Trust of individuals whose personal data we process and ensuring compliance with the applicable laws are of paramount importance to us. We would like to inform you about our rules for collecting, processing, securing, transferring and using personal data, and provide the contact details of individuals whom you can contact with any issues concerning your personal data.

According to the requirements of REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “Regulation”, we would like to share with you the following information:

1. Controller of personal data

The controller of your personal data, hereinafter referred to as “Controller”, is:

Milo Solutions OÜ, Kentmanni 4-2K Tallin 10116 Estonia (hereinafter referred to as: Milo)

The Controller is responsible for the use of personal data in a safe manner, according to the purpose for which such data has been collected and in compliance with the applicable laws.

2. Controller’s contact details

Email: info@milosolutions.com

Postal address: Milo Solutions OÜ, Kentmanni 4-2K Tallin 10116 Estonia

3. General provisions:

We use the collected personal data only for specific and legally justified purposes. The scope, purpose, period and legal basis for such processing as well as the categories of recipients are regulated by the laws binding on the Controller, and depend on the nature and scope of activities of the data subject.

4. Purpose of data processing, legal basis and storage period of personal data:

Purpose of data processing: Taking steps at the request of the data subject prior to entering into a contract (e.g. preparing an offer)

Legal basis for processing: Article 6(1)(b) of the Regulation (“ contract performance”)

Storage period: The data is stored for a period necessary for the performance, termination or expiry of the contract, or for a period after which possible claims become time-barred.

Purpose of data processing: Direct marketing (directing specific, personalised messages at carefully selected individual customers in order to elicit a direct reply)

Legal basis for processing: Article 6(1)(f) of the Regulation (“legitimate interests pursued by the Controller”)

Storage period: The data is stored for the duration of the legitimate interests pursued by the Controller and for a period after which possible claims become time-barred. If a data subject effectively objects to the use of their personal data, the Controller will no longer process the data for the purpose of direct marketing.

Purpose of processing: Sending information and advertising content concerning Milo’s offers by means of electronic communication

Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)

Storage period: The data is stored until the data subject withdraws their consent to the continued processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.

Purpose of data processing: Expression of an opinion by a Customer

Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)

Storage period: : The data is stored until the data subject withdraws their consent to the continued processing for this purpose.

5. Recipients of personal data

In order to perform a contract and to ensure the proper functioning of the Controller’s websites, the Controller uses services provided by third parties who work with the Controller (e.g. postal and courier service providers, and payment processors). The personal data is transferred to third parties only when and as necessary to achieve the purpose of processing. Third parties may use the transferred personal data only for the purpose of fulfilling the task entrusted to them by the Controller.

The personal data may be transferred to the following recipients who work with the Controller:

• postal, courier and similar service providers to the extent necessary for the purpose of deliveries and correspondence;
• providers of software, graphic, accounting, administrative services;
• providers of technical support for the Controller and providers of IT solutions which allow the Controller to pursue its business activity (e.g. software, e-mail and hosting providers): the Controller provides the personal data to a trusted provider whom it has commissioned only when and as necessary to achieve the purpose of processing;
• providers of solutions allowing customer opinions to be expressed/published: to the extent necessary for expressing an opinion.
• Mailchimp, for email communications related to marketing and updates, and Calendly, for scheduling purposes;

6. Transferring data outside the European Economic Area

The personal data may be transferred outside the European Economic Area (which includes the European Union, Iceland, Liechtenstein and Norway) to Google LLC based on adequate legal safeguards, such as the standard contractual clauses concerning the protection of personal data approved by the European Commission. See also section 9. Online analysis.

The personal data may be transferred outside the European Economic Area when the data recipient cooperates with Milo and provides software/ graphic services and have his headquarters there. Another case is a client having the headquarters outside the European Economic Area.

7. Rights of the data subject whose data is being processed by the Controller (i.e. YOU)

No consent to the processing of the personal data is required if, among other things: the processing is necessary for the performance of a contract or for taking steps prior to entering into a contract the processing is necessary for compliance with a legal obligation to which the Controller is subject or necessary for the purposes of the legitimate interests pursued by the Controller. If a consent is necessary to be able to process the personal data for a specific purpose (e.g. consent to the use of cookies), the Controller will ask for such a consent. Your consent can be withdrawn at any time.

If it is withdrawn, the data will no longer be used for the purpose covered by the concerned, but withdrawing the consent will not affect the legality of any processing activities which were performed based on the consent before its withdrawal.

According to the rules stipulated by the Regulation, the data subject also has the right to demand that the Controller provide access to their personal data, and to demand rectification, erasure (the right to be forgotten) or restriction of processing, and the right to object to processing as well as a right to data portability.

If the personal data is processed for the purpose of direct marketing, an objection can be made at any time to the processing of such data for marketing purposes, including profiling, to the extent to which the processing is linked to direct marketing.

In order to exercise the above rights, a request should be delivered to the Controller by e-mail, by letter, using the contact details provided in the introduction. To verify that the individual submitting the request is authorised to do so, the Controller may ask for additional information to confirm his/her identity.

The Regulation stipulates the extent to which each of these rights can be exercised. In particular, it will depend on the legal basis and the purpose for which the personal data is processed by the Controller. The above rights can be exercised free of charge once every 6 months. According to Article 12 of the Regulation, if requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may charge a reasonable fee.

The data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for the Protection of Personal Data (Urząd Ochrony Danych Osobowych).