Grata OÜ adheres to the requirements and principles set out in this policy. This document establishes the purpose and the terms and conditions of personal data processing as well as the rights related to the personal data of data subjects. Grata OÜ considers protection of individual’s privacy and personal data extremely important and ensures that all personal data is processed lawfully.

1. Definitions
1.1. Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.3. Controller means the natural or legal person, public authority, agency or other body which is the original collector of data. The controller determines the purposes and the means of processing personal data.
1.4. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.5. Third party means a natural or legal person, public authority, agency or body.
1.6. Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
1.7. Data subject means the person whose personal data is processed.

2. Principles
2.1. Grata OÜ adheres to the following principles when processing data:
 2.1.1. lawfulness, fairness and transparency principle – personal data is processed lawfully, fairly and in a transparent manner in relation to     the data subject;
 2.1.2. purpose limitation principle – personal data is collected for specified, explicit and legitimate purposes and not further processed in a     manner that is incompatible with those purposes;
 2.1.3. data minimisation principle – personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which     they are processed;
 2.1.4. accuracy principle – personal data is accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure     that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
 2.1.5. storage limitation principle – personal data is kept in a form which permits identification of data subjects for no longer than is
    necessary for the purposes for which the personal data is processed;
 2.1.6. integrity and confidentiality principle – personal data is processed in a manner that ensures appropriate security of the personal data,     including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using
    appropriate technical or organisational measures.

3. Security of Processing Personal Data
3.1. Grata OÜ applies different organisational, physical and information technology security measures to protect personal data, following the principle of reasonableness.
3.2. In certain cases Grata OÜ may use processors for the processing of personal data and provision of services. Grata OÜ ensures that processors process personal data in accordance with applicable law and the instructions provided by Grata OÜ as well as take relevant security measures. Confidentiality agreements have been entered into with any and all processors.
3.3. Grata OÜ shall notify data subjects of any personal data breaches immediately.

4. Categories of Personal Data
4.1. Grata OÜ processes personal data obtained directly from data subjects and personal data obtained in the course of the provision of services. Grata OÜ does not collect, store, analyse or use personal data arising from services for purposes other than provision of these services.
4.2. Grata OÜ processes the following personal data:
 4.2.1. first name and last name;
 4.2.2. email address;
 4.2.3. telephone number;
 4.2.4. postal address;
 4.2.5. Skype ID;
 4.2.6. website user statistics ;
 4.2.7. data arising from provision of services to a strictly limited extent;
 4.2.8. data needed for fulfilling contractual obligations, including: personal identification code; IBAN; photocopy of the ID card.
4.3. Grata OÜ is the controller of personal data and adheres to the principles of ensuring the confidentiality of personal data to guarantee the privacy rights of individuals.
4.4. Personal data can be altered and processed only by individuals authorised by Grata OÜ.

5. Purposes of Processing Personal Data
5.1. Grata OÜ processes personal data to perform an agreement and ensure performance thereof.
5.2. The purpose of processing personal data specified in clause 4.2 is to:
 5.2.1. provide high-quality services;
 5.2.2. enter into agreements (including a confidentiality agreement);
 5.2.3. process invoices for any services provided;
 5.2.4. manage translation projects.

6. Third Parties, Authorised Persons and Cross-Border Data Transfer
6.1. Grata OÜ may transmit personal data to third parties and authorised persons for the purpose of performing the agreed-upon service. Such transmission is limited strictly to necessary and justified information.
6.2. Due to the nature of translation services and language combinations, there may be situations that require cross-border transmission of personal data to partners.
6.3. Grata OÜ confirms that the company applies appropriate security measures when transmitting personal data across borders.
6.4. Grata OÜ confirms that the company transmits personal data only to third parties and processors that apply adequate security measures to ensure the protection of personal data.

7. Rights of Data Subjects
7.1. Data subjects have the right to have their personal data erased .
7.2. Data subjects have the right to make inquiries concerning their personal data that they have submitted to Grata OÜ.
7.3. Data subjects have the right to restrict the processing of their personal data.
7.4. Data subjects have the right to file a complaint about the processing of personal data with the Data Protection Inspectorate.

8. Storage of Personal Data
8.1. Grata OÜ keeps personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; unless Grata OÜ must to comply with different terms of storing personal data due to law.
8.2. Grata OÜ shall destroy and/or erase securely any personal data with no purpose for storage, unless it has been otherwise agreed between the recipient/provider of the service and Grata OÜ.

9. Use of Cookies
9.1. The website managed by Grata OÜ may use cookies to improve the convenience and smoothness of user experience on the website.
9.2. Cookies are small text files automatically saved by the web browser in the device used by the person. Grata OÜ uses cookies to collect anonymous and generalised statistics regarding the number of visitors of the website and information about the manner of using the website in order to make the website more user-friendly and convenient.
9.3. Cookies saved in the device can be blocked by not agreeing to the use of cookies. For this, the respective settings of the web browser have to be changed. Web pages might not work properly and some of the services might be unavailable if cookies are not allowed.

10. Amendments to Privacy Policy

10.1. Grata OÜ considers the privacy of individuals important and therefore updates this Privacy Policy on a regular basis. The latest version of the Privacy Policy is always available on the website.

11. Contact
11.1. If you have any questions, concerns or proposals about the processing of personal data, you can contact the controller, using the following contacts details:

Grata OÜ
Riia 4
51004 Tartu

Approved by the Management Board of Grata OÜ on May 1st 2018.