Privacy Policy

1. INTRODUCTION

By using robbybobby.ee website, you confirm that you have understood the current privacy policy and have accepted its conditions. We have the right to renew and change privacy policy if necessary. Changes will be shown to customers on our website.

Robby&bobby OÜ is the owner of the website. Website content copyright holder is Robby&Bobby OÜ, unless stated otherwise. Use of website content in any way (also partially) is allowed with sole consent by Robby&Bobby OÜ. When consent is given, a link to every content copy of this website must be added.

Website content is informative. Owner of website does not claim the website content or content of referred webpages to be exact or complete. Website owner is not liable for information mistakes or deficiencies nor their availability.

Current Privacy Policy is drawn up in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council) and the Personal Data Protection Act. It applies to our customers and potential customers who have requested to subscribe to or collaborate with our services.

Current privacy policy gives you information about how we gather and use your personal data for using website (robbybobby.ee), including any information you submit to us, when buying some product, subscribing newsletter or drawing a prize.

Robby&Bobby is data processor and we are responsible for protection of your personal data.

Contact data:

E-mail address: krista.teearu@robbybobby.ee

Postal address: Tammsaare tee 92 Tallinn

Phone: +372 513 2365

2. TERMS AND DEFINITIONS

Website – domain robbybobby.ee
Customer – natural or legal person, who uses, has used or wishes to use our services or is in any other way related to our services
Data subject – natural person, who can be identified according to our information and knowledge. Data subjects are for example natural persons as customers, visitors, those who submit inquiries and questions/applications, partners, representatives of customers as legal persons and employees (hereinafter as person or customer)
Personal data – any information about identified or identifiable natural person (data subject). Identifiable natural person is a person who can be directly or indirectly identified by personal data, location data, or according to physiological, social or economic special features
Processing – automated or non-automated actions made with personal data, like collecting, documenting, arranging, structuring, preserving, adjusting or changing, submitting inquiries, reading, using, publicizing (including forwarding, publishing or making them available in other ways), reconciling or uniting, restricting, deleting and destroying
Controller – natural or legal person, public institution or local government, who is primary collector of personal data and who sets out the means and goals of the controlled personal data
Authorized processor – natural or legal person, public institution or local government, who processes personal data upon the request of controller and according to the given guidance.

Due to the nature of accounting services, we are acting both as authorized processor as well as controller regarding the personal data of our employees and regarding the personal data submitted to us by our customers. As a processor, we process such data upon customer demand and according to customer instructions. Relations, rights and authorities between controller and authorized processor shall be defined, if necessary, in customer contract, considering the general liabilities under the applicable legal acts.

3. PERSONAL DATA

We process customer personal data only for the purposes set out in Personal Data Protection regulation and the Personal Data Protection Act. We process the following customer personal data:

Person identification data	Name and surname, contact data (Inc. place of residence, e-mail address, contact phone number), personal ID/birth data, copy of Document (Passport, ID-card), citizenship, if necessary, data due to other legal act (Inc. The Money Laundering and Terrorist Financing Prevention Act).
Right of customer representation	Data about connections to legal persons (i.e. data submitted by person or from public registers, representation basis or other relations for representing legal person or for making transactions in the name of legal person).
Data related to service provision	Personal data revealed by providing services to customer, so-called indirectly received data (i.e. customer employees, customers, suppliers and contract partners) that we process for accounting and for providing other related services and which may include the following data: name and surname, national identification code/date of birth, number of dependent family members, marital status, contact data (place of residence, e-mail address and contact phone number), residency, profession, paid fees, bank account number, customer work contracts, additional data needed for remuneration calculations (including salary calculations, miscellaneous health data, bailiff letters), service to be ordered, goods to be bought, settlements and arrears, partner/shareholder data, beneficiary data or personal data of persons related to business in other ways like investments and financial interests) Data, reflecting person’s actions on contracting for services and use of services, including service content, signed contracts and data for contract breach, customer communication and correspondence (payments, arrears) Details of bank transactions, including payer’s name, payment date, currency, sum and explanation.
Other data	Internet data: data related to website usage, cookies, logging data and IP addresses.

We collect data in different ways:

data submitted to us by person (i.e. by requests, applications, contract signing) and data received by communication (i.e. correspondence, phone conversations, conversations etc.)
data disclosed in internet and on social media by the person
data received upon payment for services
data received from third persons – public registers, authorities
earlier information about persona and service, recorded in our databases.

4. DATA PROCESSING PURPOSE AND BASIS

We have legal basis and interest in processing personal information of a customer or customer representative during the creation, duration and termination of cooperation and customer relationship and to maintain personally identifiable data throughout the process, including for legal purposes, lawsuits, and litigation.

