Valid as of 1 January 2019
This document describes how Solaris Keskus AS (registry code: 10674030; address: Estonia pst. 9, Tallinn; e-mail: firstname.lastname@example.org; telephone: +372 615 5125; hereinafter: Solaris Keskus), as the chief processor, processes the personal data of visitors and other individuals in the course of operations of the shopping and lifestyle centre Solaris Keskus (hereinafter: the Centre) at Estonia pst 9.
The protection of personal data is very important to Solaris Keskus and in processing such data we are guided by the relevant legal acts of the Republic of Estonia and of the European Union.
Purpose of processing personal data
Solaris Keskus processes data pertaining to visitors and clients for the following purposes:
Newsletter – We collect personal data in order to send the Solaris Keskus newsletter to individuals who have consented to receive it. In order to receive the newsletter, the individual submits the following data: their gender, their preferred language of communication and their e-mail address. The consent granted in order to subscribe to the newsletter can be withdrawn by the individual at any time via the link provided in the newsletter. We process personal data related to the newsletter for the term of validity of the consent.
Marketing – We collect personal data in the course of prize draw campaigns organised in Solaris Keskus’ social media channels by Solaris Keskus or one of our contractual partners. We only use personal data in such campaigns with the consent of the individual for the purpose of conducting the prize draws and presenting the winners with their prizes. Once these objectives have been achieved, the relevant personal data are deleted. We preserve marketing campaign data until the end of the campaign in question, but for no longer than three months in total.
We also process personal data in our marketing activities in order to boost the popularity of and visitor numbers to Solaris Keskus. For example, we collect and record in our contacts the personal data of public figures and ‘influencers’ or media representatives (their name, e-mail address and in some cases telephone number) that are available from public sources or from our contractual partners (including PR agencies) on the assumption that these individuals are interested in receiving notifications and invitations from Solaris Keskus. We preserve processed personal data for as long as required to achieve the objective of processing them.
Video surveillance – For public safety and the protection of individuals and property, Solaris Keskus has a justified interest in conducting video surveillance within the Centre and along its external perimeter, monitored in real time by an employee of the company providing a security service to Solaris Keskus. Video material is preserved for 30 days.
Video recordings which are connected to incidents that have occurred at Solaris Keskus (involving e.g. damage, injury or a breach of the peace) shall be preserved and processed on a case-by-case basis in accordance with our justified interest, that of our contractual partners and/or that of visitors to the Centre or in accordance with the law. Video recordings which are connected to such incidents are preserved for a maximum of three years after the processing of the case has ended.
Business relations – We collect and process the data of individuals linked to the legal entities with whom we pursue business relations for the fulfilment of relevant contracts or to ensure the fulfilment of such contracts.
Personal data processors
When an individual consents to receiving the newsletter, Solaris Keskus forwards their personal data to our contractual partner, who then prepares and sends the newsletter or makes the sending of the newsletter technically possible. Our IT service provider has access to the personal data processed by Solaris Keskus. Video surveillance data are processed by G4S.
Rights of data subject
An individual has the right to make enquiries about the processing of personal data related to them and to demand that the data be amended or deleted or that the processing of their personal data be restricted. An individual also has the right to lodge an objection to the processing of their personal data and to apply to have their personal data transferred if this is technically possible. Consent for the processing of data that is based on the granting of consent can be withdrawn at any time without it affecting the legality of the processing that took place prior to the consent being withdrawn. In connection with the processing of personal data, an individual has the right to submit a complaint to the Estonian Data Protection Inspectorate (www.aki.ee).
In order to exercise rights related to the processing of personal data or to obtain further information, please contact Solaris Keskus by e-mailing email@example.com.
Ensuring the security of personal data
Personal data are held and processed digitally and in secure environments in Solaris Keskus in cooperation with its contractual partners. Access to personal data is only provided to Solaris Keskus employees and its contractual partners for whom the processing of personal data is necessary based on the obligations arising from the contracts entered into with Solaris Keskus. Contractual partners are obliged to observe all legal acts regulating the protection of personal data. Solaris Keskus has implemented requirements in order to ensure the security of personal data processing by adopting both organisational and technical measures. The security measures for the processing of personal data are kept up to date and relevant, being added to and updated as necessary.