Privacy policy

PTT Recycling OÜ
ATI Grupp OÜ

1. General Provisions

1.1. These Privacy Policy terms have been drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation / GDPR), the Personal Data Protection Act of the Republic of Estonia, and the guidelines of the Estonian Data Protection Inspectorate.

1.2. The Privacy Policy regulates the principles of personal data processing by PTT Recycling OÜ (registry code 12973469) and ATI Grupp OÜ (registry code 10508923).

1.3. PTT Recycling OÜ and ATI Grupp OÜ, located at Peterburi tee 94h, Tallinn 13816, are jointly responsible for the processing of personal data and act as joint controllers (hereinafter collectively referred to as the Data Controller or we/our) regarding the personal data processing described in this Privacy Policy.

1.4. Both PTT Recycling OÜ and ATI Grupp OÜ are companies engaged in construction waste management and quarry area backfilling.

1.5. A data subject within the meaning of this Privacy Policy is a customer or any other natural person, including our employee, whose personal data is processed by the Data Controller (hereinafter referred to as the data subject or you/your).

1.6. A customer within the meaning of this Privacy Policy is anyone who uses our services, visits our website, or submits inquiries through our website.

1.7. By making an inquiry through our website, the data subject agrees to the terms of this Privacy Policy.

1.8. By sharing your personal data, you grant us the right to collect, use, and manage your personal data for the purposes specified in this Privacy Policy.

1.9. The Data Controller complies with the principles of personal data processing set out in legislation; among other things, the Data Controller processes personal data lawfully, fairly, and securely.

1.10. We implement organizational and technical measures in the processing and storage of your personal data to ensure the protection of your personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

1.11. The personal data collected, processed, and stored by the Data Controller is gathered electronically, primarily through inquiries submitted via the website and by email, but also on-site at the Data Controller's premises. Personal data entered by the data subject when submitting inquiries and requests is entered into the Data Controller's database and used to communicate with the customer, conclude a contract, or fulfill obligations arising from a contract.

2. Legal Basis for the Processing of Personal Data

2.1. The Data Controller processes the data subject's personal data on the basis of Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation as follows:

2.1.1. Point (a) – the data subject has given consent to the processing of their personal data for one or more specific purposes;

2.1.2. Point (b) – processing of personal data is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;

2.1.3. Point (c) – processing of personal data is necessary for compliance with a legal obligation to which the Data Controller (controller/joint controller) is subject;

2.1.4. Point (f) – processing of personal data is necessary for the purposes of the legitimate interests pursued by the Data Controller.

2.2. The source of personal data and the basis for its processing is the establishment of a customer relationship when submitting an inquiry or a request to conclude a contract via the website, or upon concluding a contract.

2.3. The processing of personal data may be a prerequisite for a contractual relationship. If the data subject does not provide the Data Controller with the personal data necessary for entering into or performing a contract, entering into or performing the contract may not be possible.

3. Processing of Personal Data

3.1. In most cases, we collect personal data directly from you. However, we may also collect your personal data from public sources, such as the Tax and Customs Board, the Commercial Register, or credit information providers, in order to fulfill contractual and legal obligations.

3.2. When using our services and communicating with us, we primarily process the following personal data of the data subject:

3.2.1. first and last name;

3.2.2. telephone number;

3.2.3. email address;

3.2.4. the company or organization you represent;

3.2.5. job title;

3.2.6. address.

3.3. During employee recruitment and personnel work, we primarily process the following personal data of the data subject:

3.3.1. first and last name;

3.3.2. telephone number;

3.3.3. email address;

3.3.4. residential address;

3.3.5. personal identification code;

3.3.6. bank account details;

3.3.7. if necessary, other personal and family data to fulfill obligations arising from the Employment Contracts Act.

4. Purpose of Processing Personal Data

4.1. We process your personal data for the purpose of providing our services to you, responding to your inquiries, fulfilling legal obligations, and/or fulfilling obligations arising from and managing contracts concluded with you or the company you represent. We also process personal data to resolve queries or legal disputes arising from a contract or the provision of services.

4.2. In employee recruitment and personnel work, we process personal data with the aim of concluding an employment contract or other contract under the law of obligations with you, and to fulfill obligations arising from the employment contract, other contracts, and the Employment Contracts Act.

5. Retention of Personal Data

5.1. We store your data primarily depending on the purpose of the processing and up to the term prescribed for the Data Controller by legislation.

5.2. Inactive customer information is retained for three years, after which the personal data is permanently deleted, except when such data must be retained for accounting purposes or dispute resolution.

