Privacy Policy

MOST ÄRIKOOL OÜ
Aadress: Harjumaa, Tallinn, Laulupeo tn 24, 10128
Reg.nr 16132063

The MOST group of companies includes: MOST KOOLITUSKESKUS MTÜ, MOST Ärikool OÜ, MOST GRUPP OÜ.

Here you will find information on the principles of data processing within the MOST Group (hereinafter simply MOST).

This Privacy Policy describes how MOST (Operator, we) processes the personal data of its Clients, the representatives of its Clients, Users and any other data subjects (you) in relation to their use of the MOST and Services. This Privacy Policy applies if you use, have used or have expressed an intention to use the MOST and Services, including in the trial or demo version. This Privacy Policy also applies to our marketing leads.

In the described cases, we act as a data controller as regards your personal data and are responsible for the processing thereof. This Privacy Policy does not apply, however, to the personal data processed in the Contents by our Clients on the MOST and in using the MOST Services. In such case, the Client acts as a data controller as regards such personal data and is responsible for the processing thereof. We process such personal data on behalf of the Client and act as a data processor.

Personal data should be understood as any information relating to an identified or identifiable natural person (data subject).

Collecting your personal data

We collect your personal data in the following ways:

  • you provide us with your personal data yourself;
  • your personal data is provided to us by the representative of the Client or another User (within your company);
  • we receive your personal data from a third party (e.g. when a third party payment service provider confirms whether your payment was successful or not);
  • we have collected your personal data by automatic means. Such processing also includes collecting data about leads (trial and demo Clients, marketing leads and their representatives) from public registers.

Personal data processed and the legal basis for processing

We mainly process your personal data for the purpose of concluding and performing the Contract with the Client. This includes providing customer support and contacting you otherwise as regards the Platform
and the Services. For the foregoing, we process the following personal data:

  • identification data (name, date of birth, picture);
  • contact data (work address, work phone number, work email address);
  • employment data (Client’s company, position within the Client’s company);
  • communications data (emails, messages sent to us);
  • data related to the use of the MOST and the Services.

If you’re the Client, the legal basis for processing your personal data is the performance of the Contract or taking steps at your request prior to entering into the Contract. If you’re the representative of the Client or a User, the legal basis for processing your personal data is our legitimate interests to enable the use of or the legitimate interests of the Client to use the MOST and Services as requested by the Client.

If you’re a lead (trial or demo Client, a marketing lead or their representative), we process your personal data for the purposes of marketing the MOST and Services and getting your company to sign the Contract with us. For the foregoing, we may process the following personal data: [name, work email address, work phone number, Client’s company, position within the Client’s company, communications data, data related to the use of the MOST and the Services]. The legal basis for processing your personal data is our legitimate interest to market the MOST and Services. Considering that MOST is a B2B Platform and we process data that is related to your economic activities and/or employment, we believe that your right to privacy does not override our legitimate interests.

Additionally, we may also process your personal data to safeguard our rights (establishing, exercising and defending legal claims). The legal basis for the latter is our legitimate interest to do so.

We do not process any special categories of personal data. As the MOST and Services are not available for persons under 18 years old as by our Terms of Use, we do not process any personal data of persons under 18 years old.

Processing on the basis of consent

We may also process your personal data on the basis of your consent (e.g. for direct marketing purposes). When processing is based on consent, you can withdraw consent at any time by contacting us on the contact details below or by clicking on the ‘unsubscribe’ link at the end of each email. Please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Data processors

We use carefully selected service providers (data processors) in processing your personal data. In doing so, we remain fully responsible for your personal data.

We use the following categories of data processors: data collection, management and storage providers, email service providers, messaging service providers, pop-up service providers, customer relationship management and feedback service providers, direct marketing service
providers, payment service providers, accountants, and legal and other advisors.

Should you require more detailed information as regards the data processors we use (e.g. their names and location) please contact us on the contact details below.

Third parties

We only share your personal data with third parties if stipulated herein, if required under the applicable law (e.g. when we are obligated to share personal data with the authorities) or under your consent.

If you’re the User or the Client’s representative, then we share your personal data with the Client as it is necessary to fulfill our obligations under the Contract with the Client. The legal basis for such sharing is our legitimate interest to enable the use of or the legitimate interests of the Client to use the MOST and Services as requested by the Client. We may also share your personal data with our auditors. The legal basis for such  sharing is our legal obligation to do so.

Location of personal data

Personal data is located on a separate vps (virtual private server) in the European region. Only the CTO and the server application have access to the database, which sends sql requests to get certain information about users. The connection is made only
through the white list of IP addresses on the internal network, requests from external sources are excluded.

Security

We take appropriate technical and organizational security measures in protecting your personal data, taking into account (i) the state of the art, (ii) costs of implementation, (iii) nature, scope context and purposes of the processing, and (iv) risks posed to you. Such
security measures include, but are not limited to, encrypted storage and access controls. See our Security Overview.

Security Overview:

The database stores user data – user id, name, surname, email, encrypted password, role on the platform. User passwords are encrypted with sha512 + salt.
HR panel: Displays a list of applicants only in the format of #ID user – for example, # 3654. When opening the “CV” page of an applicants, the HR manager sees only skills, personal data is also not available. Communication only through the platform.

Data retention

We retain your personal data for as long as necessary for the purposes they were collected for, as long as necessary to safeguard our rights, or as long as required by the applicable law. Please note that if the same personal data is processed for several purposes,
the personal data will be retained for the longest retention period applicable.

If you’re a lead (trial or demo Client, a marketing lead or their representative), we retain your personal data for 1 year from after your trial period expired or from when you had the demo or from when the personal data was collected, respectively, for our marketing purposes based on our legitimate interests (see above). As explained in the Terms of Use, the Contents in the trial version, including any personal data therein, unless agreed differently, will be retained for 75 days from after your trial period expired, in case you decide to continue using the Platform under a price package.

If you’re a paying Client, the representative thereof or a User thereof, we retain your personal data as follows:

  • in accordance with Estonian accounting and taxation laws, billing information is retained for a period of 7 years as of the end of the relevant financial year;
  • in accordance with the maximum limitation period for claims arising from a transaction if the obligated person intentionally violated the person’s obligations and for claims arising from the applicable law (Estonian law), we shall retain any personal data related to such claims for a maximum of 10 years from the date when the claim falls due.

Your rights. To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:

  • request access to your personal data;
  • obtain a copy of your personal data;
  • rectify inaccurate or incomplete personal data;
  • erase personal data;
  • restrict the processing of personal data;
  • portability of personal data;
  • object to the processing of personal data which is based on legitimate interest and which is processed for direct marketing purposes.

Should you believe that your rights have been violated, you have the right to lodge a complaint with the data protection authority or the court. In order to exercise your rights, please contact us at the contact details below. Please note that you can exercise some rights (e.g. review and update your personal data) already by logging into the MOST.

Amending this Privacy Policy

Should our personal data processing practices change or should there be a need to amend the Privacy Policy under the applicable data protection regulations, other applicable legal acts, case-law or guidelines issued by competent authorities, we are entitled to unilaterally amend this Privacy Policy at any time. In such a case, we will notify you by email reasonably prior to the amendments entering into force.

Governing law

As we are a company registered in the Republic of Estonia, the processing of your personal data shall be governed by the laws of the Republic of Estonia.

Contact

In case you have any question regarding the processing of your personal data by us or you would like to exercise your rights as a data subject, please contact us by email anna@most.ee.

Privacy Policy valid from 25.01.2021