General Terms of Remato Site Management System
Effective from November 12, 2024
Welcome to the Remato Site Management (hereinafter also referred to as Remato SM) platform. These General Terms define the conditions under which our site management platform and services can be used. Please review the General Terms carefully. If you do not agree with the General Terms, you will not be able to use our site management platform and services.
Summary of the General Terms:
- Remato SM is a software service (software-as-a-service or SaaS), primarily intended for construction companies acting as main contractors, who are required to electronically register the data of people entering and leaving the construction site, as well as the duration of their stay there, and submit this information via the Work Chain and Work Duration Information System (TTKI) in accordance with applicable legislation, and to store the aforementioned information.
- In addition, the site management platform can be used to obtain a real-time overview of the work chain, manage guest cards, manage work safety documents, approvals, equipment, and non-compliance with safety requirements, create GPS functions and virtual perimeters via the app for both regular sites and linear construction projects, collect data, fulfill the obligation to submit this data to the tax authority, and access site security cameras and their recordings.
- Remato will make all reasonable efforts to ensure that the Service is available 24 hours a day, 7 days a week (i.e., regardless of the device, location, or weather).
Term | Definition |
Administrator User | A user account created by Remato for the Client, through which the Services can be used, and the data related to the Client can be managed, entered, and modified. The Administrator User can create accounts for Regular Users and define the extent of Regular User permissions for using the Services. |
User | An Administrator User or Regular User. |
General Terms | These terms, which together with the appendices form the Agreement between the Service Provider and the Client. |
Client | A legal entity that registers as a user of the Service via the Platform or to whom Remato creates and provides access to use the Service. The Client is also referred to as "you" in the General Terms. |
Account | A complete set of Client data in the Service, to which specific Users have or had access through personal and varying levels of user accounts. |
Code | The source code of the Platform software, algorithms, technically useful models, and design patterns. |
Agreement | These General Terms and appendices, which together form a legally binding agreement between the Service Provider and the Client for using the Service. |
Platform | The Remato site management service web platform at app.sm.remato.com and its subdomains, including iOS/Android apps, APIs, and other possible hardware and software components that constitute the technical manifestation of Remato SM as a service, along with the existing documentation, updates, and other connected components intended for the distribution, use, and/or administration of the Service. The list of data imported into, displayed on, and submitted from the Platform to TTKI (hereinafter Site Data) is provided in Appendix No. 1 of the General Terms. |
Regular User | A natural person (Client’s employee or another person fulfilling the Client’s mandate) designated by the Client’s Administrator User, authorized by the Client to manage, enter, and modify data and access rights related to the Client in connection with the use of the Service, and for whom a personal user account has been created for this purpose. |
Service | The software service named Remato SM (SaaS), which primarily offers solutions to construction companies acting as main contractors for the electronic registration, management, submission, and storage of data to TTKI in accordance with the law. The Service is intended for use in economic and professional activities. Remato may offer the Client different parts of the Platform and Service. |
Service Provider | Remato Solutions OÜ, registration code: 14536402; address: Paju 2, Tartu 50603, Estonia; email: info@remato.com. The Service Provider is also referred to in the General Terms as "Remato" or "we". |
Site | A construction site, i.e., any land or water area where construction work is carried out, where one Site may include several construction sites, objects, or areas where construction work is performed. |
Employee | A natural person subcontractor of the Client or another person authorized by the Client to record or enter Site entries and exits (working hours) via the Platform app or other solutions, view and, if authorized, modify working hour data, and for whom a personal user account has been created for this purpose. Also, the Client’s guest or other person present at the site, whom the Client has authorized to access the Site, but for whom no user account is created. |
1. Use of the Service, Agreement Formation, Modification, and Termination
1.1. The use of the Service requires the Client's full and unconditional acceptance of the General Terms when creating an Account. By creating an Account, the Agreement between Remato and the Client is considered concluded.
1.2. To use the Service, the Client must create an Account via the Platform by following the instructions provided on the Platform. During the initial Account creation, an Administrator User account with rights is created for the Client.
1.3. During the creation of the Account and while using the Service, the Client can choose which parts of the Service the Client wishes to use. The descriptions of the Service parts and the functionalities offered by Remato are described on the Platform.
1.4. Through the Administrator User Account, the Client can authorize their employees or other persons working on their behalf to use the Service by creating a Regular User account for each respective person, following the instructions provided on the Platform. The personal user account for the Employee is created in Remato SM by entering the Employee’s contact information (primarily phone number) by the User or another authorized person. The Client is responsible for ensuring that all Users associated with them use the Services and the Platform in accordance with the General Terms.
1.5. Remato has the right to access the Client’s Account and User accounts without prior consent from the Client to provide user support, perform troubleshooting, conduct maintenance and development work, and perform similar actions. Such accesses are logged, and the Client has the right to review the logs.
1.6. Remato has the right to change the General Terms by notifying the Client electronically, via the Platform, at least 30 days in advance. Remato primarily changes the General Terms if the need for change is due to our enhancement of Services and/or development of new functionalities; changes in the scope or nature of the Platform; changes in the costs, risks, and/or obligations associated with managing the Platform and providing services; if the purpose of the change is to better clarify the rights and obligations of the Parties related to the use of the Services and the Platform; and/or if Remato has other objective reasons for changing the General Terms. If the Client does not agree with the changes, the Client has the right to terminate the Agreement. If the Client does not terminate the Agreement within 30 days from notification, it is considered that the Client agrees with the changes.
