Privacy Statement

At Circons Group OÜ (hereinafter referred to as “Circons Group” or “we” or “us”) we value privacy and personal data protection and follow the principles of data processing set out in this privacy policy. We consider integrity and confidentiality of personal data of utmost importance and guarantee lawfulness of personal data processing. The privacy policy explains how we collect and use personal data including our website www.circonsgroup.com.



  1. Terms and definitions

1.1. Personal data – means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

1.2. Processing of personal data – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

1.3. Controller –  means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

1.4. Processor - means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

1.5. Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

1.6. Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

1.7. Data subject – person whose personal data is processed (e.g. client who is a natural person, website user or a contact person of a legal entity client).

  1. Principles

2.1. Circons Group and the processors working for us process person data adhering to following principles:

2.1.1. lawfulness, fairness and transparency – the processing is lawful, fair and transparent to the data subject;

2.1.2. purpose limitation – collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

2.1.3. data minimisation – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

2.1.4. accuracy – the personal data is accurate and up to date; we take all reasonable measures to ensure that inaccurate personal data is deleted or corrected;

2.1.5. storage limitation – kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

2.1.6. integrity and confidentiality – processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

  1. Security of processing

3.1. Circons Group applies necessary, and appropriate to risk, organisational, physical and technological measures to protect personal data. These measures include rules and procedures for employees, for managing data and IT infrastructure, internal and external networks and also protecting all the equipment and the building of Circons Group.

3.2. Circons Group has provided relevant training to all employees processing personal data.

3.3. Circons Group may use processors to process personal data, we ensure that all our processors process personal data in accordance with our instructions, applicable law and taking all appropriate organisational and technological security measures.

  1. Lawful basis of processing

4.1. Circons Group processes personal data to ensure performance of a contract, to comply with legal obligations, out of legitimate interest, or on the basis of data subject’s consent.

4.1.1. We process personal data to ensure performance of a contract is used when we have concluded a contract and the contractual aim is not achievable without processing personal data.

4.1.2. Legal obligations of processing includes all personal data processing under relevant laws and regulations for example Employment Contracts Law, the Money Laundering and Terrorism Financing Prevention Act, the Auditors Activities Act or the Accounting Act.

4.1.3. We process personal data on grounds of legitimate interest to improve the quality of our services and for the purpose of business development. To ensure that our legitimate interest doesn’t breach data subjects’ fundamental freedoms and rights we conduct a three part test to guarantee that the processing is purposeful, required and proportional to the stated purpose.

4.1.4. When processing personal data with consent as a lawful basis we only process specifically what data subject has consented to. The consent is freely given, specific and informed. Data subjects can take back consent at any given time and as easily taken back as it was given.

  1. Data controller or data processor and collection of data

5.1. Circons Group can be a controller or a processor in various data processing operations. To ensure data subjects privacy rights Circons Group abides by confidentiality principles and strictly limits disclosure of personal data.

5.2. Only the persons authorised by Circons Group have the right to modify and process personal data.

5.3. Circons Group processes personal data received directly from the data subject (i.e. person who submitted the personal data) or indirectly (through corporate clients). Personal data received indirectly is processed by Circons Group only if we have a need to process the personal data in order to provide a service, such as payroll accounting, to a corporate client.

  1. Types of personal data

6.1. personal data: first and last name, personal number (ID code);

6.2. contact details: e-mail address, contact telephone number, postal address (place of residence);

6.3. personal data obtained indirectly, which we process to provide an assurance, internal audit, accounting or advisory services, may include, among other things, the following: first and last name, personal number (ID code), number of children, marital status, e-mail address, contact telephone number, postal address (place of residence), remuneration, bank account number, companies’ shareholders, owners and beneficial ownership;

6.4. Internet data: data on website visitors’ sessions, cookies, log data and IP addresses.

  1. Purposes of processing personal data

7.1. The purpose of processing the personal data specified in clause 6 of this privacy policy is to:

7.1.1. provide assurance and internal audit service pursuant to the Auditors Activities Act and other relevant legal acts;

7.1.2. provide accounting service pursuant to the Accounting Act and other legal acts;

7.1.3. offer tax, legal and other advisory services;

7.1.4. provide corporate services pursuant to the Commercial Code and other legal acts;

7.1.5. send out newsletters and conducting client satisfaction studies;

7.1.6. process purchase and sales invoices;

7.1.7. comply with legal obligations and activities resulting thereof.

