PRIVACY POLICY
Controller of personal data processing:
The controller of personal data processing is COMUS OÜ, reachable at info@comus.ee (referred to as «Comus»), with website www.comus.ee.
Processor of personal data:
The processor, COMUS, acts in accordance with the instructions of Comus and employs technical and organizational data protection measures to process the Client’s personal data as required and permitted by the laws and regulations of the United Kingdom. Other personal data processors authorized by Comus may receive and process Client’s data.
Applicable laws:
– Personal Data Protection Law.
What is Privacy Policy?
4.1. The Privacy Policy (hereinafter referred to as the «Policy») outlines how Comus collects, processes, stores, shares, deletes, and protects the Client’s personal data, ensuring lawful, transparent, and trustworthy processing. This policy applies to the Client’s personal data, any processing of natural persons’ personal data, and services provided to the Client.
4.2. Any updates to this policy by Comus will be published on its website www.comus.ee under «Information – Privacy Policy».
4.3. Comus processes data collected from service provision to better tailor products and services, ensuring their maintenance, protection, and improvement.
What personal data is processed by Comus?
5.1. The categories of personal data processed by Comus depend on the products and services used by the Client. Comus may process the following personal data categories for the purposes outlined in paragraph 7 of this Policy:
– name, surname, correspondence address, telephone number, and email address;
– communication data – email, letter, or other communication with Comus;
– data disclosed to Comus by the Client.
5.2. Comus processes data on the use of products and services, including:
– Client’s IP address information;
– cookies (website browsing data) – data collected while browsing Comus websites (www.comus.ee);
– date, time, Internet browsing volume, and location during browsing;
– other personal data depending on the service provided, with prior notification to the Client.
What are the grounds for processing Client’s personal data?
6.1. Client’s consent – Client provides consent for the collection and processing of personal data for specific purposes. The Client’s consent for direct marketing purposes, to receive new and individual offers, will align with Comus activities following the E-Private Regulation. The Client’s consent, given in writing (e.g., by filling out forms in Comus stores, or by sending electronic requests to info@comus.ee), can be withdrawn at any time. Withdrawal of consent does not affect the legality of prior processing.
6.2. Conclusion and fulfillment of the Agreement – Comus processes personal data to conclude and execute agreements with the Client, providing quality services.
6.3. Legitimate interests of Comus – Comus processes personal data to ensure quality services and support to the Client, including direct marketing. Processing is carried out to the extent necessary and sufficient for the purposes specified in paragraphs 7.1 to 7.2 of this Policy.
6.4. Enforcement of legal obligations – Comus processes personal data to comply with regulatory requirements and respond to legitimate requests from authorities.
For what purposes will Comus process Client’s personal data?
7.1. Comus processes personal data to ensure quality service during the contractual relationship:
– managing Client relationships, including conclusion and execution of agreements;
– handling Client complaints and providing support;
– informing Client about products and services.
7.2. Comus processes personal data to promote industry development and offer new services, including:
– creating new products and making offers;
– analyzing market trends and developing business models.
7.3. Comus processes personal data for internal processes, document circulation, and archiving.
7.4. With the Client’s explicit consent, Comus may process data for:
– market promotion, sending wishes, awarding bonuses, organizing surveys.
Is the Client entitled to restrict data processing?
8.1. Profiling – Comus may carry out profiling for business purposes. The Client can object to automated decisions.
8.2. Direct marketing – Comus performs direct marketing based on legitimate interests. The Client can opt-out of receiving commercial communications at any time.
8.3. The Client can object to profiling or refuse commercial communications by informing Comus in writing.
What are cookies and how can Comus process them?
9.1. Cookies are small text files stored on the Client’s device while visiting Comus websites. Cookies improve user experience and ease of using the website.
9.2. Cookies help analyze user habits, diagnose website issues, collect statistics, and ensure full website functionality.
9.3. Clients can adjust browser settings to disallow cookies, but this may impair website functionality. Deleting cookies is possible through browser settings.
9.4. Comus websites use functional, analytical, advertising, and mandatory cookies.
How does Comus receive Client’s personal data?
10.1. Comus receives personal data when the Client:
– purchases and uses products/services;
– signs up for news/services;
– requests information from Comus;
– participates in contests/surveys;
– visits/browses Comus websites.
10.2. Comus may process personal data received from third parties with Client consent.
10.3. Comus may receive personal data from other companies/partners with Client consent.
What is the processing time for Client’s personal data?
Comus will process personal data until:
– agreement termination;
– retention period defined by law/regulations;
– necessary for legitimate interests;
– consent withdrawal.
Sharing Client’s personal data
12.1. Comus may share personal data with partners involved in service provision.
12.2. Comus will disclose personal data to authorities if required by law.
12.3. Comus will share personal data only as necessary and in compliance with legal requirements.
How does Comus protect Client’s personal data?
13.1. Comus implements technical and organizational measures to protect personal data from unauthorized access, loss, or disclosure.
13.2. Comus evaluates service providers’ security measures and ensures compliance with regulatory requirements.
13.3. Comus is not liable for unauthorized access or data loss not attributable to Comus.
13.4. Comus will notify authorities and the Client of any data threats if necessary.
What are the Client’s rights?
14.1. Clients can request a copy of their personal data from Comus.
14.2. Clients can request correction of personal data held by Comus.
14.3. Clients have the right to know who has received their personal data from Comus.
14.4. Clients can request deletion or restriction of personal data processing.
14.5. Clients can request the transfer of personal data to another data controller.
From May 25, 2018, Clients are entitled to:
– object to personal data processing based on legitimate interests;
– request deletion or restriction of personal data processing;
– object to profiling or refuse commercial communications.
Clients can exercise their rights by contacting Comus at info@comus.ee.
