Valid from 15.02.2022
Comistar is committed to protect your privacy and will take all appropriate steps to ensure that your Personal Information is treated securely and will be collected, used, stored, and disclosed in accordance with this Policy and the applicable laws.
● Agreement - service agreement concluded with the Client.
● Client - a person who uses Comistar services.
● Cookie(s) - small pieces of information stored by the Client’s browser on the hard disk of the computer of any other device of the Client.
● Content - all the data and information contained on the Website https://comistar.ee/ . These include all messages, texts, photographs, graphics, icons, logos, technology, links, textures, drawings, sound and/or image files, recordings, software, appearance, graphic design, source code and, in general, any kind of material contained in the Site.
● Data Subject / you - refers to the entity or individual providing Personal Data for the purposes of executing an Agreement with Comistar, or for any other purpose falling in the scope of this Policy.
● GDPR(General Data Protection Regulation) - Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the Processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC.
● Personal Information or Personal Data - means any information which Comistar directly relates to you (a legal or natural person or an organization legally engaged in business activities or any other business). By reference to an identifier such as a name, date of birth, contact information, location data, an online identifier etc.
● Process or Processing - means any operation set of operations which is performed by Comistar as part of the Services on Personal Data, whether by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment or combination, restriction, erasure, or destruction.
● Processor or Controller - shall have the meanings given in the GDPR. Means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
● Website/Site https://comistar.ee/
- The content of Personal Data Comistar collects and Processes
- By using Comistar Services and Website, you agree that the Comistar will use, disclose and Process your Personal Data in accordance with this Policy.
- We collect and Process Personal Data relating to you.
- Personal Data means any information relating to Data Subject; an identifiable natural person is one who can be identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; to the extent that IP addresses (or similar identifiers) is static IP address which does not change over time we will manage such identifiers as Personal Data.
We collect the information through the following means:
- Information you give us: We receive and store any Personal Information (including financial
information) you provide to us including when you (your business) enquire for or make an application
for the Services; register to use and/or use any Services; upload and/or store information with us
using the Services; and when you communicate with us through email, SMS, a Website or the telephone or
other electronic means, e.g. in the context of contacting us about your account or transactions. Such
information may reference or relate to you or your end users:
- Name including first name and family name, date of birth, age, email address, job/company role, username, password and/or photograph, biometric information, address, occupation, nationality and country of residence, a copy of your identification, such as your driver’s license or passport and/or other government identification or registration data.
- Information about your use of the Services, such as information about how frequently you transact with us, your average transaction volume, account balances.
- Information we collect about you automatically: Comistar receives and stores certain
information automatically whenever you interact with Comistar, whether you open an account or
undertake a transaction with us; for example, by way of Cookies or similar technology. Collecting this
information enables us to better understand the Clients who use and interact with Comistar, where they
come from, and how they use our services. We use this information for our analytics purposes and to
improve the quality and relevance of our services for our visitors and Clients. This information
- Technical information, including the IP address used to connect your computer or device to the Internet, your login information, browser type and version, equipment type, time zone setting, browser plug-in types and versions, operating system platform, frequency and length of visits, and what links you click on.
- Information about your visit or whether you opened an email, including your geolocation, the full URL clickstream to, through and from our Website (including date and time); Services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information and methods used to browse away from the site page and any phone number used to call our Client service number. We may use such information for regulatory purposes, our own due diligence checks, fraud, and risk management, to better understand transaction patterns and to optimize your experience.
- Email and Other Communications: we may receive information about you and your use of Services when we communicate with each other, including when you open messages from us and from the use of electronic identifiers.
- Information from Other Sources: We may receive information about you from other sources and add it to our account information, including when you apply to use the Services. For example, we work closely with, and receive information from, third parties like business partners, banks and other financial institutions, merchants, subcontractors, payment providers, government lists and databases and fraud prevention agencies.
- Information about other people: if you give us information about other people, you must have informed them in advance and you must ensure you have the right to do so.
- Information you give us: We receive and store any Personal Information (including financial information) you provide to us including when you (your business) enquire for or make an application for the Services; register to use and/or use any Services; upload and/or store information with us using the Services; and when you communicate with us through email, SMS, a Website or the telephone or other electronic means, e.g. in the context of contacting us about your account or transactions. Such information may reference or relate to you or your end users:
- Comistar Processes Personal Data only if it has your consent to do so, or if it is necessary for providing you the Services, or Comistar has the legitimate interest to do so, or if it is required by applicable legislation.
