IAmAnn OÜ (hereinafter referred to as IAmAnn or we) operates web-based annual report preparation software (hereinafter referred to as ANN) developed by Mindworks Industries OÜ (hereinafter referred to as Mindworks), which helps micro-enterprices quickly and easily compile annual financial reports. Therefore, our clients are legal entities (hereinafter referred to as Clients) who have accepted our terms of service on the ANN website (minuaastaaruanne.ee) The personal data that IAmAnn processes as a controller is the data of individuals (hereinafter referred to as You) who communicate with us and/or use our services on behalf of a legal entity (e.g., a member of the Client's board of directors, employee, or other authorised representative).
In this privacy policy, we explain how we use Your personal data (hereinafter also referred to as data) during our client relationship, in case we are the data controller (as defined under GDPR).
We have the right to unilaterally amend the privacy policy if the legal acts regulating the processing and protection of personal data or our own data processing change. We will notify about the changes one month before the changes take effect on our website. The latest version of the privacy terms is always available on our website https://minuaastaaruanne.ee/privacy
Definitions
To help You better understand our privacy terms, we explain the main data protection-related terms we use here.
GDPR is the general data protection regulation of the European Union (EU) 2016/679, which applies in all EU Member States.
Personal data are any information which are related to an identified or identifiable natural person (data subject). The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
These data processing terms apply when:
You use ANN as a representative of the Client on behalf of the Client;
You communicate with us as a representative or contact person of the Client or potential Client;
You simply make an information request through our website or by email.
1. Data controller for personal data
IAmAnn OÜ
Address: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Jahu tn 14-129, 10416, Estonia
Registry code: 16899965
Email: info@minuaastaaruanne.ee
2. What types of personal data do we collect and from what sources do we obtain them?
As stated above, IAmAnn is a B2B company, therefore we primarily use Your personal data for communicating with the Client for the purpose of providing services. Thus, the processing of Your personal data is based on our legitimate interest - You are a representative through whom our Client communicates with us and vice versa.
When using our services, You typically provide us with the following data: Your first and last name, email address, personal identification code, position in the company (i.e., with our Client). You may provide this information when registering as a user of ANN, using our services through the ANN web platform, providing feedback, or leaving a message for us to contact You or by contacting us in other ways.
We assume that such data is intended for work and business communication and does not include private contact information.
Automatically collected data: When You use ANN services as an employee of our Client or another authorised representative through the user account created for You or visit our website, we may automatically record certain information from Your device using various technologies such as cookies and web beacons. Automatically collected data may include: IP addresses (to determine user location), information about browsers and user devices, browsing activity on different sites or pages, dates and times of visiting, accessing, or using the service. ANN uses this data based on legitimate interest to improve service quality and develop services, and Mindworks, the owner and developer of the ANN platform, uses it based on legitimate interest to analyze the availability and performance of the ANN platform and thereby develop the platform by adding new features and functionalities – in this regard, Mindworks is the data controller.
Data from public sources: We may also collect information about the Client from public sources such as business registries, credit registries, for checking customer background information and credit information and thereby also obtaining data about the persons representing the Client (e.g., board members).
Data collected through ANN by the Client: When using the services, our Clients (i.e., companies that You represent/work for) upload and process various financial data through our ANN platform. Such data may also include personal data of the Client's employees, customers, or other individuals. Such personal data is under the control of our Client, and IAmAnn processes personal data only for the purpose and to the extent necessary for providing services to the Client. In this case, we act as the authorised processor of data according to the data processing agreement concluded with the Client.
3. For what purposes and on what legal basis do we process Your data?
As explained above, we primarily use Your data to provide services ordered by the Client You represent and to communicate with the Client You represent or on whose behalf You use our services. Therefore, we use Your data (i) to fulfill the contract with our Client (user identification, communication related to the contract with the client, etc.); (ii) for business purposes (service management, maintenance, feature enhancement), (iii) for business development (usage statistics, analysis of preferences, trends in developing new services and products), (iv) for marketing (news and offers related to our services and products).
The legal basis for processing Your data by IAmAnn for the above purposes is our legitimate interest - we need to communicate with the legal entity, and if You act as the Client's representative and we assume that there is a balance of interests and we do not act contrary to Your interests, rights, or freedoms. If the processing of personal data is based on legitimate interest, the data subject, meaning You, always has the right to object to such processing. Upon objection, we will inform our Client, asking for a new contact person to be provided to us or to comment on Your objection in another way.
