Data protection conditions
1. What is the purpose of the Data Protection Conditions?
The purpose of the data protection conditions (“Data Protection Conditions”) is to describe how Fontakt OÜ (“Fontakt“) processes your personal data and what are your rights in relation to Fontakt’s processing of personal data.
For the purpose of protecting and lawful processing of your personal data, Fontakt complies with the requirements set out in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
2. Who is the controller of personal data?
The data controller of personal data described in the Data Protection Conditions is Fontakt OÜ (registry code 11091789, address: Karamelli 2 /Pärnu mnt 139b, 11317 Tallinn, Estonia, e-mail: abc@fontakt.com).
In the situations described separately in the Data Protection Conditions, Fontakt is the processor, not the controller of personal data. In these situations, you must contact a specific data controller to exercise your data protection rights.
3. For what purposes and legal bases does Fontakt process personal data?
3.1. Fontakt phone application
Fontakt offers a telephone application that helps companies and other interested parties to get in direct contact with the contact persons in the specific areas of responsibility of the company. The purpose of the Fontakt phone application is to enable companies and interested parties to contact other companies on topics related to their business.
– Database required to provide a telephone application
In order to offer the Fontakt telephone application, Fontakt owns and supplements a database that contains the contact details of the contact persons in the specific areas of responsibility of the company (company, name of the contact person in the specific area of responsibility, his / her role / role in the company, e-mail). This database is not public and Fontakt uses this database only to provide users with the Fontakt telephone application and other Fontakt services described in the Data Protection Conditions. Fontakt collects data in its database from the public data of the commercial register, from the websites of companies and contacts companies themselves to obtain the data. Fontakt also collects database data from the user of the Fontakt phone application at the moment he registers as a user of the Fontakt phone application.
Fontakt stores the data in the database indefinitely unless the data subject has objected to the processing of his or her data (see clause 7. of the Data Protection Conditions) or if the data is incorrect or out of date known to Fontakt or if Fontakt decides to terminate the provision of the service. Fontakt updates the data received from the commercial register in the database on average once a month and the data received from the companies’ websites and the companies themselves on average once a year. Fontakt does not store the history of contact persons, i.e., information on which person previously worked or operated in which company and in which area of responsibility.
– Phone application feature: contact the contact persons in the specific areas of responsibility of the company by phone
Fontakt allows the user of the phone application to call the contact person in the specific areas of responsibility of the company selected by the user. Only the company name and the contact’s responsibility in the company are displayed in the phone application to the phone application user.
The user of the phone application cannot see the names and mobile phone numbers of the contacts. For example, a user can click on “Company X, IT” and call an employee of Company X who is responsible for IT at that company.
– Phone application feature: Request a meeting with contact person in the specific areas of responsibility of the company
The user of the telephone application can also request a meeting from Fontakt with the contact person responsible for the specific area of responsibility of the company chosen by the user, without the user seeing the name, telephone number or other details of that responsible person. Upon receipt of such a request, Fontakt itself will contact the contact person for the specific area of responsibility of the desired company by telephone or e-mail (Fontakt itself has both a telephone number and an e-mail visible). Fontakt will provide the person requesting the meeting with the information necessary for the meeting (e.g., meeting place, time, contact details) only if the contact person with whom the meeting was requested requests Fontakt by telephone or e-mail. The user of the phone application does not see the phone numbers or e-mail addresses of the corporate contacts and cannot send e-mails directly to them.
– On what legal basis does Fontakt process the personal data in the database required to provide a telephone application?
The legal basis for the processing of personal data is Fontakt’s legitimate interest in providing users of the telephone application with the Fontakt telephone application, which is one of the main services provided by Fontakt. The existence of such a telephone application is also in the public interest, as it gives companies and other interested parties the confidence that they can quickly contact the contact person for the specific area of responsibility of the company
they want and at the same time helps to avoid unnecessary calls to the wrong people who are not the contact person for the specific area of responsibility of the company.
