The appropriate processing of personal data is taken very seriously at Itella Estonia OÜ (Itella). This includes fair and transparent processing, and acknowledging and complying with the principles of data protection. The rights of the data subject are respected and data is only processed on legal grounds and to the extent that isnecessary for providing the services offered by Itella.

Itella’s aim is to comply with all the data protection legislation, including but not limited to the European General Data Protection Regulation, applicable to its business and this Policy is intended to summarize such key requirements as applied with Itella.

Processing of personal data is made transparent so that the data subject has the right to gain knowledge of the processing of their data in Itella. Transparency also requires that, if necessary, the decisions, choices and implementations and the grounds for them can be shown from documents in connection to the processing of personal data.

The safeguards and controls for protecting the personal data processed by Itella are selected based on a risk assessment. This way, risks are assessed based on the needs of the business as well as based on the data subjects and the information regarding them.

When a subcontractor processes Itella’s personal data for Itella, Itella is responsible for ensuring that the subcontractor processes data according to the same principles as Itella.

Any misuse or malpractice of personal data or a threat posed to them are investigated, and they are reported and communicated according to the severity of the case.

Itella’s target is to always comply with the following data protection principles when processing personal data at Itella: 

  • Lawfulness, fairness and transparency

 Personal data must be used in a lawful, fair and transparent manner from the perspective of the data subject.

  • Purpose limitation

Personal data must be collected for a specified, explicit and legitimate purpose and not processed further in a manner that is incompatible with the original purpose.

  • Data minimization

Personal data must be adequate, relevant and limited to what is necessary for those purposes for which the data is processed.

  • Accuracy

Personal data to be processed must be valid, accurate and updated, if necessary.

  • Storage limitation

Personal data can only be stored for as long as is necessary for fulfilling the purpose.

  • Authenticity, integrity and confidentiality

Personal data must be processed in a manner that ensures appropriate data security, including protection from unlawful or unauthorized processing and accidental destruction, loss or damage (data security).

Itella’s target is to always be able to demonstrate with both documents and practice that it complies with the abovementioned principles (accountability).

  • If you have any questions about data processing, please call the Itella’s information line at +3726990431 or send e-mal estonia@itella.com.