Hengineering OÜ
Privacy Policy
For use of data and processing
**1. TERMS **
1.1 Data is any data that allow the identification of a person, any data that the person has
disclosed to Hengineering OÜ (hereinafter Hengineering) or the person’s or other person’s data
that are in the possession of Hengineering, including Personal data. Data may include
identification and categorization, concerning contact information, service contracts and other
transactions, habits and preferences reflecting and data collected under the law or data that is
collected under the procedure for use of data and data processing.

1.2. Personal data is any information relating to an identified or identifiable natural person
(„data subject“). Personal data is the name of a physical person and the person ́s identification
(name, date of birth), contact information (address, e-mail, telephone number) and other
personal information that has become known to the Hengineering in relation to the provision
and performance of the service.

1.3. Processing of personal data is any operation performed on personal data, including the
collection, organization, storage, alteration, disclosure, granting access to personal data,
consultation and retrieval, use of personal data, communication, cross-usage, combination,
closure, erasure or destruction of personal data or several of the aforementioned operations,
regardless of the manner in which the operations are carried out or the means used.

1.4. Restriction of processing is the marking of stored personal data with the aim of limiting
their processing in the future.

1.5. Controller is the natural or legal person, public authority, agency or other body which,
alone or jointly with others, determines the purposes and means of the processing of personal
data.

1.6. Processor is a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the Controller.

1.7. A data subject is a person whose personal data is processed.

1.8. A third person is a natural or legal person, public authority, agency or body other than the
Data subject, Controller, Processor and persons who, under the direct authority of the
Controller or Processor, are authorized to process personal data.

**2. Processing of personal data with the consent of data subject**

2.1. Personal data shall be processed with the consent of the data subject in accordance with
the Personal Data Protection Act of the Republic of Estonia and the EU General Data Protection
Regulation (GDPR) Article 6, unless otherwise provided by the applicable law.

2.2. The data subject shall be entitled to take the consent back at any time, informing the
Controller by e-mail to info@hengineering.co, whereas the Controller shall terminate the
processing of personal data of the data subject as soon as possible.

2.3. The data subject gives a clear consent to the Controller to process its personal data in
accordance with the principles and purpose of this procedure. The consent with the information

about the principles and purposes of processing personal data is given by the data subject
separately on the Hengineering website or any other information system provided to the use of
the data subject by Hengineering.

2.4. Hengineering processes the data as a Controller and the Processors are any legal person
providing services to Hengineering.
**3. Principles and purpose of processing personal data**

3.1. The purposes of processing personal data are:
3.1.1. Identification of the person;
3.1.2. In order to comply with the obligations taken and offering services in front of the person;
3.1.3. In order to improve services;
3.1.4. Asking for feedback;
3.1.5. Fulfillment of the obligations provided by law or implementation of the permitted uses
of the law.

3.2. Controller nor the Processor shall not transfer, rent or otherwise give personal data to third
parties, unless clearly requested so by the person.

3.3. When processing personal data, the Controller and the Processor will follow the principles
in the Personal Data Protection Act of the Republic of Estonia and the EU General Data
Protection Regulation, including the principle of minimal processing.

3.4. Hengineering works with third persons to whom Hengineering shall be also forwarding
data, including Personal Data, in the context of and for the purposes of cooperation. Such
persons may be accounting firms, audit firms, IT-partners or providers of postal services, etc.
authorities and organizations with which Hengineering cooperates, provided the Hengineering
authorizes its use of data to the minimum extent necessary; ensuring that data security is at
least the same level as of Hengineering itself.

**4. The obligations of Hengineering**

4.1. Hengineering will process the data only according to the law.

4.2. Hengineering ensures the protection of personal data through taking all kinds of
organizational, physical and IT security measures and through strict confidentiality and
security rules. Hengineering confirms that all necessary measures have been taken to protect
personal data. The processing of personal data is limited to the minimum required for the
purposes of the processing of personal data.

4.3. Hengineering is liable for compliance with the requirements of the Personal Data
Protection Act of the Republic of Estonia and the EU General Data Protection Regulation.