I. Data controller
Majorel Estonia OÜ
Jalgpalli tn 1
Majorel Estonia OÜ is accountable for the processing of the personal information described below (referred to hereinafter as “we”, “us”, “our”).
You can contact our data protection officer by writing to email@example.com or writing to us at the postal address indicated above by using the reference ‘For the attention of the Corporate Data Protection Department’.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”) is also responsible for processing information. For more information, please consult: https://www.facebook.com/policy.php.
You can contact Facebook’s data protection officer here: https://www.facebook.com/help/contact/540977946302970
You can find information on the processing of personal information by Facebook in your Facebook profile under the Settings menu – Privacy, or here: https://www.facebook.com/help/568137493302217.
Other legal entities to be mentioned, not with the right to process personal data:
Telia Eesti AS
Address : Harju maakond, Tallinn, Kristiine linnaosa, Mustamäe tee 3, 15033
Address: Harju maakond, Viimsi vald, Haabneeme alevik, Kaluri tee 2-30, 74001
II. Processing of personal information
1. General remarks
According to the GDPR, “personal data” (referred to below as “personal information”) means any information relating to an identified or identifiable natural person (“data subject”). Also pseudonymized information that cannot be directly linked to you, e.g. by way of a name or email address, is also personal information.
2. Your rights
You have the right at any time to request access to your personal information that is currently on file with us. If this information is incorrect or not up to date, you have the right to request that it be corrected. You also have the right to have your personal information deleted and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. Where our processing by automated means of information provided by you is based on your consent or is the subject of a contract with you, you have the right to request a copy of this data in a structured, commonly-used, machine-readable format (right to data portability). If you want to exercise any of your rights, you can address these issues to the contact indicated in section 1 above.
You also have the right to lodge a complaint with the competent data protection authority. You can assert these rights by contacting the data controller.
3. Obligation to provide personal information
As a general rule, you are not obligated to provide personal information to us. You must provide specific information only when concluding a contract (e.g. your email address or your name). Without this information we cannot enter into a contract with you or perform the contract. Facebook may impose other requirements on you. For more information, please consult: https://www.facebook.com/policy.php.
4. Disclosure of personal information to third parties
Your personal information is not disclosed to third parties unless this is necessary for fulfilling obligations under a contract, we or the third party have/has an legitimate interest in disclosure, or your consent has been obtained. In addition, personal information may be shared with third parties in the event that we are obligated by virtue of operation of the law or by virtue of an enforceable directive of a governmental or other regulatory authority, or by order of a court or other authority of competent jurisdiction.
5. Service providers
We contract service providers in part for processing data. Access by service providers to your personal information is restricted to the extent necessary. As a general rule, service providers are engaged as contract data processors who are bound by our directives when processing data.
6. Transfer of data to non-EEA countries
Personal information may be transferred to third parties and contract data processors who are headquartered in non-EEA countries. In these cases, we ensure that the recipient provides for an appropriate level of data protection prior to transferring data. Some of the third parties engaged by us are headquartered in the USA (indicated in the detailed information provided) and are registered under the EU-US Privacy Shield. For a list of the registered companies, see: https://www.privacyshield.gov/list. We have also concluded EU standard contractual clauses with various companies. Details can be obtained from our data protection officer on request.
7. Duration of storage
We store your personal information for as long as it is necessary to provide our offerings and the associated services, or we have a legitimate interest in continued retention. In all other cases we delete your personal information with the exception of information (e.g. invoices) that we must retain for compliance with statutory retention periods (e.g. imposed by the tax code or commercial code).
8. Pseudonymized data processing
The processing of information described below primarily takes place on a pseudonymized basis. This means that we do not provide information to third parties that can be directly linked to you, e.g. by way of a name or email address, but rather a profile is created on the basis of an ID or cookie.
III. Processing of information by us of users using our Facebook pages
The processing of information described below is for the purpose of operating our Facebook pages.