The invasion of the privacy of data subjects is small, as the data processed are data intended for work and business contacts related to the company and are not published as a public database. According to the terms of use of the Fontakt telephone application, the Fontakt telephone application for which the database data is required may only be used for work and business matters related to the company and area of responsibility to which the contact person is called. It is generally in the interest of business contacts to be able to contact other businesses and interested parties. In addition, data subjects may refuse to process their personal data by Fontakt (for more details, see section 7 of the Data Protection Conditions or submit a request here). This further reduces the potential invasion of data subjects’ privacy. The terms of use of the Fontakt telephone application are available here.
3.2. Databases
Fontakt has compiled and constantly updates the database on companies, which contains data on companies, including the following information on the contact persons of companies: first name, surname, job title, area of responsibility, work telephone number, work e-mail. Fontakt collects data in its database from the public data of the commercial register, from the websites of companies and contacts companies themselves to obtain the data. Fontakt also collects database data from the user of the Fontakt phone application at the moment he registers as a user of the Fontakt phone application. Fontakt offers customers the opportunity to purchase database data (incl. first name, surname, job title, area of responsibility, work phone number of the company’s contact persons) and, in exceptional cases and in agreement with Fontakt, business e-mail) or renew them via CRM. After the customer has taken possession of the database data, the respective customer is the independent data controller of the database. Fontakt discloses the contact information in its database only for the purpose of transmitting information related to the tasks and responsibilities of the contact persons contained in the database. The contact information is provided either as a right to use the online services or as a transfer to the target group of the database. The right to use the database is restricted to the campaign(s) specified in the agreement, and the use and storage of the data in the database after the end of the customer’s own database campaign is prohibited.
The client of Fontakt or its employee does not have the right to use the databases for purposes or in ways that are in conflict with the general regulation on the protection of personal data or the legislation of the Republic of Estonia, or in a way that competes with Fontakt. Fontakt has the right to terminate the contract concluded with its customer as soon as the customer violates these rules.
Fontakt stores the data in the database indefinitely unless the data subject has objected to the processing of his or her data (see clause 7. of the Data Protection Conditions) or if the data is incorrect or out of date known to Fontakt or if Fontakt decides to terminate the provision of the service. Fontakt updates the data received from the commercial register in the database on average once a month and the data received from the companies’ websites and the companies themselves on average once a year. Fontakt does not store the history of contact persons, i.e., information on which person previously worked or operated in which company and in which area of responsibility.
– On what legal basis does Fontakt process the personal data in the database required to provide the databases?
The legal basis for the processing of personal data is Fontakt’s legitimate interest in providing users of database services with databases containing business data necessary for their work. In addition to Fontakt, there is a legitimate interest in using the data of the contact persons of the specific responsibilities of the companies also for the users of the database services. More specifically, the users of the database services are interested in establishing fast and high-quality relationships with companies, given that the Fontakt database allows for quick contact with the contact person for the specific area of responsibility of the required company. The existence of such a database service is also in the public interest, as it gives companies and other interested parties the confidence that they can quickly contact the contact person for the specific area of responsibility of the company they want and at the same time helps to avoid unnecessary resource to the wrong people who are not the contact person for the specific area of responsibility of the company.
The invasion of the privacy of data subjects is small, as the data processed are data intended for work and business contacts related to the company. It is generally in the interest of business contacts to be able to contact other businesses and interested parties. In addition, data subjects may refuse to process their personal data in the Fontakt database (for more details, see section 7 of the Data Protection Conditions or submit a request here). This further reduces the potential invasion of data subjects’ privacy.
3.3. Other services provided by Fontakt
In addition to the above, Fontakt also offers other services described on the Fontakt website, more specifically on the “Services” page. These services include sales service, CRM, export service, customer analysis, telemarketing, and digital marketing.
These services are provided by Fontakt in the role of data processor. The data controller is the Fontakt customer, who orders the corresponding service from Fontakt. If you have any data protection questions, requests or complaints related to these services, please contact the specific data controller or Fontakt customer.
3.4. Processing the user data of Fontakt services to provide services to the user and to supplement Fontakt databases
In order for Fontakt to be able to offer its customers the services and products described above, as well as to supplement the database required for the provision of Fontakt’s services with the data of Fontakt’s telephone application users, Fontakt processes its customers’ Personal information (such as phone application users, database service users) that includes
first and last name, phone number, email, service or product order information (e.g. period, billing information) and, for phone application users, the company they represent and their role in the company.
