Privacy Policy

Who is the controller of personal data?

The controller of the personal data of our customer is OÜ Merko Kodud or another company belonging to AS Merko Ehitus group.

Who is the customer?

The customer who is the subject of the Privacy Policy is an individual (natural person) who has provided us with data, whose data has been transmitted to us or whose data we have collected, and whose data we process for the purposes and on the grounds set out in this Privacy Policy.

Which types of personal data do we process, and for what purpose?

Personal data can be collected in the following ways:

  • the customer submits their data (name, phone number, e-mail address and preferred language of communication) by contacting us by phone or e-mail or via the form on the website, to book an apartment or register their interest;
  • the customer submits the data necessary for entering into a notarised contract by e-mail or phone, or the customer’s representative submits such data;
  • the customer’s data is sent to us by a third party (e.g. broker);
  • through the use of the website by using cookies.

We use the aforementioned personal data for the following purposes:

  • if the customer registers as an interested party for a development project on our website or registers for or attends the open house days and other events organised by us, we process data about the customer’s name and contact details (phone and e-mail address) and about the customer’s preferences regarding the apartment ownership of interest (size, price);
  • if the customer concludes a contract with us, we process data about the customer’s name, personal identification code, contact details (address, phone and e-mail address) and marital status; we also process the respective data about the customer’s authorised representative (except marital status data);
  • if the customer attends our open house days or other events organised by us, we process the image of the customer (video and photo material);
  • if the customer stays on the territory of our development site, we process the image of the customer and other personal data and activities that are captured on the surveillance camera;
  • in order to perform a contract, including warranty work;
  • in order to file claims arising from a contract;
  • in order to contact the customer to request feedback on the quality of the service and send notifications about development projects and campaigns (including newsletters);
  • we use non-personal data to produce statistics.

What is the legal basis for processing customers’ personal data?

We process the personal data of our customers on the following bases:

  • performance of a contract – this includes taking the necessary measures at the request of the customer before concluding a contract, as well as entering into a contract with the customer and amending and/or performing the contract concluded;
  • compliance with a legal obligation – on this basis, we process data for the performance of obligations arising from legislation;
  • legitimate interest – on this basis, we process data for commercial purposes in balance with the interests and rights of the customer, e.g. our intent to conclude a contract with the customer, prepare a legal claim, maintain contact with the customer, request feedback on the quality of service; 
  • consent – on this basis, we process data if the customer has given their consent, e.g. for sending a newsletter for direct marketing purposes. The customer has the right to withdraw their consent at any time.

How long do we retain personal data?

We retain our customers’ personal data for as long as it is necessary to fulfil the purpose for which it was collected, to protect our interests, or for as long as required by applicable legislation.

If a customer has entered into a contract with us, we retain the customer’s personal data as follows:

  • according to the limitation periods provided for in the legislation of the Republic of Estonia, we retain personal data related to contractual claims for a maximum period of ten years from the moment the claim falls due;
  • according to the accounting and taxation laws of the Republic of Estonia, we retain information related to accounting documents for seven years from the end of the respective financial year.

If a customer has registered their interest in one of our development sites, we will retain the customer’s personal data for five years from the date of our last contact with the customer.

If a customer has attended our open house day or another event organised by us, the customer’s personal data will be retained for five years from the date of the respective open house day or event. We will retain the photographic and video material (except video surveillance recordings) captured for five years from the date of capturing the respective material.

We will retain the information obtained through cookies on our website in accordance with the Cookie Policy. The Cookie Policy is available here: https://merko.ee/kupsiste-poliitika/

What security measures do we use to protect the personal data of our customers?

In order to protect the personal data of our customers, we use appropriate and relevant technical and organisational security measures that help protect personal data and prevent access by unauthorised persons. Such security measures include, for example, training of the employees, two-factor authentication, and data encryption.

Access to the personal data to change and process the data is only granted to authorised persons.

Who do we share the customers’ personal data with?

We may transfer personal data to third parties only if there is a corresponding legal basis or in order to fulfil legal obligations.

In order to perform specific tasks (e.g. IT-services), we may also use processors of personal data. In this case, however, we have entered into a data processing agreement with the relevant processor, which ensures a high level of protection of personal data, including confidentiality, compliance of the processing with all legal requirements and best practices.

Merko generally does not transfer customer’s personal data outside the European Economic Area (EEA). However, if this is strictly necessary for the provision of the Services to the customer, we will only provide information to the minimum extent possible and only to recipients whose country of residence ensures an adequate level of protection of personal data and/or the corresponding level of protection can be achieved by applying appropriate safeguards (e.g. standard data protection clauses).

What are the customers’ rights?

A customer has the right to contact us at any time to obtain information about the processing of their personal data or to exercise their rights as a data subject. Questions and suggestions should be sent to merko@merko.ee or to Pärnu mnt 141, 11314 Tallinn.

Among other things, a customer has the following rights:

  • the right to know what personal data we process, and the right to request a copy of such data;
  • the right to request the rectification or erasure of personal data;
  • the right to object to the processing of personal data and to request the restriction of processing;
  • the right to object to the processing of personal data based on a legitimate interest and which we process for direct marketing purposes.

We reserve the right to change this Privacy Policy. The current policy is available at www.merko.ee. To file a complaint regarding the use of their data, the customer may contact the Estonian Data Protection Inspectorate.