In connection with Your work or area of responsibility, we may occasionally send You direct marketing offers and messages, for example, if the company You work for is our Client or if You have previously ordered our services as a representative of Your company. Such direct marketing activities are based on our legitimate interest. If You receive such direct marketing messages from us, You always have the right to refuse them by clicking on the unsubscribe link at the end of the message.
4. Who can access Your data?
In IAmAnn, your personal data is only accessible to those employees who need the data to perform their job duties (based on the principle of need-to-know). Outside of IAmAnn, we may share your data to the following individuals to the extent necessary:
Service providers: Your data may be accessible to individuals who provide services to us and process your data on our behalf (our authorised processors) to the extent necessary for the provision of such services. These may include, for example, the owner and developer of the ANN platform, who provides technical support for the service, data hosting and backup service providers; accounting, invoicing, user support, and analytics software providers; development and marketing service providers.
Public authorities and government agencies (e.g., PPA, Data Protection Inspectorate): we disclose Your data only to the extent and only when required by law.
Professional advisors: we may need to share Your data with our professional advisors such as auditors, lawyers.
Third parties in connection with company transactions: We may share your data with third parties in connection with IAmAnn transactions, such as in connection with the sale of IAmAnn shares or its assets to another company. Also, in the context of creating joint ventures, mergers, or other restructuring.
As a general rule, we do not store Your personal data outside the European Economic Area or transfer data outside the European Economic Area. If necessary, however, we follow the requirements set out in Chapter 5 of the GDPR.
5. How long do we retain your data?
We retain your data for as long as necessary to achieve the processing purposes described in these data protection terms and to fulfill legal obligations, such as:
we retain all user account data until the Client is an active user and 6 months thereafter;
we retain data related to potential Clients for 12 months;
we are required by law to retain invoice data and underlying documents for 7 years ;
we retain information about legal transactions between us and our client for the statute of limitations period set forth in civil claims law (3 years, 10 years in cases of intentional breach), so that we can defend ourselves against any legal claims and make legal claims in our defense.
If you would like to learn more about the retention of your personal data, please send an inquiry to the email address provided in point 1 of these data processing terms.
6. What are your rights regarding your data?
Right to access data - You have the right to know what data we collect about You, for what purpose we process it, to whom we disclose data, how long we retain data, and what are Your rights regarding restricting the processing, correcting, deleting, and processing of data. In order to respond to Your request, we must first identify You to prevent the sharing of data with unauthorised persons. We have the right to respond to Your request within 30 days.
Right to rectification of data - You have the right to request the correction of personal data concerning You if it is incorrect or incomplete.
Right to erasure of data - in certain cases, You have the right to request that we erase Your personal data, particularly if the processing of Your data is based on Your consent and You withdraw it.
Right to restrict processing - in certain cases, You have the right to prohibit or restrict the processing of Your personal data for a certain period (e.g., if You have objected to the processing of data).
Right to object - You have the right to object to the processing of data based on IAmAnn's legitimate interest. Upon objection, IAmAnn will cease processing Your personal data unless we demonstrate that Your personal data is being processed for compelling legitimate reasons that outweigh Your interests, rights, and freedoms as a data subject or for the preparation, filing, or defense of legal claims. You also have the right to object at any time to the processing of Your personal data for direct marketing purposes. Upon receipt of such objection, we will cease processing Your personal data for direct marketing purposes.
Right to data portability - If the processing of Your personal data is based on Your consent or a contract with us and the data is processed automatically, You have the right to receive Your personal data in a structured, commonly used, and machine-readable format that You have provided to us. You also have the right to request that IAmAnn transmit the data directly to another service provider, if technically feasible (i.e., if the other service provider is able to receive them in the transmitted format).
If you wish to exercise any of the rights mentioned above, please contact us at the email address provided in point 1 of these data processing terms.
For clarity, the provisions of point 6 herein do not apply to personal data processed by IAmAnn on behalf of its Clients as an authorised processor, such as data entered by the Client into the ANN software using IAmAnn services. In such cases, the data controller for your personal data is our Client, and the personal data is processed in accordance with the Client's data protection terms. Therefore, all relevant data subject requests should be submitted directly to the Client of IAmAnn.
7. Right to lodge a complaint with the Data Protection Inspectorate and the court:
If you would like further information regarding your personal data or the exercise of your rights, please contact us at the email address provided in point 1 of these data processing terms.
If you believe that the processing of your personal data violates the requirements of the GDPR, you have the right to appeal to the Data Protection Inspectorate or the court to protect your rights and interests.