GDPR Compliance
GDPR Compliance
Flexpoint Solutions OÜ
1. Introduction
Flexpoint Solutions OÜ complies with the General Data Protection Regulation (EU 2016/679) and applicable Estonian legislation. This statement describes how we ensure compliance when providing our multilingual support and back-office services.
2. Roles
Flexpoint Solutions generally acts as a Data Processor on behalf of clients.
The client remains the Data Controller.
For its own company data, Flexpoint Solutions is the Data Controller.
3. Legal Basis
We process data on the basis of: contract performance, legal obligation, legitimate interest, and, where necessary, consent.
4. Principles
We follow the GDPR principles: lawfulness, purpose limitation, data minimization, accuracy, storage limitation, and confidentiality.
5. Data Subject Rights
We assist clients in complying with data subject rights: access, rectification, erasure, restriction, portability, and objection.
6. Security
We implement appropriate measures: access management, encryption, confidentiality, logging, and regular audits.
7. Sub-Processors
We use trusted sub-processors (e.g., cloud hosting, communication tools). GDPR-compliant agreements are in place with all sub-processors.
8. International Data Transfers
Personal data is processed within the EEA where possible. If transfers occur outside the EEA, we use Standard Contractual Clauses or equivalent safeguards.
9. Retention Period
Data is not retained longer than necessary for service delivery or legal obligations.
10. Data Breaches
In the event of a data breach, we will notify the client without undue delay and provide the information required for reporting to the supervisory authority.
11. Contact
Flexpoint Solutions OÜ
Tuukri tn 19-202, Kesklinna linnaosa
Tallinn, Harju maakond, 10120, Estonia
Email: legal@flexpointsolutions.eu
Registration code: 17339990
VAT number: EE102908327
Supervisory Authority: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI)
Website: https://www.aki.ee/en