Privacy Policy

This Privacy Policy sets out the principles on the basis of which Parcelsea processes the personal data of its customers.  We process personal data in accordance with the EU General Data Protection Regulation, the Personal Data Protection Act and other legislation on the processing of personal data. We process data on the basis of the principle of minimal processing – we only process the data that is necessary for the provision of the service to you and for the fulfilment of our purposes.
  1. DEFINITIONS
    1. The controller is the person who determines the principles and purposes of the processing. For the purposes of this Privacy Policy, the controller is Parcelsea OÜ (hereinafter Parcelsea) (registered in the Commercial Register of the Republic of Estonia, registry code 16054185). Parcelsea may be the data controller alone or jointly with another legal entity with which Parcelsea has concluded a data processing contract. In certain cases, Parcelsea may also be an authorised processor, in which case the controller is the company with which the Data Subject has concluded a contract, as a result of which the company transfers the Data Subject’s personal data to Parcelsea.
    2. An authorised processor is a person who processes personal data on behalf of and under contract with a controller and to the extent specified in the contract. An authorised processor is a partner of Parcelsea providing services to Parcelsea. Parcelsea will contract and verify the reliability of such parties in accordance with data protection requirements. Parcelsea may also act as an authorised processor, but in such a situation, the data processing principles of the controller will apply in the first instance.
    3. A Data Subject is an identifiable natural person whose personal data is processed by Parcelsea (hereinafter also referred to as Customer or you). This may be, for example, a person with whom Parcelsea has entered into a contract or a person who has expressed a wish to enter into a contract with Parcelsea. It may also be a person treated as a Data Subject on the basis set out in the Contract, whose data has been provided to Parcelsea by the Customer.
    4. Personal data are any information relating to a data subject which makes it possible to identify that data subject, directly or indirectly.
    5. Processing of personal data is any activity that relates to personal data.
    6. The Contract is a rental contract between Parcelsea and the Customer.
  2. CONTACT DATA
    1. Parcelsea can be contacted by e-mail at info@self-service.parcelsea.com for questions regarding the processing of personal data.
  3. THE BASIS AND PURPOSES FOR PROCESSING PERSONAL DATA
    1. Parcelsea processes personal data on the following bases and for the following purposes:
      1. Conclusion and performance of the contract – On these grounds, we will process the data contained in the request for conclusion of the contract and will conclude the contract. On these grounds, we will also perform our obligations under the contract.
      2. Consent – Consent is given voluntarily by ticking a box when filling in the online form and signing the contract. On the basis of consent we will be able to send you offers and newsletters. Consent can be withdrawn at any time by notifying us by email at info@self-service.parcelsea.com
      3. Legitimate interest – A legitimate interest is a business interest of Parcelsea where we process data to improve our service and protect our interests. Where we have a legitimate interest, we may process your personal data for the following purposes:
        • To ensure a trusted customer relationship and prevent fraud;
        • Drafting, presenting and defending legal claims;
        • To handle customer complaints;
        • For the purposes of customer base management and marketing (except for sending direct marketing offers to natural persons, unless consent has been given);
        • To organise campaigns and satisfaction surveys;
        • For information security purposes;
        • To develop and improve IT solutions;
        • For organisational purposes, e.g. due to internal management and audits.
      4. Fulfilling legal obligations (for example, obligations related to accounting).
  4. THE COMPOSITION OF PERSONAL DATA
    1. Parcelsea collects the following personal data:
      1. Personal data disclosed by the Data Subject and the person treated as such, to the controller – first name and surname, date of birth or personal identification number, address where the smart mailbox is to be installed, e-mail address, telephone number, payment method information and invoicing information.
      2. Personal data generated in the course of the conclusion and performance of the contract (for example, the data set out in clause 4.1.1. if included in the contract);
      3. Personal data generated in the course of regular communication (for example, the content of a request sent to us by a Data Subject);
      4. Data that is manifestly disclosed by the Data Subject (for example, data disclosed by the Data Subject on Parcelsea’s social media accounts);
      5. Data generated by the use of the self-service portal;
      6. Data generated when visiting the Parcelsea website (see more details on the use of cookies below);
      7. Data received from cooperation partners, authorised processors or joint controllers.
  5. DATA TRANSMISSION
    1. Parcelsea does not transfer personal data to third parties. Except in the following cases:
      1. Parcelsea may transfer personal data to companies that have concluded a contract with Parcelsea to provide a service (for example, to a courier company or other transport company that has concluded a contract with the data subject).
      2. Parcelsea may transfer personal data in the case of a legal obligation. For example, court judgments and inquiries from competent authorities (courts, notaries, enforcement agents, prosecutors, police, etc.).
      3. Parcelsea may transfer data if they are necessary to ensure the performance of the contract.
      4. As a rule, Parcelsea does not transfer personal data outside the European Economic Community. Parcelsea may transfer personal data outside the European Economic Community only if it is in compliance with the EU General Data Protection Regulation, which means that when transferring personal data outside the European Economic Community, we will implement additional safeguards such as contracting under model clauses approved by the European Commission or other appropriate measures. A copy of the implemented safeguards can be obtained at info@self-service.parcelsea.com.
