Skip to main content

Data protection

General information

Tuokko OÜ handles personal data responsibly. You have arrived at our website’s data protection section, where we explain what personal data we process, how we process it, and what rights you have.

Privacy policy

We want to clearly explain what data we process. On this page, we describe what information we store and how we handle it. We encourage you to visit the data protection section regularly, as we update the latest version of our privacy policy on our website.

Purpose of personal data processing

Personal data is used for purposes in accordance with the General Data Protection Regulation (GDPR), such as maintaining customer relationships and fulfilling legal obligations. Below is a detailed description of the registers and their purposes.

Register data content

The data stored in the registers is typically obtained from the customer themselves or from public sources. The registers do not contain special categories of personal data as defined in Article 9 of the General Data Protection Regulation (GDPR). As a general rule, processing is based on a contract between the customer and the data controller, but it may also be based on legitimate interest or another legal basis specified in Article 6 of the GDPR.

Cookies

The publishing system uses cookies to provide our services and ensure a smooth user experience. You can opt out of statistical data collection by disabling cookies or by visiting tools.google.com/dlpage/gaoptout to disable analytics tracking.

Right of access

Under the General Data Protection Regulation (GDPR), data subjects have the right to know what personal data the data controller processes about them. A data subject may review their stored personal data free of charge by submitting a request to the Data Protection Officer or by visiting the data controller’s office in person. The right of access is generally free of charge, but if multiple requests are made, the data controller may charge a reasonable fee for processing them.

According to the GDPR, the data subject must sufficiently identify themselves when requesting access to their data. Identity verification can be done using a valid passport, a national identity card, or an electronic certificate recognized within the European Union.

Access requests will be processed within 30 days of submission unless an extension is required due to exceptional circumstances. If the request is submitted electronically, the Data Protection Officer will confirm its receipt within 10 days.

Right to rectification and right to be frogotten

The data subject has the right to correct incomplete or outdated information and to be forgotten, in accordance with Article 17 of the General Data Protection Regulation (GDPR). However, deletion or anonymization of data can only be carried out to the extent that legal obligations do not require the data to be retained. Requests for data correction or deletion must be addressed to the Data Protection Officer.

The data subject also has the right to prohibit the data controller from processing their personal data for direct marketing, telemarketing, other direct advertising, market research, or opinion polling. Such a request must be submitted to the Data Protection Officer.

Right to object to processing and data breach

The data subject has the right to request the data controller to stop processing their personal data if there is no legal basis for it or if the processing has compromised the data subject’s privacy. To exercise this right, the data subject can contact the Data Protection Officer.

If the data controller detects or becomes aware of a data breach, they will notify the data subject within 72 hours and make the necessary reports to the data protection authority.

You have the right to file a complaint with the data protection authority if you notice deficiencies in the processing of personal data. The national data protection authority in Estonia is the Andmekaitse Inspektsioon (aki.ee), and in Finland, it is the Office of the Data Protection Ombudsman (tietosuoja.fi). We recommend contacting the data protection authority in your country of residence.