5.3. In the event of disputes related to payments and claims, your personal data will be retained until the claim is satisfied or the limitation period expires.

5.4. Personal data required for accounting purposes is retained for seven years.

5.5. Personnel-related personal data is retained for ten years after the termination of the respective employment relationship.

6. Sharing and Disclosure of Personal Data

6.1. We have the right to share customers' personal data with third parties who act as authorized processors (data processors), such as accounting firms, transport companies, transfer service providers, and IT and administrative service providers.

6.2. The Data Controller undertakes not to transfer customers' personal data to other third parties, unless the obligation to transfer personal data arises from the law.

6.3. The transfer of personal data to authorized processors takes place on the basis of contracts concluded with them. Authorized processors are required to ensure appropriate safeguards when processing personal data.

6.4. The Data Controller does not transfer personal data to third countries.

6.5. If the Data Controller needs to transfer personal data outside the European Union or the European Economic Area, the Data Controller ensures an adequate level of protection in accordance with the General Data Protection Regulation, including the existence of an adequacy decision by the European Commission, appropriate safeguards, or another legal basis provided by law.

6.6. If the destination country does not ensure a level of personal data protection equivalent to European Union law and no other appropriate legal basis or safeguard exists for the transfer, the Data Controller will notify the data subject thereof in writing and, if necessary, request separate consent from the data subject for the transfer of personal data.

7. Video Surveillance

7.1. Video surveillance is used on our territory.

7.2. The use of video surveillance is notified by a corresponding sign placed in a visible position.

7.3. Video surveillance is used on the basis of our legitimate interest for the following purposes:

7.3.1. protecting the company's property;

7.3.2. detecting unauthorized entry of unauthorized persons into the territory or buildings;

7.3.3. ensuring the safety of customers, employees, and other persons present on the territory;

7.3.4. resolving potential legal disputes, customer complaints, or other claims;

7.3.5. identifying incidents and discrepancies on-site;

7.3.6. clarifying the circumstances of an event, the perpetrator of an offense, or the person who caused damage in the event of damage to a person's health or property, or causing the death of a person.

7.4. The video surveillance system operates on the principle of overwriting recordings. The storage capacity of the video surveillance system is 30–40 days. The accumulation of storage capacity and the exact retention time of recordings depend on the intensity of recording. When the storage capacity is full, the new information overwrites the old information, after which older recordings automatically become unavailable.

7.5. Recordings may be retained for longer if proceedings have been initiated before the recordings are deleted, or if there is a justified need to initiate proceedings to investigate a committed violation, incident, or other occurrence, and the retention of the recording is necessary for this purpose. In such cases, relevant recordings will be stored until the respective incident, proceeding, or claim is resolved.

7.6. We have implemented necessary organizational and technical measures to protect recordings against accidental destruction, unauthorized access, disclosure, or other unjustified processing. Access to recordings is limited to a restricted circle of persons whose duties are directly related to achieving the objectives mentioned above.

7.7. Recordings may be transferred to law enforcement agencies and other state and local government authorities solely on the grounds and to the extent provided by law, primarily for processing an offense or for preparing, presenting, or defending legal claims.

8. Rights of the Data Subject

8.1. You have the right to receive information about the processing of your personal data.

8.2. You have the right to access your personal data that the Data Controller holds and processes about you.

8.3. When inquiring about your personal data, we have the right to verify your identity beforehand.

8.4. You have the right to supplement or correct inaccurate data about yourself.

8.5. If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact us by email at info@pttr.ee.

8.6. You have the right to erasure of your personal data. To request the erasure of personal data, you must contact us by email at info@pttr.ee.

8.7. Requests for erasure will be answered no later than within one month, specifying the period for data erasure. If necessary, the response to your request will also point out those personal data that cannot be deleted due to a statutory retention obligation.

8.8. If you have any questions about how we process your personal data, you can contact us by email at info@pttr.ee.

8.9. If you find that a breach of personal data processing has occurred in relation to your data or that the Data Controller has violated your rights during the processing of personal data, you have the right to appeal to the Andmekaitse Inspektsiooni or a court at any time to protect your rights.

9. Final Provisions

9.1. The data subject is responsible for ensuring that the data provided by them is accurate, correct, and complete. The deliberate provision of false data is considered a violation of the Privacy Policy. The data subject is obliged to immediately notify the Data Controller of any changes in the provided data.

9.2. The Data Controller is not liable for damage caused to the data subject or third parties due to the provision of false data by the data subject.

9.3. The Data Controller reserves the right to change the terms of the Privacy Policy at any time if necessary, making its latest valid version available on this website.