Org. ID | 0654604-7 |
contact@lexpert.com | |
Phone | +358 9 135 5800 |
Our privacy policy is:
Our policy applies to:
We decide why and how your personal data are processed. We are responsible for processing your personal data.
We collect your personal data:
We collect your personal data:
When you provide us with your personal data, your provision is:
If you fail to provide us with your personal data and such provision is voluntary, then it can affect you: If you choose not to provide us with personal data, you can continue to use the website and browse its pages, but we will not be able to deliver our services and process transactions without personal data.
Obligatory provision of personal data is:
We process your:
The legal ground for our processing of your regular personal data is:
We collect personal data:
We are:
We process your personal data in the:
We process your personal data in a situation that concerns:
We do not use your personal data to automatically evaluate aspects of your personality.
We do not use your personal data to automatize decisions about you.
We process your personal data for the purposes that are described in Section 3.
Our processing purposes are
We do not process your personal data for secondary purposes that are inconsistent with the primary purposes for which your personal data is collected initially,
We inform you before we process your personal data for secondary purposes
We limit the duration we store your personal data to what is necessary for our processing purposes.
We continuously review the necessity of our continued storage of your personal data: Once a year we review whether to keep or delete the data.
If the further retention of your personal data is necessary for the purposes that are specified by law, we can further retain your personal data.
We do not disclose your personal data to recipients.
We do not transfer your personal data
We secure your personal data
If we have a reasonable degree of certainty of a breach of the security of the processing of your personal data, then we will:
We are not obliged to notify you directly if
You have the right to access your personal data.
If you request that we confirm whether or not we process your personal data, then you have a right that obliges us to confirm that we
Your right to obtain confirmation from us that we process (or do not process) your personal data
We must give you access to your personal data if
We must provide you with a copy of your personal data if
If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs.
You have the right to the information about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA if
You have the right to the rectification of your personal data.
Your right to obtain rectification of personal data that are inaccurate
We must rectify your personal data if
We must complete your personal data if
You have the right to provide us with a supplementary statement.
We must communicate the rectification of your personal data to recipients of your personal data (if any).
We do not communicate the rectification of your personal data to recipients of your personal data if the communication to the recipient
You have the right to the erasure of your personal data.
We must erase your personal data without undue delay if
We must erase your personal data without undue delay if
We must erase your personal data without undue delay if
We must erase your personal data without undue delay if
We must erase your personal data without undue delay if
We must erase your personal data without undue delay if
We must erase your personal data without undue delay if
We must communicate the erasure of your personal data to the recipients to which we disclose the personal data (if any).
We do not communicate the erasure of your personal data to recipients of your personal data if the communication to the recipient
You have the right to obtain from us the restriction of our processing of your personal data.
Your right to obtain restriction of our processing of your personal data
We must restrict the processing of your personal data for a period to verify the accuracy of your personal data if
We must restrict the processing of your personal data if
We must restrict the processing of your personal data if
We must restrict the processing of your personal data if
We must communicate the restriction of processing of your personal data to recipients of your personal data (if any).
We do not communicate the restriction of processing of your personal data to recipients of your personal data if the communication to the recipient
If we restrict our processing of your personal data, then we can
If you obtain a restriction of our processing of your personal data, then we must inform you before a lift of the restriction.
If we process your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, then you have the the right to object to our processing of your personal data for such purposes.
Your right to object to our processing of your personal data for direct marketing purposes
If you object to our processing of your personal data for direct marketing purposes, then we must omit our processing of your personal data for such purposes.
If we process your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, then
We invite you to communicate with us about the exercise of your rights concerning the protection of your personal data.
We only accept written requests since we cannot deal with verbal requests immediately without first
Your request should contain a detailed, accurate description of which right you want to exercise.
You must provide us with a copy of an identification document to confirm your identity, for example,
The document should contain:
Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be masked out.
We will not accept other means of assuring your identity.
If you wish to propose alternatives, we will assess them on a case-by-case basis.
Our use of the information on your identification document
You can send your request that concerns the protection of your personal data to:
You receive our answer to your request that concerns the protection of your personal data at:
We have a person who is responsible for handling of your request that concerns the protection of your personal data.
We have policies that ensure that your requests concerning the protection of your personal data are
We inform you of our handling of your request that we exercise your rights (regarding the protection of your personal) within:
You can lodge a complaint to a supervisory authority
The Supervisory Authority should within a reasonable period inform you of
You can mandate that an organization lodges a complaint on your behalf with a Supervisory Authority.
The Supervisory Authority should within a reasonable period inform you of
You can seek a judicial remedy in the EU and the EEA against
You can mandate that an organization exercises your right
Currently, you cannot choose why and how we process your personal data.
If we change our privacy policy, then we publish a new version of it.
Personal data means any information relating to an identified or identifiable natural person (data subject).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:
Regular personal data are - in the GDPR - personal data that are not special categories of personal data. There is no exhaustive list of such personal data.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as
Processing Purpose means the reason why you process personal data.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Supervisory Authority means an independent public authority which is established by a Member State pursuant to Article 51 GDPR.
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce, and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law.
Adequacy Decision by the Commission The European Commission has the power to determine, on the basis of article 45 GDPR, whether a country outside the EU offers an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into.
The effect of such a decision is that personal data can flow from the EEA (EU and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary.
The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations - PIPEDA), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection.
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.