Privacy Policy

Introduction

This document describes the principles underlying the handling and processing of personal data by Rapid Security OÜ. These are general principles that may be supplemented by specific terms set out in individual contracts.

Rapid Security adheres to Estonian and European Union laws and applicable contracts when processing personal data. Rapid Security processes personal data minimally, only to the extent necessary for providing services, marketing activities, compliance with laws, and fulfilling contracts related to the data subject.

Rapid Security will never process, store, disclose, or distribute information derived from security devices (Security Data) without the clear consent of the data subject. The only exception is situations where Rapid Security has a lawful obligation, such as legal demands from law enforcement agencies.

Terms:

Data Subject: An individual who can be identified based on data available to Rapid Security.
Data Processing: Operations performed with customer data, including collection, storage, analysis, use, and transmission.
Personal Data: Any information about an identified or identifiable natural person, the data subject.
Customer Data: Any information that Rapid Security can know about its customers.
Customer: Natural or legal person who purchases goods or services from Rapid Security.
Visitor: An individual who visits the Rapid Security website, social media accounts, etc.
Controller: Rapid Security or its employee who processes data in accordance with laws and the principles outlined herein.
Processor: Natural or legal person who, under law or contract, has the right and authority to process personal data on behalf of Rapid Security. This may include, for example, accounting service providers, support and sub-service providers (companies providing security guard services, marketing partners, legal advisors, etc.).

Personal data

Personal data is divided into primary data, service data, and security data.

Primary data: Name, date of birth, personal identification code, address, contact information, visitation data, etc. Service data: Address and details of the monitored object, service content, customer relationship and contract history, payment history, Primary data of the Customer’s contact person, data necessary for contract conclusion, etc. Security data: Data received from the Customer’s security equipment during the provision of the service, including data related to the use of security equipment, recordings from security equipment, and data related to alarms, such as alarm location, time, method of transmission.

Data processing

Objectives

Rapid Security processes personal data for the purpose of providing quality services, marketing and sales activities, and fulfilling business functions associated with service provision (accounting and billing, reporting, etc.). In cases required by law, Rapid Security also processes personal data to fulfill the requirements of state and local government authorities and individuals performing public duties.

Principles

Rapid Security processes data based on the laws of the Republic of Estonia and the European Union, good faith, and universally accepted business practices. Rapid Security processes personal data to the minimum extent necessary to achieve the objectives described above. Rapid Security ensures that authorized processors also process data to the minimum extent necessary.

Use in Marketing

Rapid Security may use primary data for sending newsletters and direct marketing materials. Rapid Security always provides the option to opt-out of such materials. Rapid Security also processes primary data for conducting campaigns, organizing customer and marketing events, and analyzing the behavior of customers and visitors on the Rapid Security website.

Rapid Security may use technologies on its website, social media pages, and other digital platforms, both its own and those of third parties, designed for analyzing web traffic and enhancing marketing activities (cookies, Google Analytics, Facebook Pixel, etc.).

Use in Marketing

Rapid Security uses primary data, service data, and personal data to ensure the quality of service provision.

Rapid Security may disclose service data to authorized processors (such as accounting or legal service providers) provided that their confidentiality is ensured.

Rapid Security is the controller of personal data, and Rapid Security transfers the personal data necessary for e-shop payments to the authorized processor Maksekeskus AS.

Rapid Security never discloses or transfers security data without the Customer’s consent. The exception is cases where Rapid Security has a legal obligation to transmit data.

In the case of technological surveillance, Rapid Security may, exceptionally and without consent, process and transmit to authorized processors the IP addresses and other technical data related to the Customer and service consumption if necessary to combat cyberattacks. Rapid Security processes and transmits data in such cases to the minimum extent necessary and informs the Customer about the transmission of data as soon as possible.

Disclosure and transmission

Rapid Security transmits personal data to the minimum extent and only for the purposes described in this document.

Whenever possible for achieving the purposes, data is provided to authorized processors or service providers in an anonymized form.

Rapid Security does not disclose, i.e., make identifiable personal data accessible to the public without the explicit consent of the customer, except in cases prescribed by law or contract.

Retention

“Rapid Security does not retain personal data longer than necessary to fulfill contractual obligations. For the purpose of fulfilling legal reporting obligations and for marketing purposes, such as making offers, Rapid Security retains personal data and customer data for two years after the termination of the customer relationship.”

Recording of calls

Rapid Security may record customer calls and calls received by the monitoring center for the purpose of quality control and improvement of services. In each such case, the customer is informed of the call recording.

Surveillance data

“Rapid Security’s private client devices do not continuously record video or audio on the monitored object. Only in case of an alarm, the private client surveillance devices record a short video clip, which is then transmitted to either the Client’s smartphone or to Rapid Security’s monitoring center, as per the contract. Surveillance data transmitted by private client devices, including photo and video material, is retained for investigative purposes for 12 months.

Security

Rapid Security makes all reasonable technical and administrative efforts to ensure the security of personal data and prevent their misuse, alteration, loss, or unauthorized access by third parties.

Rapid Security complies with the requirements of the Estonian Security Act and other requirements arising from Estonian and European Union legislation regarding data security.

Personal data is stored on a virtual server located in a Member State of the European Union or in countries within the European Economic Area. Data may be transferred to countries whose data protection level has been assessed as adequate by the European Commission and to US companies adhering to the Privacy Shield framework. Access to personal data is limited to the website’s employees who need to access the data in order to address technical issues related to the use of the website and to provide customer support services. The online store implements appropriate physical, organizational, and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure. The transmission of personal data to the online store’s authorized processors (such as leasing service providers and data hosting) is based on contracts concluded between the website and authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.

 

Rights of the data subject

The customer or data subject has the following rights:

To receive information about the processing of their personal data by Rapid Security and authorized processors.

To access and obtain a copy of their personal data.

To request the correction, cessation, or deletion of their personal data. If the cessation or deletion of personal data, for which Rapid Security has a lawful and contractual right to process, at the request of the customer, makes it impossible to provide the service in the form specified in the customer contract, the contractual terms governing the termination of the contract by the customer shall apply. Deletion of personal data cannot be requested in situations or to the extent where Rapid Security has the right or obligation to process personal data (e.g., for reporting, billing, legal obligations, etc.).

To prohibit the use of their contact information for sending offers.

The data subject may submit a request to exercise their rights to info@rapidsecurity.eu. Rapid Security will respond to the request within a reasonable period, but no later than one month from the date of receipt of the request. Rapid Security may extend the deadline for valid reasons, notifying the customer accordingly.”