PRIVACY POLICY FOR CUSTOMERS 

Last updated  04.04.2024 

This Privacy Policy (hereinafter “Policy”) informs you how Ramirent Modular Factory AS collects, uses or shares your personal data in connection with your customer or other contractual relationship with Ramirent Modular Factory AS. Please read this Privacy Policy carefully.

1. DATA CONTROLLER 

The data controller for your personal data in accordance with the applicable data protection law is Ramirent Modular Factory AS (hereinafter together “Ramirent”, “we”, “us” or “our”). Ramirent is responsible for ensuring that your personal data is processed in compliance with this Policy and applicable data protection laws. 

Contact details of the data controller: 

Ramirent Modular Factory AS  

Business ID: 14636247 

Address: Gaasi tee 4, Rae vald, Lehmja küla, 75306, Estonia 

Phone: +372 650 1060 

Contact details of the privacy officer: 

Address: Gaasi tee 4, Rae vald, Lehmja küla, 75306, Estonia 

Phone: +372 650 1060  

Email: privacy@ramirent.ee  

2. COLLECTION OF PERSONAL DATA 

We may collect your personal data through different means, which are explained below. As a rule, the personal data processed by us is provided by you upon your purchase of modules from us, or otherwise being in touch with us (for example, through our customer service). We may also collect personal data from external sources, such as publicly available directories. The personal data we collect includes e.g. the following categories of data: 

• General personal data, such as name, date of birth and personal identification code; 
• Contact details, such as email address, address and phone number. From business customers, we may also collect relevant information concerning your position and contact details within the company you represent, as well as authorisation (representative) information;  
• Information relating to customer relationship, such as customer or quarantor interaction, customer or quarantor contacts and replies, feedback and surveys on the quality of the services provided by us, billing and credit information, information on modules and details of the contract you have entered into;  
• Language preferences; 
• Solvency assessment and debt data (including beginning and end date of the indebtedness, amount of debt and other data received from debt recovery companies or credit information companies); and 
• Correspondence or other data formed in the context of the performance of the contract. 
• IP address, authentication and signing data in the self-service portal (activity type and result, time stamp, means of authentication or signing, unique customer identifier);
• your image on video surveillance recordings when you visit our offices.

3. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA 

We process personal data for the following purposes and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data and the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) on the basis of Article 6 paragraph 1 point a (data subject’s consent), b (for the execution of the contract or for taking measures prior to the conclusion of the contract, respectively), c (for the fulfillment of the controller’s legal obligation) and f (legitimate interest). 

1. Service provision and managing your customer relationship 

The primary purpose of collecting your personal data is to provide our services to you, to perform a contract or to prepare the contract, and to manage and maintain the customer relationship between us and you/the company you represent as a manager, employee, representative, or in any other capacity. In this case, our processing of personal data is based on the contract between you and us, or on our legitimate interest if the contract is between the company you represent and us. We aim to process any personal data for this purpose in an appropriate, fair and effective manner. 

2. Marketing

We may send you emails to inform you about new features of our services, ask you for feedback, or provide you other relevant information about our services. Your personal data may also be processed to target advertisements to you in other ways, such as in your web browser. In this respect, processing of personal data is based on our legitimate interest to provide you relevant information about Ramirent, promote our services to you, and to improve the current business model. You may opt-out from marketing communications at any time.  

Where applicable law requires your consent to send marketing communications, we will process your personal data for this purpose only on the basis of your consent. 

3. Service development and information security

We also process personal data to improve the quality of our services and to develop new ones. In these cases, the processing of personal data is our legitimate interest to ensure that we have sufficient and relevant information at hand to develop our services. 

4. Billing related data 

We also process personal data to fulfil our obligations under applicable accounting and tax laws. In these cases, the processing of personal data is based on mandatory legal provisions which require that we store certain data for accounting purposes. 

5. Data related to assessment of solvency and debt recovery

We also process personal data to evaluate your solvency or that of the company you represent. We also carry out this assessment with a purpose to manage information about your debts to us and your solvency potential.  

If our invoices have not been duly paid or our equipment returned within the indicated term we may process personal data for publishing the relevant information in accordance with applicable law in any debtor registers (such as Creditinfo Eesti AS, https://www.creditinfo.ee/), legal service providers and databases with an aim to encourage the recovery procedure of the debt. In such cases the processing of personal data is our legitimate interest to ensure that we have confidence to carry out our business, as well as to ensure the protection of our business interests, and our interest to receive the payment for our services.  

6. Data related to legal claims

If necessary, we may process personal data to pursue our legitimate interest to establish, exercise or defend legal claims, arising from the contract concluded between us or between us and the company you represent.  

