Privacy Policy

Privacy Policy

The principles under which AS Olerex (hereinafter Olerex) processes personal data of natural persons are published in this Privacy Policy (hereinafter the Policy) and apply from the date indicated above. Additional principles regarding the processing of personal data may also be included in agreements and/or other service-related documents.

Olerex processes personal data as little as possible but as much as necessary in order to perform its tasks and obligations. When processing personal data, we comply with the legislation of Estonia and the European Union.

Access to personal data is granted only to employees whose work duties require such access, and the processing of personal data is limited to what is necessary for the performance of their duties. We make every effort to protect personal data from access by persons who are not authorized to receive such data.

The processing of personal data is necessary for the performance of contracts and helps us provide you with better products and services. We want you to be aware of which personal data we process, the purpose and legal basis of the processing, how we use the personal data, and what your rights and obligations are.

Olerex makes every effort to ensure that personal data in its possession is accurate and relevant. For this purpose, we delete data that is no longer necessary and update existing data. In the Private Customer Self-Service portal
https://iseteenindus.olerex.ee/ you can view and modify most of your personal data. To ensure data accuracy, we expect that you periodically verify the correctness of your data and notify us promptly of any changes.

Definitions

Customer – any natural or legal person who has expressed a desire to use, uses, or has used services provided by Olerex, or is otherwise related to the services.

Customer Data – any information known to Olerex about the Customer or their representatives.

Personal Data – any information directly or indirectly related to a natural person.

Data Subject – a natural person whose personal data is processed.

Processing – any operation performed on personal data (including collection, storage, preservation, modification, granting access, making queries, transferring data, etc.).

Marketing – activities carried out by Olerex with the aim of identifying customer interest in goods and services, establishing, maintaining, and expanding relationships with new and existing customers. Olerex also considers direct marketing, including promotional offers sent to customers regarding goods and services offered by Olerex, as marketing.

Controller – AS Olerex, the entity that determines the purposes and means of processing personal data.

Processor – a person or entity that processes personal data on behalf of the Controller (i.e., Olerex).

What Data Is Considered Personal Data?

Personal data is any information relating to an identified or identifiable natural person (the data subject). An identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, personal identification code, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

The categories of data that Olerex collects and processes include:

Basic data, such as
first and last name, personal identification code, date of birth, identity document details (ID card, passport), residential address, telephone number, e-mail address, and communication language.

Financial data, such as
data submitted by the Customer or visible in public registers regarding ownership and overdue obligations.

Communication data, such as
data submitted through e-mail or other communication channels, including social media; recordings of phone calls and security cameras.

Service-related data, such as
concluded and terminated contracts and their performance, discounts and completed transactions, participation in campaigns and games.

Video surveillance data, such as
recordings from security cameras at service stations.

Data obtained or created in fulfilling legal obligations, such as
data arising from orders and/or requests from the police, tax authorities, bailiffs, bankruptcy trustees, or other authorities.

For What Purposes Do We Collect and Process Personal Data?

We collect and process personal data in order to:

  • conclude contracts and manage customer relationships;
  • provide additional services, conduct customer satisfaction surveys and market analyses, and collect statistics;
  • perform creditworthiness assessments;
  • verify identity and comply with legal obligations;
  • protect the interests of the customer and/or Olerex, including presenting, proving, and defending legal claims; ensuring proper provision of services; preventing misuse of services, breach of contract, financial loss, or other violations of rights or obligations;
  • protect the interests of Olerex employees.

What Are the Legal Bases for Processing Personal Data?

We process your personal data:

When necessary for providing services and performing a contract.
In this case the legal basis is the contract concluded with the customer – GDPR Article 6 (1)(b).

When necessary to take steps prior to entering into a contract at the request of the data subject.
The legal basis is the request of the data subject to enter into pre-contractual negotiations – GDPR Article 6 (1)(b).

To develop and improve our services.
In this case the legal basis is the legitimate interest of Olerex as the controller to improve and develop the functioning and quality of our services – GDPR Article 6 (1)(f).

When personal data is collected via video surveillance.
The legal basis is the legitimate interest of Olerex to protect its employees – GDPR Article 6 (1)(f).