If the user of the telephone application registers his / her user account, the data entered by him / her (first and last name, company represented and role in the company, telephone number, e-mail) will also be added to the Fontakt database used to provide Fontakt services, including the Fontakt telephone application.
The legal basis for the processing of personal data necessary for the provision of the service (first and last name, telephone number, e-mail, data related to ordering the service or product) is the preparation and performance of the contract.
Fontakt processes the data necessary for ordering its customer’s service during the term of the agreement and, generally, up to 3 years after the expiry of the agreement, in accordance with Fontakt’s legitimate interest in retaining data to submit legal claims or object to legal claims. Basic accounting documents containing personal data (incl. contracts and invoice data) are kept for 7 years in accordance with the requirements of the Accounting Act.
The legal basis for the processing of personal data necessary for supplementing Fontakt databases (first and last name of the user of the telephone application, company represented and role in the company, telephone number, e-mail) is Fontakt’s legitimate interest in supplementing the databases necessary for providing Fontakt services. The legitimate interest of Fontakt lies in the need to supplement and update the services offered by Fontakt over time, offering companies and other interested parties the opportunity to contact the widest possible range of contact persons in the various areas of responsibility of companies. The invasion of the privacy of data subjects is small, as the data processed are data intended for work and business contacts related to the company. According to the terms of use of the Fontakt telephone application, the Fontakt telephone application for which among other things the database data is required may only be used for work and business matters related to the company and area of responsibility to which the contact person is called. It is generally in the interest of business contacts to be able to contact other businesses and interested parties. In addition, data subjects may refuse to process their personal data in the Fontakt database (for more details, see section 7 of the Data Protection Conditions or submit a request here). This further reduces the potential invasion of data subjects’ privacy.
Processing the location data of a telephone application user
If the user of the telephone application wants to use a function in the telephone application that allows him to view the data of companies close to the physical geographical location of the user of the telephone application, Fontakt also processes the data of the physical geographical location of the user of the telephone application in real time. Fontakt receives the location information of the user of the phone application through the physical location of his device (mobile phone).
The legal basis for the processing of personal data (location data) necessary for the provision of the described function is the performance of the contract.
Fontakt processes the phone application user location data only during the use of the described function and does not store the phone application user location data after the function is stopped.
Sending newsletters to a phone application user
If the user of the telephone application wishes to receive Fontakt newsletters, Fontakt processes the personal data (first and last name, e-mail) of the user of the telephone application in order to send the newsletter to the user of the telephone application.
The legal basis for sending newsletters is the consent of the user of the phone application. The user of the telephone application may withdraw this consent at any time by clicking on the “unsubscribe from newsletters” button at the end of the newsletter, or by e-mail abc@fontakt.com, sending a digitally signed request or filling in a data protection request form here to the email address indicated.
After the withdrawal of the consent of the user of the telephone application or after Fontakt has decided to stop sending newsletters, Fontakt will not store the personal data necessary for sending newsletters. Withdrawal of consent shall not affect any prior processing of the data subject to consent.
3.5. Communication with Fontakt suppliers and other (including potential) partners
Fontakt also uses the services of cooperation partners in its own activities and orders goods and creates cooperation relations. Fontakt processes the name and contact details of the supplier’s contact person in order to fulfil the contract concluded with the supplier. In a situation where Fontakt turns to the supplier or potential cooperation partner itself, the legal basis for the processing of personal data is Fontakt’s legitimate interest in ordering goods and services or starting other cooperation. As a rule, Fontakt uses the professional contact details of the contact person of the legal entity to contact them, and the invasion of the privacy of data subjects is minimal.
3.6. Recruitment
When recruiting a new employee, Fontakt processes the personal data contained in the candidate’s application documents for pre-contract negotiations and contract preparation. If Fontakt itself turns to a potential employee, the legal basis for such processing of personal data is Fontakt’s legitimate interest in recruiting the necessary employees. Fontakt processes
personal data only to the minimum extent necessary and takes into account the interests of the data subject. In general, it is in a person’s interest for companies to contact people with job offers. Fontakt can also obtain personal data of new potential employees through employment agencies.
