Updated on: 12 September 2023
Effective date: 30 September 2023
Changelog
2023-09-12: Added definitions for consenting to Calidity's use of your personal data when you consent to processing via the e-elering portal.
Privacy Policy
Tarkvent OÜ (hereinafter ”Calidity” or ” we“) is an Estonian company offering its clients an energy management system/platform accessible via the website https://calidity.app. The majority of our clients and other cooperation partners are legal persons, i.e. companies. Hence, this Privacy Policy describes how the personal data of the contact persons (hereinafter ” you“) of our corporate clients and other corporate partners is processed by Calidity in the context of conducting its business. In such a context we as the data controller collect your personal data merely because you are representing the company which is our corporate client or our corporate cooperation partner.
Calidity provides its corporate clients system/platform for storage, management, analysis and evaluation of their building dataand has no direct relation with the customers of its corporate client and no individual interest in the processing of the personal data of such customers, the corporate client of Calidity is the controller of such personal data and we act as the processor in the meaning of General Data Protection Regulation ((EU) 2016/679). This means that we are processing the personal data of the customers of our corporate clients in accordance with the agreement between us and our corporate client and for the purposes of rendering services to our client.
Who is the data controller?
Tarkvent OÜ
Narva maantee 3
Tartu 51013, Estonia
E-mail: info@calidity.app
We process your data with great responsibility, your privacy is important to us. In this Privacy Policy, we tell you how we process your data, why we do it, and what are your rights, and how you can exercise them.
Your data will be collected when you sign-up to use our web or mobile services, participate in a marketing campaign or survey, provide feedback, contact our customer service or otherwise interact with us as the representative of our client.
We mainly process your data in the course of performance of the services ordered by the client or communicating with the cooperation partner but also in our marketing and client communication, as well as in our customer services.
How and when do we obtain your data?
We obtain data about you when you:
What data we may collect about you?
We collect the following data through the use of our services:
Some of the data indicated above may be collected from public sources or third parties. When collecting your data (for example when opening a client account with Calidity), we indicate which information is obligatory to provide. If you do not provide such data, we may not be able to render to the client the services (e.g. to create a user account for the client) it requires.
Please note that if you act as a representative of our corporate client or partner (e.g. as an employee, member of management body, etc), we presume that the information you provide about yourself is not strictly personal and may be used by us in connection with rendering services to and communicating with the corporate client or partner.
How do we use your data and what is the legal basis for the use?
For our corporate customers, we use your data for the rendering of the services which the corporate client has ordered from us or for communicating with the corporate partner you represent. The legal basis for doing this is our legitimate interest – we need to communicate with a legal person and if you act as representative of one, we assume that there is a balance of interest and we do not conflict with your interests, rights, and freedoms.
In the case of processing of the personal data on the basis of the legitimate interest, a data subject always has the right to object to such processing. If you do object, we will inform our corporate client/partner asking to provide us with a new contact person or otherwise comment on your objection.
In case you have consented to our processing of your data using the e-elering portal, we will use this personal data to integrate your energy data within Calidity. We may also use this data to contact you in order to set up the integration, or for other purposes mentioned in this policy.
We may also use your data for direct marketing of our services and products to our corporate customer, i.e. not to you personally. If you receive marketing communication like this from Calidity, you can always opt out by unsubscribing through the link at the end of the message you receive from us or by emailing us to info@calidity.app
How long do we store your data?
We store your data for as long as is necessary for the purposes described in this Privacy Policy and to comply with any mandatory legislation, such as accounting laws.
When processing the personal data of the representatives of our corporate clients and partners we retain your personal data until we no longer need it for the purpose it was collected for, or until you no longer perform the tasks in the company on the basis of which your personal data is processed.
Please note that notwithstanding the above, we may have an obligation due to mandatory legislation to process certain data concerning you. For example, we have an obligation deriving from accounting law to retain all original accounting documents for 7 years. If such documents in relation to our corporate client or partner include your name, e-mail, or other personal data we retain this data because we have to retain the document. However, in such a case, we will only process your personal data for the purpose of complying with the legislation in question and not for any other purposes. We may also need to retain your personal data longer if this is needed in relation to a legal claim made against us or making a legal claim by us against the company you are representing.
In addition, we may process the data in an aggregated or anonymized format, for example for analysis and statistical purposes and to improve and develop our services.
Who else handles your data?
As a general rule, your data is processed within Calidity. In connection with the rendering of our services to our corporate client, we may disclose your data or some of it to third parties. Such third parties include for example our partners offering us for example the following services: accounting services, hosting, maintenance, product analytics etc.
When we use third-party service providers in the processing of personal data, we have data processing and protection agreements in place not allowing the third-party processors to use your data for other purposes than those determined by us.
We may also disclose your data to the authorities if this is required under applicable laws. If Calidity processes your data outside the EEA, it will do so subject to required applicable safeguards, such as the EU Commission’ Standard Contractual Clauses.
What are your rights in connection with your data?
Right to access – you have the right to know which data we hold about you (if any).
Right to data rectification – you have the right to require corrections to your personal data in case they are inaccurate or incomplete.
Right to data deletion – you have the right under certain conditions to request the deletion of your personal data including in situations where the processing of your personal data is no longer necessary for the purposes for which it was collected, or if the processing of your personal data was based on your consent and you wish to withdraw your consent, and there are no other grounds for processing your personal data.
Right to restrict processing– you have the right under certain circumstances to forbid or restrict the processing of your personal data for a certain period (e.g. you have submitted an objection concerning data processing).
Right to object– You have the right to object to data processing based on our legitimate interest. Calidity must stop processing your personal data upon such objection, except if it can argue that your personal data is processed for effective legal reasons (decided case by case).
In order to exercise your rights, please send respective inquiries to info@calidity.app. We have the right to respond to your query within 30 days.
How do we protect your data?
Calidity has taken necessary legal, organizational, physical, and technical security measures to protect your personal data. Some examples of the measures we use:
Technical measures – all computers used inter alia for processing of personal data are protected with password-protected screensavers; it is ensured that the IT-system does not accept new login attempts and locks the username when a certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).
Physical measures – IT-systems are sufficiently protected against fire, overheating, water, current instability, and power outages.
Organizational means – all IT system users are assigned roles and profiles; it is ensured that access rights are deleted when the employee leaves Calidity; it is ensured that there is no access from publicly used rooms to rooms where personal data is being processed.
The right to submit a complaint to a supervisory authority
Should you desire further information concerning your personal data or exercising your rights, you have the possibility to contact us at info@calidity.app
If you believe that the processing of your personal data breaches the requirements of the General Data Protection Regulation ((EU) 2016/679), you have the right, without prejudice to any other administrative or judicial remedy, to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Estonia, the relevant supervisory authority is Andmekaitse Inspektsioon.
What about cookies?
We use automatically-collected information and other information collected on our service through cookies and similar technologies to (i) personalize our service, such as remembering a user’s or visitor’s information so that the user or visitor will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of the service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as a total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the service.
And analytics?
We use Google Analytics to measure and evaluate access to and traffic on the public area of the Calidity website and create user navigation reports for our website administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate users’ and visitors’ activity on our website. For more information, see Google Analytics Privacy and Data Sharing.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site, and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify visitors or users.
Updated on: 10 August 2023