Privacy policy

Compliance Control OÜ Privacy Notice: Website visitors, Job candidates, Clients, Partners.


Compliance Control OÜ is committed to protecting the confidentiality and privacy of information entrusted to us. Generally, our intent is to collect only the personal information that is provided voluntarily by you so that we can offer information about our services to you or to the Company you represent. This Privacy Notice is intended to set out your rights and answer any questions you may have about your personal information. Please review this Privacy Notice to learn more about how we collect, use, share and protect the personal information that we have obtained.

If you need more information, please contact us at +3726004464.

This Privacy Notice applies to the information processed via electronic resources of Compliance Control OÜ, including the web site as well as other web sites and resources of the Company or its third-party contractors that contain the link to this Privacy Notice.

Data processing details

Below you can find details on the purposes for which Compliance Control OÜ collects and further processes personal data, legal basis for each, actual data processed and period for which data is stored in each case. All the data is collected directly from you.

Purpose of processingLegal basisProcessed dataDuration of processing
provide you with such information as you may request from the Company via the ‘Contact Us’ website form;ConsentName
Email
6 months after the form is submitted
maintain communication with you as a representative of your organization regarding preparing and entering into a Services AgreementContractNameFor the duration of the contract
Ensure proper website functionalityConsentCookieIn accordance with Cookie Policy.

Your personal data is processed in Tallinn, Estonia located in Estonia Hosting and storage of your data takes place in external Data Center.

Compliance Control OÜ may involve staff and consultants from its affiliated companies located in Russian Federation and Ukraine for rendering services to you. As the Commission has not made an adequacy decision regarding those countries, whenever the data transfer is required there are Standard Contractual Clauses in place as a part of service agreement.


Automated decision-making

Compliance Control OÜ Does not apply any automated decision making.

What are your rights

As the Data Controller, Compliance Control OÜ respects and guarantees the following rights of each Data Subject:

  • Right to obtain confirmation as to whether or not his or her personal data is being processed (Article 15 of the EU GDPR);
  • Right to rectification (Article 16 of the EU GDPR);
  • Right to erase personal data, or “right to be forgotten” (Article 17 of the EU GDPR) if one of the following applies: (i) the personal data is no longer necessary in relation to the purposes for which was collected or otherwise processed; (ii) Data Subject objects to the processing and there are no overriding legitimate grounds for the processing; (iii) the personal data have been unlawfully processed;
  • Right to restrict personal data processing (Article 18 of the EU GDPR) if one of the following applies: (i) the accuracy of the personal data is contested (during the period when Sumsub is able to verify its accuracy); (ii) the processing is unlawful and the Data Subject objects to the erasure of the personal data and requests to restrict their use instead; (iii) Sumsub no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject to establish, exercise or defend legal claims; (iv) the Data Subject has objected to processing pending the verification whether Sumsub legitimate grounds override those of Data Subject;
  • Right to be informed as to rectification or erasure of personal data or restriction of their processing (Article 19 of the EU GDPR);
  • Right to data portability (Article 20 of the EU GDPR);
  • Right to object to personal data processing (Article 21 of the EU GDPR) if the processing is justified by the “public interest” or “legitimate interest” legal ground as set out in point (e) and (f) of Article 6(1) of the GDPR;
  • Right not to be subject to a decision based solely on automated processing (Article 22 of the EU GDPR) unless one of the following applies: (i) such decision is necessary for entering into, or performance of, a contract between the Data Subject and Sumsub; (ii) such decision is authorized by the law to which Sumsub is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, or (iii) such decision is based on the Data Subject’s explicit consent;
  • Right to lodge a complaint with the supervisory authority (Article 77 of the EU GDPR).

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through Data Subject Access Request Form.

In the event that you wish to complain about how we have handled your personal data, please contact Data Protection Officer at [email protected] or in writing at Compliance Control OÜ Punane 16/1-414 Tallinn Estonia 13619 Harju maakond. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact Data Protection Authority and file a complaint with them.

Version of: January, 31 2022