The personal data of a candidate is generally stored for 1 year from the expiry of the limitation period prescribed in the Equal Treatment Act due to the notification of the recruitment decision to the candidate.
3.7. Security and security cameras
Fontakt can use security cameras in its office and in general areas, including foreign territories, the purpose of which is to ensure the protection and security of people and property. The aim is also to enable the detection of possible illegal acts and the submission of legal claims and objections to them. To do this, Fontakt processes personal data (video image) from security camera video recordings. Security cameras are not placed in places where people expect privacy.
The legal basis for the processing of personal data is Fontakt’s legitimate interest in protecting the health and property of Fontakt employees and visitors to Fontakt, as well as the property used by Fontakt and to provide effective legal protection.
Video recordings may be made available to employees specifically designated by Fontakt and Fontakt’s IT service provider, as well as to law enforcement authorities.
Fontakt has a legitimate interest in storing recordings without security for up to 1 month. Security camera recordings are not viewed or processed for purposes other than those set forth in the Data Protection Conditions.
3.8. Token Program
Fontakt offers token program (the “Token Program“) created by Fontakt for the purpose of valuing Fontakt community, contributing to Fontakt’s growth and sharing Fontakt’s future value by providing Fontakt’s selected partners, phone application users and other persons selected by Fontakt (including customers) (“Contributors“) the opportunity to acquire Fontakt token(s) (“Token“) on the terms and conditions set forth in the terms of the Token Program (the “Terms of the Token Program“).
The Token Program is provided by Fontakt in the role of a data controller. The data processor is Programmable Equity OÜ, with registration number 16320994 (“KOOS“). KOOS operates a web-based software for Fontakt`s Token Program for providing the Token register (including for keeping records of Token(s) and Token Holders) at www.koos.io (the “Platform“).
The Terms of the Token Program are available on the Platform. When processing personal data within the framework of the Token Program, in addition to the Data Protection Conditions, KOOS privacy policy applies to data subjects, which can be found here.
– Whom is the Token Program for?
The Token Program is for Fontakt Contributors and Token Holders. A Contributor expresses his/her/its wish to join the Token Program by providing Fontakt directly or via Fontakt’s phone application with his/her/its email address, to which Fontakt will send the Token(s) reserved for the Contributor.
When the Token is offered by Fontakt to the Contributor it is reserved for the Contributor. The reserved Token does not belong to the Contributor and does not give the Contributor any rights in relation to the Token, even if the Token is displayed to the Contributor by email or via Fontakt’s phone application. A Contributor will only become the holder of the respective Token if the Contributor complies with the Terms of the Token Program, and if the Contributor has completed the steps required to obtain Token(s) on the Platform (including entering the required information), and if the Contributor is listed as the holder of the respective Token(s) in the Token register on the Platform (“Token Owner“). Only the Token Holder can exercise the rights set out in the Terms of Token Program in relation to Token(s).
– On what legal basis does Fontakt process the personal data required to provide the Token Program?
The legal basis for the processing of personal data necessary for the provision of the Token Program is the preparation of concluding a contract (the Token Program) i.e., in order to take steps at the request of the data subject prior to entering into a contract (the Token Program) and the performance of such contract to which the data subject is party to (the Token Program). The processing of personal data is a prerequisite for offering and joining the Token Program. The legal basis for the processing of such personal data is GDPR Article 6-1-(b).
Upon joining the Token Program, Fontakt and KOOS have the right to process the personal data of Contributors and Token Holders necessary for the provision and performance of the Token Program, including for the reservation of Token(s) and for the exercise of Token rights, and the implementation of other provisions of the Terms of the Token Program.
Upon joining Token Program, Fontakt and/or KOOS shall have the right to contact the Contributor and/or Token Holder regarding Token(s) and related activities, including the marketing of Token-related products and services. Token Holders and other persons to whom the Token Program is directed to have the right to exercise their data protection rights, including opting out of marketing offers, on the legal grounds set out in clause 7. of the Data Protection Conditions.
