1. THE DATA CONTROLLER
The controller of your personal data within the meaning of the current legislation on personal data protection is United Capital OÜ (hereinafter „UC Rent“ or „we“). UC Rent processes your personal data in compliance with this Policy and the current legislation on personal data protection.
The controller’s contact information:
United Capital OÜ
Registry code: 11373684
Address: Vana-Narva mnt 29, Maardu, 74114 Estonia
Phone: +372 609 6392
2. WHICH DATA DO WE COLLECT AND USE?
We may collect your personal data by various means described below. Your personal information is normally submitted to us by yourself when you rent equipment from us or communicate with us in some other way (e.g. via forms on our website, the self-service environment or the customer service). We may also collect your personal data from external sources such as public databases. We collect the following personal data, among others:
- general personal data such as name, birth date and personal code, details and a copy of the identity document;
- contact information such as e-mail address, address and phone number. In case of business clients, we may also collect information on your position and contact information at the company represented by you and information on the authorisation (right of representation);
- information concerning the contractual relationship, including contacts with the customer or the guarantor, submissions and replies from the customer or the guarantor, feedback and surveys about the service provided by us, invoice and payment information, details of the rented equipment and details of the contract concluded with you;
- and the communication language used;
- solvency assessment and debt information (including the start and end date of a debt, debt amount and other data obtained from debt collection companies or credit information companies); and
- communication and other data collected or created in the course of the performance of the contract;
- IP address, details of authentication and signing in the self-service environment (type and result of an action, timestamp, authentication or signing tool, unique customer identifier)
3. THE PURPOSE AND LEGAL BASIS OF PROCESSING OF PERSONAL DATA
We process personal data for the purposes indicated below and on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 6(1)(a) (the data subject’s consent), (b) (for the performance of a contract or taking steps prior to entering into a contract), (c) (compliance with a legal obligation to which the controller is subject) and (f) (vital interest).
- 1. 3.1. Provision of services and administration of the contractual relationship
- 1. 3.2. Marketing
If sending of marketing messages requires your consent pursuant to applicable law, we will process your personal data for this purpose solely with your consent.
- 1. 3.3. Development of services and data security
- 1. 3.4. Accounting
- 1. 3.5. Information concerning solvency assessment and debt collection
We also process personal data for the purpose of assessing your solvency or the solvency of the company represented by you. This assessment is also made for the purpose of administering the information about your debts to us and about your solvency potential.
If our invoices are not duly paid or our equipment returned in time, we may process personal data for the purpose of disclosing relevant information in debtor databases (e.g. Creditinfo Eesti AS, https://www.creditinfo.ee/), by providers of legal services and in databases intended for improving the efficiency of debt collection, in compliance with applicable law. In this case, the processing of personal data is based on our vital interest to ensure the functioning of our business while also protecting our business interests and our interest to obtain payment for our services.
- 1. 3.6. Information concerning legal claims
- If necessary, we may process personal data in order to pursue our vital interest to submit, process or secure legal claims resulting from the contract concluded between us and you or us and the company represented by you.
4. SHARING AND DISCLOSING PERSONAL DATA
We may disclose your personal data to third parties:
- if this is permitted or mandatory pursuant to the legislation, e.g. at the request of competent authorities or in connection with court proceedings;
- if our trusted service providers provide services to us or provide services on our behalf in accordance with our instructions. The use of your personal data is always controlled by us and we assume the responsibility for it;
- if improving the efficiency of a debt recovery procedure proves necessary; please note that according to applicable law, we are entitled to transfer personal data to debt collection companies from the moment of your breach of obligations stipulated in the contract concluded with us.
- in case of a merger or acquisition of us or sale of our company or a part of it; and
- if we assume in good faith that such disclosure is necessary for protecting your rights, for the interests of your or others’ safety, for fraud investigation or for replying to inquiries from authorities.
- to our employees who are responsible for customer cooperation and supporting customer relations, as well as employees in the accounting, IT support, business analyses and business planning functions;
- to providers of IT systems used for the administration of our customer communication, cloud service providers and auditors;
- to the Estonian Tax and Customs Board and other public authorities if such disclosure of data is required by law;
- our data processors and other persons involved in the performance of the contract;
- persons who assist us in exercising our contractual rights (providers of debt collection services, legal consultants, courts, credit information companies etc.);
- parties involved in potential mergers or acquisitions or complete or partial sale of our assets.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
We never transfer your personal data outside the European Union and the European Economic Area.
7. STORAGE OF PERSONAL DATA
We only store your personal information as long as necessary for achieving the purposes described in this Policy or in accordance with applicable law.
Most of your personal data are stored up to the expiry of the customer relationship between you and UC Rent. Certain personal data may also be stored after the expiry of the customer relationship if this is required or permitted by the current legislation. E.g. original accounting documents (such as copies of rental contracts, invoices) are stored for 7 years from the end of the respective financial year pursuant to applicable law. If the storage of your personal data is no longer necessary pursuant to the legislation or for the rights or obligations of either party, your personal data will be erased.
8. YOUR RIGHTS
You have the right to access your personal data processed by us. You are entitled to access the data at any time, rectify, update, amend or erase them. Please note, however, that certain data are essential for achieving the purposes described in this Policy or required by the legislation. Such data cannot be erased by you.
You have the right to object to certain processing. Under conditions imposed by the data protection legislation, you have the right to restrict the processing of your data.
You have the right to data portability under conditions imposed by the data protection legislation, i.e. the right to obtain your personal data in a structured, commonly used and machine-readable form so that you may transfer them to another data controller without hindrance.
Your right not to be subject to decisions based solely on automated processing, including profiling, is respected, as human intervention is always included in the final decision-making by UC Rent.
Please send your requests for exercising the above-mentioned rights to us via the e-mail address email@example.com
If you believe that we have processed your personal data in an unlawful manner, you are entitled to submit a complaint to the data protection authority in your country. The relevant authority in Estonia is the Data Protection Inspectorate. The contact information of the Data Protection Inspectorate can be found at: www.aki.ee.
We use up-to-date technical and organizational measures (including physical, electronic and administrative means) to protect personal data from loss, destruction, misuse and unauthorised access or disclosure. For example, we only allow access to your personal data for authorised employees and contractors who need them in order to perform their duties.
Please take into account that no system can entirely eliminate all possible security risks, although we strive to protect the security of personal data with reasonable means.
10. AMENDMENT OF THE POLICY
This Policy may be subject to amendment. If we amend the Policy, you are informed about this on our website www.ucrent.ee, where the latest version of the Policy is also available.
11. OUR CONTACT INFORMATION
Should you have any questions about this Policy or your personal data processed by us, please contact us via email at firstname.lastname@example.org