- The use of your Personal Data
- We may use and share the Personal Data we collect for the following purposes:
- To provide our Services to you;
- To improve and develop our business,;
- To prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves;
- To comply with applicable law;
- To comply with requests from law enforcement and regulatory authorities on public interest grounds or from commercial organizations with whom you have or have had dealings, to establish, exercise or defend legal claims, or to protect your vital interests or those of other persons. To help those authorities or other organizations in the fight against crime and terrorism.
- We may use and share the Personal Data we collect for the following purposes:
- Disclosure and transfer of Personal Data
- Comistar only Processes your Personal Data on your consent if there is a legitimate interest in Process Data or if it is required by the law.
- Comistar reserves the right to transmit the Personal Data to law enforcement institutions, state authorities and financial institutions if it should be required to comply with valid laws.
information to Third Parties except in the following cases:
- With your explicit authorization;
- Fraud prevention agencies and other organizations who assist us in managing fraud and business risk;
- With your permission, your information may also be used for other purposes for which you give your specific permission.
- Retention of Personal Data
- The retention period may also depend on the legal and regulatory requirements. We will retain Personal Information as evidence of our obligations with you, to manage any inquiries or disputes, including to defend or initiate any legal claims.
- After the expiration of the Personal Data storage period, we shall anonymize or permanently erase your Personal Data.
- Data Subject’s rights in relation to Personal Data
- You as a Data Subject have the following rights in relation to Personal Data:
- Right of access to Personal Data - you have the right to know which of your Personal Data we store and how we Process it, including the right to know the purpose of the Processing, the persons to whom we will disclose your Personal Data, information about automated decision-making and the right to receive copies of Personal Data.
- Right to rectification of Personal Data - you have the right to request the rectification of inadequate, incomplete, and misleading Personal Data.
- Right to withdraw the consent given for the Processing of Personal Data - you have the right at any time to withdraw the consent given to us for the Processing of Personal Data. Please note that withdrawal of your consent shall not affect the legality of the Processing that was made because of consent before the withdrawal.
- Right to erasure of Personal Data („right to be forgotten “) - you have the right to request that we erase your Personal Data (for example, if you take back the consent for the Processing of Personal Data, or if Personal Data is no longer needed for the purpose for which it was collected). We have the right to refuse the erasure of Personal Data if the Processing of Personal Data is necessary for the fulfilment of our legal obligation, to exercise the right to freedom of expression and information, for the preparation, presentation, and protection of legal claims, or in the public interest.
- Right to restriction of Processing - In certain cases, you have the right to prohibit or restrict Processing of your Personal Data for a certain period (e.g., if you have filed an objection to Personal Data Processing).
- Right to object - you have the right to file an objection to Processing of your Personal Data if your Personal Data Processing takes place based on our legitimate interest or public interest. You shall have the right to object at any time to Processing of Personal Data for direct marketing purposes, and we shall respond immediately.
- Right to data portability - In case your Personal Data Processing is based on your consent and Personal Data is processed automatically, you shall be entitled to receive Personal Data about you that you submitted to us as the Controller, in a structured, commonly used, and machine-readable format, and you shall have the right to transmit this Personal Data to another Controller. You also have the right to request that we transfer Personal Data directly to another Controller, where technically feasible.
- Automated decision-making (including profiling) - if we have informed You that we perform automated decision-making (including profiling) that will bring about legal consequences for you or have a significant effect on you, then you may require human intervention in the decision-making process.
- Submission of complaint - In case you find that your rights have been breached, you have the right to seek protection and file a complaint to the Data Protection Inspectorate.
- Please read more about your rights from chapter 3 of the GDPR.
- Security of Personal Data
- Security is of utmost importance to us. We do our best to protect Personal Data in our hands.
- We apply various measures (physical, technical, organizational) to protect your Personal Data from unauthorized or arbitrary rectification, disclosure, acquisition, destruction, loss, or unauthorized access.
- Applicable law and jurisdiction
- You understand and accept that the relationship between you and Comistar shall be governed in all respects by the laws of the Republic of Estonia without regard to its conflict of law provisions.
- Any disputes arising out of this Agreement shall be settled in Harju County Court pursuant to the laws of the Republic of Estonia.
- Cookies and other tracking technologies
- In this section you can find information about the usage of Cookies and other tracking technologies together with information where you can control your Cookie and add preferences.
- Most of the web browsers allow Cookies. Without fully allowing Cookies, not all the functions of the Website are available to a visitor. The allowing or prohibiting Cookies and other similar technologies shall be under the control of a visitor via the settings of the visitor’s own web browser.
- If you prefer that your Personal Data will not be Processed on our website, you can activate the private browsing feature of Your web browser.
The current version:
Original version from 15.02.2022