  6. OBTAINING AND STORING DATA
    1. Parcelsea obtains the data from the Customer (in which case Parcelsea is the Data Controller) or the data is provided to Parcelsea by a courier or other company that has obtained the Customer’s data from the Customer in the course of entering into a contract (in which case Parcelsea is the Joint controller or Authorised processor).
    2. Parcelsea, as the Data Controller, will store the data collected during the pre-contractual negotiations until the moment when the fact of the conclusion of the contract becomes clear. If the contract is not concluded, Parcelsea will delete the personal data within three months of becoming aware of the fact that the contract is not concluded.
    3. Personal data collected in the course of the performance of the contract will be stored until the performance or termination of the contract or until the expiry of the claims related to the contract, whichever is the later. Parcelsea shall store personal data for a maximum period of 3 years on the basis of a 3-year limitation period for claims, except where the circumstances do not justify the choice of a 10-year retention period and except to the extent that a longer retention period is required by the obligation to keep accounting records.
    4. The data received by Parcelsea in its capacity as an authorised processor shall be kept by Parcelsea for the period of time specified by the controller.
    5. Subject to legal requirements, Parcelsea may also retain data for longer periods, but to no greater extent and for no longer than is necessary to comply with the law. For example, we keep documents necessary for accounting purposes for up to 7 years.
  7. DATA SECURITY
    1. Organisationally, access to the personal data collected by Parcelsea is restricted to authorised persons who are contractually bound to Parcelsea or to members of the management body, where the processing is necessary for the performance of their duties. Employees and members of the management body who do not carry out day-to-day tasks requiring the processing of personal data do not have access to personal data and are prohibited from processing the data.
    2. Authorised processors may only process personal data transferred to them if this is necessary for the conclusion or performance of a contract.
  8. RIGHTS OF THE DATA SUBJECT
    1. The Data Subject has the right at any time to make a request about the disclosure of the data collected about him or her and to be informed of the data collected and processed about him or her, and, in the event of inaccurate data, the Data Subject has the right to request their rectification.
    2. The Data Subject has the right to notify the data controller at any time of his or her wish to withdraw consent to the processing of personal data. Withdrawal of consent shall not affect the lawfulness of the processing carried out at the time of consent. In the event that the controller processes personal data on any other basis, the controller shall erase the personal data in accordance with the provisions referred to in this Privacy Policy.
    3. In cases where the data controller has processed the data solely on the basis of consent or where the controller no longer has a valid legal basis for processing the personal data, the Data Subject has the right to request the erasure of all data.
    4. The Data Subject has the right to object to the processing of his or her personal data, for example where the processing is based on the legitimate interest of the Controller.
    5. The Data Subject has the right to data transferability, i.e. the right to request that his or her data be transferred to another controller, if the personal data are processed in the performance of a contract with the Data Subject and the transfer of personal data is technically feasible.
    6. The Data Subject has the right to turn to the Data Protection Inspectorate or a court at any time. Contact the Data Protection Inspectorate: https://www.aki.ee, info@aki.ee.
    7. If the Data Subject has suffered damage as a result of the processing of the data, the Data Subject has the right to claim compensation.
    8. The Data Subject has the right to lodge a complaint or a claim with Parcelsea. For complaints, questions or claims regarding the processing of personal data, please contact info@self-service.parcelsea.com.
  9. COOKIES
    1. The Parcelsea website (self-service.parcelsea.com) uses cookies to analyse data.
    2. The Customer has the right to refuse all or part of the cookies by configuring their web browser and cookie settings accordingly.
    3. The Parcelsea website uses Google Analytics cookies to analyse customer behaviour on the website. The data collected during this process is anonymous and individual website users are not identified.
    4. In order to maintain the functionality of the self-service.parcelsea.com website, self-service.parcelsea.com also uses session cookies. Temporary information collected during this process will be deleted when you close your browser.
    5. Specifically, the website uses the following cookies:
    6. Title Type Description Duration
      _fbp Advertisement This cookie has been set by Facebook to transmit advertising. 3 months
      _ga Analytics and advertising This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session and campaign data and to track site usage for the site analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. 2 years
      _gid Analytics and advertising This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use the website and helps create an analytics report about how the website is performing. The data collected, including the number of visitors, the source they came from and the pages that existed in anonymous form. 1 day
      _gat_gtag_UA_185471286_1 Analytics This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use the website and helps create an analytics report about how the website is performing. The data collected, including the number of visitors, the source they came from and the pages that existed in anonymous form. 1 minute
      cookie-agreed-version Other Cookie to ask for consent Session
    7. You can disable cookies by following the instructions in the “help” function of your web browser. When disabling functional cookies, please note that not all website functions may work correctly.
    8. You can also find more information on how cookies work or how to disable cookies at www.allaboutcookies.org.
  10. AMENDMENTS TO PRIVACY POLICY
    1. Parcelsea reserves the right to amend this Privacy Policy in accordance with changes in legislation or practice and will publish it immediately on the website.
This Privacy Policy is valid from 03.06.2021