7. Video surveillance in our offices for security and property protection

Video surveillance is used in our offices. The purpose of video surveillance is to protect Ramirent’s property against theft and illegal damage, to collect evidence of incidents (theft, damage to property, etc.) and  if necessary gather information of  the condition of equipment and tools upon their return.  

4. TRANSFERS AND DISCLOSURES OF PERSONAL DATA 

We may disclose personal data to third parties: 

• when permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings; 
• when our trusted services providers provide services to us on behalf of us and under our instructions. We will control and be responsible for the use of your personal data at all times; 
• when necessary to encourage a recovery procedure of a debt; please note that we have the right to transfer the personal data to the companies providing debt recovery services in accordance with applicable law, from the moment when you breach your contractual obligations in accordance with the contract concluded between us; 
• if we are involved in a merger, acquisition, or sale of all or a portion of our assets; and 
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. 

Specifically, we may disclose personal data to: 

• our employees responsible for cooperation with the client and relationship support, as well as carrying out accounting, IT maintenance, business analytics and business planning functions; 
• suppliers, auditors and controllers of IT systems and cloud services used by us to manage relationship with clients; 
• Estonian Tax and Customs Board and other state institutions, when such data transfer is required by law; 
• banks; 
• our data processors and other entities involved in the performance of the contract; 
• entities, assisting to exercise our rights arising from the provisions of the contract (entities, providing debt collection and recovery services, legal consultants, courts, credit information companies, etc.); 
• to security service providers and law enforcement agencies that are engaged in the investigation of crimes or process claims by us, you or third parties; 
• potential merger, acquisition, or sale of all or a portion of our assets parties. 

5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EEA 

As a rule, we do not transfer your personal data outside the European Union and the European Economic Area. In certain cases, however, we may do so if it is necessary to achieve the purposes of processing the personal data. In this case, we will take the necessary measures to ensure that the protection of your personal data and the transfer of personal data outside the EEA comply with the applicable requirements. If we transfer personal data to countries where an adequate level of personal data protection is not guaranteed, Ramirent implements protective measures required by legislation, for example using standard data protection clauses approved by the European Commission in contracts concluded with service providers. If you want more information about the transfer of personal data and the protection measures implemented by Ramirent, contact us using the contact details given in point 1 or by filling out the contact form. 

6. COOKIES

We also use cookies and other similar techniques on our website at https://modules.ramirent.ee/. Cookies are small text files placed on your device to collect and remember useful information, to increase the functionality of our website and to make it easier to use. We may also use cookies and other similar techniques for statistical purposes to compile anonymous, aggregated statistics thereof, concerning e.g. the use of the website, allowing us to understand how users use the website and improve user experience.  

You can set your web browser not to accept cookies, limit the use of cookies or remove cookies from the browser. However, as cookies are an important part of how our website works, limiting the use of cookies may affect the functionality of the website.  

To learn more about how we use cookies, please see our cookie policy https://modules.ramirent.ee/cookie-principles/.  

7. RETENTION OF PERSONAL DATA 

Your personal data will be retained only for as long as necessary to fulfill the purposes defined in this Policy or in accordance with applicable law.  

Most of your personal data will be retained during the course of your customer relationship with Ramirent. Some personal data might be retained after your customer relationship with us has ended, if required or allowed by applicable laws. For example, we keep accounting related documents such as documents serving as the accounting source documents (e. g.  invoices) for 7 years as of the end of the corresponding financial year, as required by applicable law. Video surveillance recordings are stored for a maximum of one month, unless a longer storage period is necessary to resolve legal claims or disputes. When your personal data is no longer required by law or rights or obligations by either party, we will delete your personal data. 

8. YOUR RIGHTS 

You have a right to access personal data we process about you. You may access, correct, update, change or remove your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, you may not remove such personal data. 

You have a right to object for certain processing. To the extent required by applicable data protection law, you have a right to restrict data processing. 

You have a right to data portability, i.e. right to receive your personal data in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.  

Your right not be subject to the decisions made solely upon automated data processing, including, profiling, is respected, as the human element always takes part in the final decision making of Ramirent. 

Please send above-mentioned requests to us through our contact form. 

If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. In Estonia, that is the Estonian Data Protection Inspectorate. You can find contact details of the Estonian Data Protection Inspectorate here: http://www.aki.ee.  

9. SECURITY 

We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to authorized employees and contractors who need to know the information in the course of their work tasks. 

Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches. 

10. CHANGES TO THIS POLICY 

We may change this Policy from time to time. If we make any changes to this Policy, we will let you know it on our website at https://modules.ramirent.ee/, where you will also find the latest version of this Policy. 

11. CONTACT US 

If you have any questions regarding this Policy or the personal data we process about you, please contact us by using our contact from.