To comply with legal obligations.
The legal basis is the fulfilment of Olerex’s legal obligations – GDPR Article 6 (1)(c).

Principles for Processing Personal Data in Marketing

For direct marketing, we use the electronic contact details of a natural person customer only with the customer's prior consent in order to send personalized offers and advertisements. The legal basis for such processing is the data subject’s consent – GDPR Article 6 (1)(a).

You have the right to give and withdraw your consent at any time. Consent can be given and withdrawn in the Private Customer Self-Service portal, or by removing yourself from the recipient list via the hyperlink included in direct marketing messages.

Information about Olerex services in general or information related to the performance of a contract between the parties (e.g., notifications about outstanding payments, changes in price lists, etc.) is not considered personalized marketing. It is not possible for customers to opt out of receiving such information.

Recruitment

Recruitment and the organization of competitions for vacant positions, including the evaluation of candidates, are carried out by the employee responsible for human resources at Olerex.

Public competitions are announced on the Olerex website
http://olerex.ee/era/tuletoole
as well as on job portals, in media (including social media), and/or other channels selected by us. In addition to publishing job offers, we may also use direct candidate search.

Olerex reserves the right to cancel an announced recruitment competition or modify its conditions. In such cases, candidates will be informed using the contact details provided to Olerex and through the channels where the vacancy announcement was published.

Depending on the position, candidates may go through several recruitment stages, such as document review and interviews.

Olerex may collect additional information about candidates from public sources, including public registers (e.g., payment default registers). Candidates have the right to review the information collected about them and submit explanations or objections.

We assume that references provided in application documents have given consent to respond to inquiries about the candidate and have agreed to be contacted by Olerex.

Recruitment documents are retained for the following purposes:

  • resolving possible legal disputes arising from the recruitment process – up to 1 year;
  • offering employment to the next candidate in the ranking – up to 150 days from offering the position to the selected candidate;
  • contacting the candidate for future recruitment opportunities with the candidate’s consent.

Candidate data is restricted information, and third parties may access it only in cases prescribed by law.

From Whom and How Do We Collect Personal Data?

As a rule, we collect personal data directly from you. You provide us with data when submitting credit applications, entering into contracts, performing transactions, submitting inquiries, and participating in campaigns.

Providing personal data is mandatory only when necessary for entering into a contract or when required by law. Failure to provide the personal data necessary for entering into a contract may result in the contract not being concluded.

We may also receive data from third parties, such as authorized representatives, public registers and databases, and law enforcement authorities. In addition, we may obtain personal data from information publicly available on the internet.

Data Protection

Olerex uses modern data protection and security measures, including controlled user access rights, risk management, firewalls, and various security and monitoring systems. Internal practices and policies are continuously updated in accordance with legal requirements and technological developments.

Rights of the Data Subject

As a private customer, you have the right at any time to:

  • obtain confirmation whether Olerex processes your personal data;
  • receive personal data you have provided and that is processed on the basis of consent or a contract in a written or commonly used electronic format and, where technically feasible, transmit those data to another service provider (data portability);
  • correct inaccurate or incomplete personal data;
  • withdraw consent for data processing and request deletion of data processed on the basis of consent;
  • object to the processing of personal data;
  • request that decisions with legal effects are not based solely on automated decision-making;
  • submit a complaint to the Estonian Data Protection Inspectorate (http://www.aki.ee).

Amendments to the Privacy Policy

Olerex reserves the right to unilaterally amend this Privacy Policy. Any changes resulting from legal amendments, service development, or other needs will be published on the Olerex website and, where necessary, communicated to you by e-mail.

Contact

The controller responsible for processing personal data is:

AS Olerex
Registry code: 10136870
Address: Võru tn 176, Tartu, 50112, Estonia

Information about personal data processed by Olerex is available in the Private Customer Self-Service portal:
https://iseteenindus.olerex.ee/

For additional questions regarding the processing of your personal data, please contact:
isikuandmed@olerex.ee

Requests must be digitally signed to ensure that data is disclosed only to authorized persons. Olerex reserves the right to request additional information or documents to verify the identity of the requester.

We will respond to requests as soon as possible but no later than within 30 calendar days.

ЛЬГОТНАЯ КАРТА