal data” (referred to below as “personal information”) means any information relating to an identified or identifiable natural person (“data subject”). Also pseudonymized information that cannot be directly linked to you, e.g. by way of a name or email address, is also personal information.
2. Your rights
You have the right at any time to request access to your personal information that is currently on file with us. If this information is incorrect or not up to date, you have the right to request that it be corrected. You also have the right to have your personal information deleted and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. Where our processing by automated means of information provided by you is based on your consent or is the subject of a contract with you, you have the right to request a copy of this data in a structured, commonly-used, machine-readable format (right to data portability). If you want to exercise any of your rights, you can address these issues to the contact indicated in section 1 above.
You also have the right to lodge a complaint with the competent data protection authority. You can assert these rights by contacting the data controller.
3. Obligation to provide personal information
As a general rule, you are not obligated to provide personal information to us. You must provide specific information only when concluding a contract (e.g. your email address or your name). Without this information we cannot enter into a contract with you or perform the contract. Facebook may impose other requirements on you. For more information, please consult: https://www.facebook.com/policy.php.
4. Disclosure of personal information to third parties
Your personal information is not disclosed to third parties unless this is necessary for fulfilling obligations under a contract, we or the third party have/has an legitimate interest in disclosure, or your consent has been obtained. In addition, personal information may be shared with third parties in the event that we are obligated by virtue of operation of the law or by virtue of an enforceable directive of a governmental or other regulatory authority, or by order of a court or other authority of competent jurisdiction.
5. Service providers
We contract service providers in part for processing data. Access by service providers to your personal information is restricted to the extent necessary. As a general rule, service providers are engaged as contract data processors who are bound by our directives when processing data.
6. Transfer of data to non-EEA countries
Personal information may be transferred to third parties and contract data processors who are headquartered in non-EEA countries. In these cases, we ensure that the recipient provides for an appropriate level of data protection prior to transferring data. Some of the third parties engaged by us are headquartered in the USA (indicated in the detailed information provided) and are registered under the EU-US Privacy Shield. For a list of the registered companies, see: https://www.privacyshield.gov/list. We have also concluded EU standard contractual clauses with various companies. Details can be obtained from our data protection officer on request.
7. Duration of storage
We store your personal information for as long as it is necessary to provide our offerings and the associated services, or we have a legitimate interest in continued retention. In all other cases we delete your personal information with the exception of information (e.g. invoices) that we must retain for compliance with statutory retention periods (e.g. imposed by the tax code or commercial code).
8. Pseudonymized data processing
The processing of information described below primarily takes place on a pseudonymized basis. This means that we do not provide information to third parties that can be directly linked to you, e.g. by way of a name or email address, but rather a profile is created on the basis of an ID or cookie.