We collect and process data in the following situations and purposes:

For the purpose and on the basis of Contract performance	service offering, making price quote for customer, pre-contractual activities, signing and executing customer contract customer person identification and establishing the right of representation arranging and recording customer communication, updating and correcting personal data data received during service provision, keeping records of customer works, earlier projects, time recording, processing of purchase and sales invoices data related to customer payment obligations, settlements, invoicing and payment collection filing customer claims or participating in legal proceedings.
To fulfil a legal obligation	due diligence, inc. prevention of money laundering and terrorist financing accounting and tax compliance mandatory notification of public authorities and response to information requests from public authorities (considering restrictions arising from law) forwarding personal data to processors, national or supervisory authorities protection of our and customer assets.
By legitimate interest	protecting customer and our legitimate interests to improve the quality of our services, to prove a business relationship and to enhance customer communication marketing activities, maintaining and developing customer relationships, including the provision of information related to the organization of customer events and training capturing customer events and trainings with photos and / or filming to introduce our business, products and services to customers, and to provide events of interest.
With Customer consent	direct promotion (i.e. promoting and offering our services by e-mail) data generated from website visits and usage (i.e. data about your website usage, IP address and location data).

5. ACCESS TO PERSONAL DATA AND SECURITY

We guarantee the confidentiality of personal data, required by law and secure personal data protection against unauthorized access, illegal processing or disclosure, accidental loss, alteration or destruction.

Only our legal representatives or appointed employees have access to personal data. Certain personal data can be forwarded to third person, i.e. to controller, with the purpose to fulfil contractual and legal obligations.

We arrange data exchange and storage in a secure way, using multiple personal access and identification codes and secure information channels. Therefore access for third persons is restricted and data leakage risk minimized.

6. DATA SHARING

We forward customer personal data to third persons if required by law, necessary for our work arrangements or to fulfil our legal obligations or rights or on any other legal basis. Personal data submitted to authorized processors are processed according to legal basis and only to necessary extent.

We forward personal data to the following receivers:

Authorized processors with the purpose to arrange our works (i.e. IT-systems manager, accounting software)
Authorities (Tax and Customs Board, Unemployment Insurance Fund, Health Insurance Fund, courts, Police and Border Guard Board, Financial Intelligence Unit, Data Protection Inspectorate)
Legal and auditor service providers.

7. PERSONAL DATA STORAGE AND TIME

We do not process personal data longer than necessary for achieving our goals related to corresponding data, including the liability of data storage set in legal acts.

According to the abovementioned, in storing personal data we consider the following:

accounting documents are stored for 7 years, according to accounting rules;
data collected according to the law on the prevention of money laundering and terrorist financing are stored for 5 years;
information received on the basis of consent is held until the consent is withdrawn.

Customer has the right to withdraw the consent at any time, by submitting a corresponding message by e-mail or according to guidance given at the newsletter footage. Consent withdrawal does not affect the legality of personal data processing prior to consent withdrawal.

Personal data processing occurs in the limits of EU/European Economic Area. Should there occur a necessity to process data in the servers outside of the previously mentioned area, the data shall be forwarded only to receivers who are located in the country with sufficient data protection level according to EU Commission decision in this respect or to receivers who have been certified according to data protection framework Privacy Policy (applied to receivers residing in USA).

8. CUSTOMER RIGHTS

In case of our arrangements of personal data protection, customer has the following rights:

get to know information about person, if necessary, receive a copy of data
demand corrections of outdated or incorrect data
demand data deletion or seize of processing, if there is no more legal basis for data storage or processing and when personal data storing is no longer necessary for data processing
demand the submission of data to third persons
right to submit a complaint to regulatory authority.

To exercise the abovementioned rights, you need to turn to our representative. If customer suspects the false use of his personal data, our representative must be noted immediately.

9. COOKIES AND OTHER WEB TECHNOLOGIES

Robby&Bobby OÜ uses cookies (small text files) directly or through third persons for better user experience, statistics, security and better service quality and more effective marketing activities. Cookies are saved in User PC or mobile device, if allowed by User. This is common for most of the websites. Cookies are necessary for logging in as a user, for offering social media functions and for Website usage statistical analysis.

We use cookies in order to ensure Website functions. In other cases we consider the User consent on website.

User can either decline the usage of cookies in his web browser or delete them, however in this case Robby & Bobby OÜ cannot ensure the correct functioning of website.

If you have questions regarding the use of personal data processing, please contact us:

E-mail address: krista.teearu@robbybobby.ee

Postal address: Tammsaare tee 92, Tallinn

Phone: +372 513 2365

10. OTHER PROVISIONS

Robby&Bobby OÜ has the right to change current Privacy Policy unilaterally, informing users about changes on website, by e-mail or in any other way.