Oak Digital Consulting specialises in privacy and data protection, the safety and confidentiality of the personal data that is processed is of key concern. Moreover, the company wishes to be very clear and transparent about what happens when data is collected and used.

When is your personal data collected and used?

Oak Digital Consulting collects and uses your personal data whenever you:

• use the website or social media or communicate with the company via e-mail, phone, or any other digital communication channel;
• register for the newsletter;
• leave your business card;
• contract and communicate as a client or supplier of Oak Digital Consulting;
• apply for a job position;

What if this privacy notice does not answer all of your questions?

The company is required by data protection laws to give you extensive information. If you have any additional questions about how your personal data is being handled, please feel free to reach out to the Data Protection Officer (DPO) at admin@oakconsulting.co

Who is the “company”?

Whenever you see a reference to “Company” in this privacy notice, it actually refers to Oak Digital Consulting:

Address: Ahtri 12 (E-Residency HUB OÜ) 10151 Tallinn, Estonia

Registration number: 16601977 (Oak Digital Consulting OÜ)

Telephone: +32 493 12 69 39

The company is responsible (or – as the law calls it – “controller”) for collecting and using (or – as the law calls it – “processing”) your personal data, as explained in this privacy notice. 

What personal data is processed and why?

When you use the website, social media or communicate with us via phone, e-mail, or any other digital communication channel, your data is collected to:

1. Allow for communication between you and Oak Digital Consulting. This communication relies on a legitimate interest to be able to respond to your requests, questions or remarks or to contact you proactively for inquiries of whatever kind (e.g. when you respond to a blog, use Oak’s contact form or contact via social media.
2. Improve the website’s and social media pages’ content and overall experience to offer visitors an interesting online space, relying on legitimate interest. 
3. Detect and prevent malware, illegal content, behaviour and other types of misuse, relying on a legitimate interest to keep the online presence safe.

To achieve the above-mentioned purposes, the following personal data is processed:

1. The basic identity information provided, such as name, e-mail address, postal address, telephone number, the company you work for, your function;
2. the content of communication and the technical details of the communication itself (with whom you correspond at our end, date and time, etc.);
3. technical information associated with the device you use, such as your IP address, browser type, geographical location and operating system;
4. information concerning browsing behaviour, such as how long you visit, what links you click on, what pages you visit and how many times you visit a page.
5. any other personal data that is chosen to be provided.

When registering for an online newsletter, personal data is collected and used to send the newsletter or other electronic communications. Explicit consent is asked before sending the newsletter unless you are an existing client who wishes to be informed of the services. 

There is always the opportunity to unsubscribe from the newsletter. Only basic identity information, such as name and e-mail address, is processed to send the newsletter.

When leaving a business card, personal data written on the card is collected and digitally registered for normal business relationship management purposes, relying on a legitimate interest to process these personal data to build a network of contacts.

When entering into a contract with you as a client or supplier, personal data is collected and used for:

When an individual is a client or supplier, personal data is processed for the necessity of executing and performing the contract. However, if acting on behalf of a company or other legal entity, personal data is processed based on a legitimate interest in contracting with clients and suppliers. Personal data processed for this purpose will involve basic identity information such as name, e-mail address, postal address, telephone number, the company worked for, and function. Other personal data may also be processed depending on the contractual relationship.

When applying for a vacancy, personal data is collected and used to assess the application, defend in legal proceedings, and keep in recruitment reserve with consent. Personal data processed includes basic identity information, any personal data included in the application, information included in the resume and cover letter, information made publicly available on social media, and any other personal data included in the application.

Personal data is also processed to comply with legal obligations or comply with requests from law enforcement, judicial authorities, and data protection authorities. Personal data is also processed to inform a third party of a possible merger, acquisition, or demerger, even if the third party is located outside the EU, relying on a legitimate interest to engage in corporate transactions.

It is important to note that professional secrecy and confidentiality are paramount, and personal data will only be processed when allowed, given these confidentiality obligations.

With whom your personal data is shared?