The Token Program may also be offered on the Fontakt phone application, in which case Fontakt will process the personal data of the user of the Fontakt phone application for the purposes of offering the Token Program, including for the purposes of reserving Token(s), registering Token Holders and contacting for purposes of offering/reserving/registering Token(s) and/or for other Token related activities, in accordance with the Data Protection Conditions and the Fontakt Application terms of use. Fontakt Application terms of use are available here.
Fontakt may also process personal data necessary for the provision of the Token Program in order to fulfil the legal obligations of the data controller, for example, to fulfil the obligations stipulated in the Accounting Act or other legislation. The legal basis for processing such personal data is GDPR Article 6-1-(c).
– What personal data does Fontakt process for the provision of the Token program?
For offering and for the provision of the Token Program, including to reserve Token(s), to register Token Holders on the Platform and to contact Contributors and Token Holders who have joined the Token Programme, including to fulfil the legal obligations of a data controller, Fontakt processes the personal data of Contributors and Token Holders, namely:
- contact details: first and last name, email, mobile phone number; and
- identity data and information: first name and last name, date of birth, address details (country of residence; city or county, municipality; street, house and apartment number and postal code), username, personal identification code or other identifier, identity document code and a copy of an identity document. If the Token(s) are reserved for a Contributor as a legal person, Fontakt may also request information about the representatives of legal person and process such personal data (first name and last name of the representative, title of the representative).
Such personal data is collected from the Contributor or its representative or the Token Holder himself/herself/itself (for example, when the Contributor or its representative expresses a wish to receive Token(s) or to join the Token Program or the Contributor or its representative enters the required data on the Platform to join the Token Program) or when using the Platform such personal data is collected from the Platform. Also in these cases, the collection and processing of personal data is the preparation of concluding a contract (the Token Program) i.e., in order to take steps at the request of the data subject prior to entering into a contract (the Token Program) and the performance of such contract to which the data subject is party (the Token Program) and/or the performance of Fontakt’s legal obligations.
Fontakt will process the personal data of Contributors and Token Holders necessary for the provision of the Token Program during the term of the Token Program and for as long as necessary to fulfil the purpose of the Token Program, and after the expiry of the Token Program for as long as necessary to fulfil the obligations arising from the expired contract (the Token Program) and/or to fulfil a legal obligation, for fulfilling a legal obligation the term is generally up to 3 years after the expiry of the Token Program, in accordance with Fontakt’s legitimate interest to retain the data for the purpose of legal claims or objections to legal claims, as the case may be. Accounting records containing personal data (including contracts and invoices) are kept for 7 years in accordance with the requirements of the Accounting Act.
– Making marketing offers to an unaffiliated Contributor
If a Contributor who has not joined the Token Program wishes to receive marketing offers from Fontakt, Fontakt and/or KOOS will process the Contributor’s personal data (first name and last name, email, mobile phone number) for the purpose of making marketing offers to the Contributor who has not joined the Token Program.
The legal basis for such marketing offers is the consent of the Contributor who has not a joined the Token Program. A Contributor who has not joined the Token Program may withdraw his/her/its consent at any time on the grounds set out in clause 7. of the Data Protection Conditions, including by clicking the “unsubscribe” button at the end of the marketing offer or newsletter. After the withdrawal of consent by Contributor who has not joined the Token Program or after Fontakt has decided to cease providing marketing offers to such Contributors, Fontakt will not retain personal data used for the provision of marketing offers to such Contributors. Withdrawal of consent does not affect the processing of data that was previously carried out on the basis of consent.
4. What are the principles of Fontakt when determining the terms of retention of personal data?
Fontakt retains personal data for as long as it is necessary to achieve the purposes of the processing of personal data, to comply with the retention periods arising from law or to enable the submission of legal requirements and objections to legal requirements. Among other things, Fontakt keeps the original accounting documents containing personal data (incl. contracts and invoice data) for 7 years in accordance with the requirements of the Accounting Act.