We receive statistical data from Facebook about the visitors to our Facebook pages by way of Facebook’s Audience Insights service. We are unable to link this information to any specific person. This feature enables us to better analyse our pages and adapt them to the needs and interests of our visitors. Facebook processes personally identifiable information in relation to this service on its own responsibility. For more information, please visit: https://www.facebook.com/iq/tools-resources/audience-insights. We need no legal basis for processing statistical or anonymized data.
2. Interaction on our pages
We are also able to see when a specific Facebook user likes or subscribes to one of our Facebook pages. We are also able to link comments to individual users on our Facebook pages. The legal basis for this processing of information follows from Art. 6 (1) sentence 1 point b) and f) GDPR. We have a legitimate interest in interacting and continued communication with you. To the extent that the processing of information follows from Art. 6 (1) sentence 1 point f) GDPR, pursuant to Art. 21 (1) GDPR you have the right, for reasons relating to your particular situation, to lodge an objection at any time to the processing of your personal information with effect for the future by writing to firstname.lastname@example.org and setting out your objection.
We review the comments on our Facebook pages for any inappropriate content. In so doing, it is readily clear under which Facebook profile a specific comment was posted. A link is made between the content of the comment, the timestamp created when the comment was posted, the user ID, the Facebook user name, and a reference to the preceding posts and comments. The result of a review may lead to the comment being hidden or the user being blocked. The legal basis for this follows from Art. 6 (1) sentence 1 point c) GDPR.
4. Processing of information provided by you by way of a contact form or email
On our Facebook pages you have various options for contacting us for various purposes. We use the information provided by you in this manner solely to respond to the matter for which you have contacted us. Messages are deleted at the latest upon attending to your query, provided that we are not required to retain them for other reasons.
5. Application for employment
5.1. Description and scope of data processing
You can send us your application for employment directly on our Website www.majorel.ee or on our Facebook Page www.facebook.com/majorelestonia. Below you can find a more detailed description of the process.
Our vacancies are published on the website www.majorel.ee in the career section but can be visible also from the homepage. In order to apply for one of the job openings on our website you will need to provide following information: full name, email address, mobile phone, the number of years of experience in customer service and the language skills. Optional you can also write a message with other information relevant for the application or attach files like your CV, cover letter, certificates etc. All information you choose to share along with the required files mentioned above are automatically send to our general recruiting email address: email@example.com. All data is automatically deleted from the website server once the application has been forwarded to our recruiting email address.
Job advertisements are published on the Facebook page in the Jobs Tab via the job advertisement and the Messenger app. The provided personal data/ application will be forwarded to our email and afterwards can be also send to our internal recruiting portal, which collects and processes your data for recruitment purposes. When applying via the Messenger on our companies Facebook page, you submit a short application. With the short application you can draw attention to yourself as a suitable talent without referring to a specific job posting. To assess your talent and contact you for suitable vacancies, you must provide your first and last name, email address and telephone number as well as information about the languages you speak, where you live, if you are legally allowed to work in a specific country or other such information for our recruitment team to find a suitable position for you. By providing your data and consenting to data processing, your email address will be used for your authentication by providing you with a confirmation email and after for the recruiters to get in contact with you. The short application as well as the application for a job advertisement in the job section of the Facebook page is voluntary and consent can be revoked at any time with effect for the future.
5.2 Purpose and legal basis of data processing
Your application data will be processed in order to assess your talent and to be able to contact you for suitable vacant positions. The legal basis is Art. 6 sec. 1 lit. a GDPR, by submitting your short application you give consent to the data processing.
5.3 Duration of storage or criteria applied in defining this period
After your consent has been given, your application will be stored for one year, unless you withdraw your consent prematurely. This shall not apply if statutory retention obligations oblige us to a longer storage period. Your consent on the other hand will be stored for three years after deletion and/or revocation in order to be able to prove that we have complied with our legal obligations – to let you consent to data processing.
5.4 Options for lodging an objection and having your data removed
You can revoke your consent any time without any formality by contacting us. A list of your further rights can be found under Section II. The corresponding address can be found in Section I.
Last updated: September 2019