In principle, your data will not be shared with anyone but people working for Oak Digial Consulting, as well as suppliers who help the company process your data. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following recipients will receive your personal data:

• you;
• governmental or judicial authorities insofar we are required to send them your personal data (e.g. tax authority, police or law enforcement).
• Oak Digital Consulting lawyers, staff and suppliers;
• your employer or business partners, but only when required given the purposes mentioned above (e.g. when your employer is a supplier or client from Oak Digital Consulting);

Your data is not sent outside the European Economic Area by the company  (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). Oak Digital Consulting will only transfer your personal data outside the EEA when you or your employer, as client or supplier, has establishments outside the EEA with which the company is required to interact. If a transfer takes place, the company will take adequate safeguards to protect your personal data when transferred (e.g. by putting in place standard contractual clauses as drafted by the European Commission).

How long does oak digital consulting keep your data?

Personal data is only processed for as long as needed to achieve the outlined purposes or until consent is withdrawn. Personal data will be de-identified when they are no longer necessary for the outlined purposes or when the retention period expires. However, if there is a legal or regulatory obligation or a judicial or administrative order that prevents them from de-identifying them.

All personal data collected through interactions with the website, social media, phone, e-mail and other digital communication channels will be kept for as long as required to communicate, and also to keep a historical archive of communications.

All personal data collected to send the newsletter will be kept for as long as subscribed to the mailing list or remain a client. 

All personal data collected when leaving a business card will be kept for as long as not requesting to erase it.

All persnal data collected in the context of a contractual relationship with you or the organisation you represent will be kept for the duration of the relationship and at least seven years after that.

All personal data collected in the context of an application will be kept for the duration of the process, and if services are engaged, for the duration of the contract and until 10 years after the contract has ended. 

If services are not engaged but interviewed, data will be retained for five years after the assessment process has closed. If consenting to be included in the recruitment reserve, data will be retained for five years after receiving it.

What does oak digital consulting do to keep your data safe?

As explained earlier, as a consulting company, the security and confidentiality of all data that the company processes are essential. Hence, we have ensured that all personal data processed are kept safe. These steps include processing only the personal data required for achieving the purposes we have communicated to you. We have also taken technical and organisational measures to secure our infrastructure, systems, applications, premises and processes.

Which rights do you have with regard to your personal data?

When personal data is collected and used, several rights may be exercised, as described below. Please be aware that proof of identity will be requested whenever a right is exercised to avoid data breaches from unauthorised individuals pretending to be someone else.

You have the right to access personal data and request information or a copy of personal data held about you. However, requests must specify the processing activities for which data access is sought. If the same request is made repeatedly and causes a nuisance, the requests may be refused, or an administrative fee may be charged.

 Data access may be refused or granted only partially if it would cause disproportionate harm to the rights and freedoms of others. You have the right to request the correction of personal data if it is incorrect, incomplete, or outdated. The context in which the data is used should be specified to allow swift and accurate assessment.

Consent may be withdrawn if it was previously given for data collection and use. Data may be requested to be deleted if it is no longer needed, the collection was illegitimate, or consent has been withdrawn. If the law, regulatory obligations or orders prohibit deletion, it may not be carried out.

The processing of personal data may be restricted during the assessment of requests for correction or objection to processing if processing was unlawful, but the restriction is preferred to deletion, or if the data is no longer needed but required for legal claims.

If personal data is processed based on legitimate interests and not consent, you have the right to object to the processing. For direct marketing, the request will be granted immediately, but for other interests, a balancing exercise will be conducted to assess your specific circumstances and the organisation’s interests before making a decision.

If personal data is collected based on consent or necessary for the execution or performance of an agreement, you have the right to obtain a copy in a structured, commonly used, and machine-readable format. This applies only to personal data provided by you.To exercise any of these rights, an email should be sent to admin@oakconsulting.co with the right being exercised clearly stated and specified. Reassure that a request for exercising a right will not be interpreted as consent for processing personal data beyond what is required for handling the request.