Privacy policy


(Updated 31.10.2022.)

Metos and its employees are committed to protecting your privacy and personal information. While processing your data, we follow the appropriate legislation and good data processing practices.
This statement will provide information about how Metos processes your personal data, what kind of personal data we process and for what purposes they are used in different situations.

The registrar’s contact information:
Name: Metos AS
Business identity code: 10307573
Address: Saha tee 18, Loo 74201 Harjumaa
Telephone: +372 6500 740
Email address: metos.estonia@metos.ee

In the following, we describe the collection and processing of personal data, based on the connection that the person has with Metos.

 

Customers


The sources of personal data
We collect personal data directly from people, who represent our current, or future possible, customers or other stakeholders. Personal data is collected from, for example, contracts, contacts, feedback, registration, and user information of online services, or from other from other events related to customer relationship management.

The collected personal data
We collect and process for example the following personal data
  • name
  • job position
  • company
  • address
  • telephone number
  • email address
  • language
  • order history and billing information
  • event participation information
  • username and password for the services
  • recordings of customer service calls

 The purpose of the data collection
The purpose of collecting personal data is to make Metos’ operation easier in different situations and to improve collaboration between parties. Such situations are, for example

  •     execution of a sales contract
  •     providing services, products, or customer support
  •     management of invoices and payments
  •     customer and marketing communications
  •     customer relationship management
  •     organization and management of training and events
  •     conducting feedback and customer satisfaction surveys

Legal basis
We process personal data only when there is a valid legal basis.
Such legal basis exists when we are conducting marketing and sales, customer relationship management or customer communications.
When we work with our customer in a contractual relationship, the legal basis for processing personal data is the execution of the contract.

 

Website visitors


The sources of personal data
Generally, you can visit our website without giving away personal data.
We collect personal data from our website visitors with the help of cookies, from the contact form information or from those registered to the services.

The collected personal data
With the help of the cookies, we use on our websites, we obtain the visitor’s IP address, browser type and the source of the visit. Additionally, we collect data about visited pages and activities related to marketing messages. If you do not wish for us to obtain this information with cookies, you can choose to block the use of cookies or change the cookie settings by clicking the cookie icon on the bottom left of our website.
From the information filled in online forms, we collect the personal data entered on the form, for example name, company phone number, and email address.

The purpose of the data collection
The purpose of processing personal data, collected from our websites, is to secure and optimize the use of the website, develop the quality of our services, and market our products and services, as well as deliver placed orders. Additionally, we can develop the content of our website based on user interest.

Legal Basis
We process personal data only when there is a valid legal basis.

Securing and optimizing our website, service development and marketing are our legitimate interests. With the registrant’s consent, we can use contact information when sending marketing communications.
 

 

Suppliers and subcontractors


The sources of personal data
We collect personal data directly from our suppliers and subcontractors, within the framework of various supplier and subcontractor agreements.

The collected personal data
We collect and process for example the following personal data
  •     name
  •     job position
  •     qualification and training information
  •     company
  •     telephone number
  •     email address
  •     language
  •     billing and contract information
The purpose of the data collection
The purpose of collecting personal data is to facilitate Metos’ procurement and manage partnerships. Such situations are, for example
  •     the procurement of products and services
  •     the management of invoices and payments
  •     partnership management
  •     the validity of the required qualifications
Legal basis
We process personal data only when there is a valid legal basis. Such a legal basis exists when we enter procurement contracts for services or products, use subcontractors for tasks requiring qualifications, and manage payment transactions.

 

Job applicants

Sources of personal data and data collected
The basic information provided by the data subject in his/her job application, such as name, e-mail address and telephone number, is stored. In addition, the recruitment system records the experience, education and skills and/or other optional information provided by the job applicant in the application form, attachment or online links. 

The purpose of the data collection
The purpose of the register is to receive, process and store job applications from job seekers of Metos. 
Personal data is used for the analysis of applications, communication with the applicant and as part of the final selection process. The controller may match the application with any other suitable job vacancy or the application may be returned in connection with subsequent applications, provided that the application is still to be retained.

Legal basis
- Legitimate interest of the controller to process personal data provided or referred to in the job application of the data subject. The controller needs the personal data necessary for the job applicant to be taken into account in the application process or in job vacancies.
- Consent, if any, given by the data subject to other collection and processing of personal data and to personal and aptitude tests.
- The legal rights of the controller, such as the assessment of the reliability of the data subject through possible credit and criminal records.

 

Personal data processors and transfer outside Metos

At Metos, personal data is processed only by individuals who are entitled to it, based on their duties. We use service providers, for example, to manage payments and invoices and provide online services. In these instances, the processing of personal data occurs in accordance with Metos’ instructions, for purposes determined by Metos. If personal data is processed outside the Eu, due to technical or practical requirements, Metos ensures that there is a legal basis for such transfers.
Metos may have to hand over personal data to another data controller, for example to the authorities, when Metos has a legal obligation to do so.

 

Personal data retention period

Data is kept only for the duration and to the extent necessary for the purposes for which it was originally collected. The retention period varies depending on the purpose of the processing and the type of personal data.
The data stored in the register is destroyed or made anonymous when there is no longer a legal basis for keeping it.

 

Registry protection

The data security, confidentiality, and correctness of the data in the register are ensured by adequate technical and organizational means.
The registry’s information systems are protected with appropriate technical measures, including regular information security and environmental updates, encrypted connections to the environment, and a secure online environment.
Only those specified individuals who need the information in their tasks have the right to process the data. Only trained and instructed personnel can process data in accordance with task-specific roles.

 

The data subject’s rights

The registered person has the right to know what personal data we process and how it is processed. The registered person can request a copy of such information by contacting the e-mail address indicated in the contact information of the registrar.
If there are gaps, errors or outdated information in the personal data, the data subject has the right to request their correction or completion.
The registered person has the right to request the deletion of his personal data. We delete personal data unless we have a legal obligation or other compelling reason to retain the data. If the processing of personal data is based on the data subject’s consent, this consent can be revoked at any time.
The registered person can request to restrict or object to the processing of their personal data. In such a case, we evaluate the legal basis for processing personal data.
The registered person has the right to file a complaint with the supervisory authority if the registered person considers that the processing of personal data, concerning them, has not been in accordance with data protection regulations.

 

Updating the data protection and privacy policy

This data protection and privacy policy can be updated when changes, that require it, occur in our business or data protection requirements. This website always has an up-to-date description. We recommend that you familiarize yourself with this policy and visit at regular intervals to review possible changes.