In order to enable the submission of legal claims and objections to them, Fontakt may generally retain personal data in accordance with the limitation periods for claims for up to 3 years and in case of intentional violations for up to 10 years. In the event of a dispute, Fontakt will retain personal data until the dispute is finally resolved.
In the cases described separately in the Data Protection Conditions, Fontakt retains personal data for the period specified in the Data Protection Conditions.
5. Who has access to personal data?
The members and employees of Fontakt’s Management Board have access to the personal data processed by Fontakt to the extent that their duties and responsibilities are concerned. For the purpose of providing specific services, Fontakt service providers (e.g., an IT service provider for the purpose of providing IT services) also have access to the personal data processed by Fontakt.
Users of Fontakt’s telephone application also have access to the personal data of Fontakt’s databases, which Fontakt processes in order to provide the telephone application (for more details, see section 3.1 of the Data Protection Conditions). Users of Fontakt’s database services also have access to the personal data of Fontakt’s databases, which Fontakt processes in order to provide the database services (for more details, see section 3.2 of the Data Protection Conditions).
6. Personal Data Security
To ensure the security of personal data, Fontakt implements organisational, physical and IT security measures, including an appropriate level of data protection. Only authorised persons have access to personal data, including for the purpose of modifying and processing of personal data. An authorised processor must ensure at least the same level of security for the processing of personal data as Fontakt.
How do you know if your data is in the Fontakt database?
You can submit a request to Fontakt with a question about the processing of your personal data here or contact Fontakt by e-mail abc@fontakt.com by sending a digitally signed request to the indicated e-mail address.
7. What are your data protection rights?
According to the GDPR a person has a right:
- to request access to personal data concerning him;
- to request the correction and deletion of data;
- to restrict the processing of personal data;
To clarify, a person has the right to request the data controller to restrict the processing of personal data in the following cases:
a) the data subject contests the accuracy of the personal data, for a period of time which allows the data controller to verify the accuracy of the personal data;
b) the processing of personal data is illegal, but the data subject does not request the deletion of personal data, but the restriction of their use;
c) the data controller no longer needs personal data for the purposes of processing, but they are necessary for the data subject to draw up, submit or defend legal claims;
d) the data subject has objected to the processing of personal data in accordance with Article 21 (1) of the GDPR, pending verification that the legitimate reasons of the data controller outweigh the reasons of the data subject.
- to object to the processing of personal data;
- to require the transfer of personal data to another data controller (if the data processing takes place on the basis of consent or for the performance of a contract);
- that no decision is taken on the person based on automated processing;
- to withdraw a consent if the legal basis for processing is consent.
To exercise these rights, please contact Fontakt by e-mail abc@fontakt.com by sending a digitally signed request to the email address provided or by filling in the relevant data protection request form here. These rights are not absolute and for each application Fontakt will check whether your application can be granted. Fontakt will respond to your request as soon as possible, but no later than within one month of receiving the request. If it is not possible to complete the request within one month, Fontakt may extend the deadline for replying by two months, notifying you of the extension of the deadline and the reasons for it within one month of receiving the request.
By submitting an application to Fontakt, you can find out, among other things, whether and what data Fontakt holds about you and, if necessary, submit a request to correct or delete them.
8. What to do if you have any questions or complaints about Fontakt’s data processing?
If you have any questions, requests or complaints regarding the processing of personal data (the “Application“), please contact Fontakt at the e-mail address abc@fontakt.com by sending a digitally signed Application to the indicated e-mail address or by filling in the corresponding form here.
For each data protection Application, Fontakt checks whether your request can be granted. Fontakt has the right to reject the Application if Fontakt is unable to establish your identity and protect the rights and freedoms of the data subject. In order to process the Application, Fontakt may ask you to specify which information or personal data processing operation the Application is related to.
Fontakt will reply to you no later than within one month of receiving the Application. If it is not possible to complete the Application within one month, Fontakt may extend the deadline for replying by two months, Fontakt will justify the delay and notify you thereof within one month of receiving the Application. A reply will be sent to the e-mail address provided in your Application, unless otherwise agreed.
If you are not satisfied with the way Fontakt has handled your complaint, you have the right to contact the Data Protection Inspectorate (more information is available on the website www.aki.ee).