  1. Retention of personal data

8.1. Circons Group retains personal data only as long as this is necessary to fulfil the purpose for which the personal data is processed, unless there is an applicable legal obligation stating otherwise. We retain data as follows:

8.1.1. according to the Auditors Activities Act data collected in the process of assurance service is retained for 7 years;

8.1.2. accounting documents must 7 years as stipulated in the Accounting Act;

8.1.3. data collected on the basis of the Money Laundering and Terrorism Financing Prevention Act shall be retained for 5 years after the end of the business relationship.

8.2. Circons Group retains other data until the end of the respective retention term specified in the company’s personal data processing inventory.

8.3. Circons Group shall securely destroy and/or delete all personal data that has fulfilled its purpose or upon expiring of the retention term.

  1. Third parties and data processors

9.1. Strictly limited by necessity and pursuant to the purposes, Circons Group may forward personal data to third parties and data processors for the following purposes:

9.1.1. for issuing sales invoices;

9.1.2. for client relationship management;

9.1.3. to partners to improve the quality of our services.

9.2. Regardless of access restrictions, Circons Group shall release a document to an organisation or a person who has the legal right to request the data (e.g. police, court, supervisory authority etc).

  1. Rights of the data subject

10.1. The data subject has the right to receive information regarding processing of their personal data. Data subjects can obtain a copy of their personal data held by Circons Group  by submitting a request via email to circons@circonsgroup.com.

10.1.1. Circons Group has a legal obligation to make sure that a person requesting information about themselves is indeed the person who has the right to receive the data. For this reason, the requesters may have to prove their identity or right to request the data.

10.2. The data subject has the right to deletion of personal data if the processing of personal data took place on the basis of consent.

10.3. The data subject has the right to restrict the processing of personal data.

10.4. Where feasible a data subject has the right to data portability.

10.5. The data subject has the right to lodge a complaint to the Data Protection Inspectorate regarding processing of personal data.

  1. Cookies

11.1. A cookie is a text file that a web browser automatically saves in the device used by the user.

11.2. The website administered by Circons Group OÜ, www.circonsgroup.com, uses cookies to monitor performance of our website, for security measures, improve user experience and remarketing.

11.3. We also use cookies to gather anonymous and generalised statistics on the number of website visitors and information on how the website is used to improve our website's user-friendliness.

11.4. The website administered by Circons Group OÜ, www.circonsgroup.com, uses the following cookies:

PurposeDescriptionType & Expiry
Performance (i.e., User's Browser)Our website is built using common internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).Session
Deleted upon closing the browser
Security
Cookies		If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas. Session
Deleted upon closing the browser
Site
Preferences		Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalising a greeting or content). This will apply to areas where you have registered specifically for access or create an account.Session
Deleted upon closing the browser
Analytical We use several third party analytics tools to help us understand how site visitors use our website.
This allows us to improve the quality and content on circonsgroup.com for our visitors and may also be used to provide targeted communication, marketing and content creation. The aggregated statistical data cover items such as total visits or page views, and referrers to our web sites.		Persistent, but will delete automatically after two years if you no longer visit circonsgroup.com

11.4.1. LinkedIn Insight Tag cookies to deliver targeted advertisements as well as to analyse the website flow generated by the latter. Therefore, this entails the tracking of the user’s web traffic by LinkedIn.

11.4.2. Facebook Pixel cookies to deliver targeted advertisements as well as to analyse the website flow generated by the latter. Therefore, this entails the tracking of the user’s web traffic by Facebook.

11.4.3. Google Analytics cookies to deliver targeted advertisements as well as to analyse the website flow generated by the latter. Therefore, this entails the tracking of the user’s web traffic by Google.

11.4.4 All the aforementioned cookies collect information in an anonymous form.

11.5. It is possible to refuse or block cookies on the device, this may mean that the website may not function properly and all services may not be available. To refuse or block cookies you need to change your browser settings.

11.5.1. To remove the cookies the user can simply go to the browser's settings and either reset the browser or manually remove the specific cookies in the designated section. You can read more about managing and deleting cookies from the following webpage: http://www.allaboutcookies.org.

  1. Changes to the privacy policy

Circons Group may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page.

  1. Contact information

13.1. If you have any issues, concerns or suggestions pertaining to processing of personal data, contact the controller using the following contact details:

Our Contact Details

Circons Group OÜ

+372 58164161

circons@circonsgroup.com

This site uses cookies and technical data collection services. By continuing to use our site, you automatically agree to the use of these technologies.