1.7. To use the Service, the legal entity on behalf of which the Account is created must be legally capable, primarily properly registered in the commercial register or a similar register in a foreign country. If you enter into the Agreement on behalf of a legal entity, such as your employer or a business entity to which you provide services, you confirm and must be ready to prove that you have all the rights to represent the legal entity in connection with entering into the Agreement.
1.8. Before activating an Account created for a legal entity, Remato has the right, but not the obligation, to verify the background and relevant information of the legal entity from public databases and the right to refuse activation of the Account if Remato has doubts about the reliability of the legal entity.
1.9. The Agreement is concluded for one (1) year. If the Client does not notify at least 30 days before the term of the Agreement expires of the desire to terminate the contract, it will automatically renew for one (1) year at the end of each contract term.
1.10. The Client has the right to terminate the Agreement at any time ordinarily, by notifying Remato in a form that allows for written reproduction at least 30 days in advance.
1.11. Remato has the right to terminate the Agreement at any time ordinarily, by notifying the Client in a form that allows for written reproduction at least 30 days in advance.
1.12. Termination of the Agreement does not release the Client from the obligation to pay for the Services already used or from other similar obligations to Remato.
1.13. After the completion of construction work on the Site, Remato will retain the following Site Data related to the Client's respective Site: the summarized time spent by each person on the construction site and, up to three times a week in an anonymized form, the entry and exit times of each person from the construction site to the second. This data is retained for an additional 4 months for the purpose of fulfilling the main contractor's data retention obligation set by law, after which Remato has the right to completely and irreversibly delete it.
1.14. After termination of the Agreement, Remato will retain any other data related to the Client not specified in point 1.13 for up to 6 months, after which Remato has the right to completely and irreversibly delete it.
1.15. The Client has the justified interest, under a separate agreement and for an additional fee, to retain the Site Data in the Remato SM system after the deadlines specified in points 1.13 and 1.14 have expired. Under a separate agreement and for an additional fee, the Client can also gain access to the data or obtain a set of data in their possession after the completion of construction work on the Site and termination of the Agreement.
2. Data Protection and Personal Data Processing Principles
2.1. When acting as a data controller, i.e., when collecting and processing the personal data of its Clients (e.g., the name and email address of the Client's representative to create an Administrator User account, processing personal data for the purpose of providing Service support), Remato processes personal data under the terms set out in its privacy notice.
2.2. When using the Service, the Client is considered the data controller for personal data uploaded, entered, created, or otherwise made available through the Platform, and Remato is considered the data processor for such personal data, processing it according to the data processing agreement with the Client, which is part of the General Terms in Appendix No. 2 and forms an integral part of the Agreement.
3. Maintenance, Development Work, and Updates
3.1. Remato has the right to carry out maintenance, development work, and updates on the Service or Platform. Whenever possible, Remato will conduct scheduled maintenance and development work, which may cause interruptions in the operation of the Platform, outside working hours (on weekdays between 20:00-06:00 and on holidays).
3.2. Remato will notify the Client at least 24 hours in advance of any scheduled maintenance or development work that may cause interruptions in the operation of the Platform, except in the case of emergency maintenance and development work, where notification is not reasonably possible, or where prior notification delay could jeopardize the operation of the Platform and/or the security and/or integrity of the data processed through it.
3.3. Remato has the right to make updates to the Service and Platform at a time of its choosing, without prior notification.
3.4. Temporary interruption of the use of the Service and Platform due to maintenance or development work does not constitute a breach of the Agreement by Remato, and the Client does not have any claims against Remato arising from the temporary interruption of the use of the Service or Platform during maintenance or development work.
3.5. Remato will notify the Client as soon as possible of any interruptions in the operation of the Platform that are not caused by Remato but are detectable by Remato.
4. Payment for Services
4.1. The amount of the fee depends on which part or parts of the Service the Client has ordered through the Platform. Remato may change the parts and packages of the Services offered and their prices from time to time. The current overview of the offered Services, their parts, and prices is always provided on Remato's website.
4.2. If the Client and the Service Provider have not agreed on a different price (custom package), the applicable fee for the Client will be calculated according to the price list published on Remato's website. The valid price list is available in the "Price List" submenu on Remato's website Remato.ee. Remato has the right to change the prices of Services and their parts (including training, rental, and challenge fees) at any time, notifying at least 30 days in advance.
4.3. Payment of the fee is made monthly based on the invoice provided by Remato to the Client, with a payment term of 14 days from the date of the invoice. In the case of delayed payment, Remato has the right to charge the Client a late fee of 0.2% of the delayed amount for each day of delay.
4.4. If the Client refuses to pay the fee, Remato has the right to terminate the Agreement without notice.
4.5. Remato has the right to terminate the Agreement due to the Client's debt or partially or completely restrict the Client's and Users' access to the Service (i.e., cease data processing, submission to TTKI, and storage) on the working day following the reminder notice sent by Remato to the Client, if the Client does not settle the debt on that day.
5. Remato's Obligations
5.1. Remato undertakes to submit to the tax authority on behalf of the Client:
5.1.1. once a day, the summarized time spent by each Employee on the construction site the previous day, and up to three times a week in anonymized form, the entry and exit times of each person from the construction site to the second (data on persons who were present on the site in connection with work tasks and visitors to the construction site who do not perform construction work are submitted in anonymized form);
5.1.2. to retain the submitted data during construction work and for four (4) months after the completion of construction work.
5.2. Remato will train the Client's Users on the initial implementation of Remato SM and ensure the Client's access to training materials and other user manuals. If necessary and upon the Client's call, Remato will send its representative to the Client's Site at the Client's expense to perform technical consultation or work related to the Platform.
5.3. Remato will make reasonable efforts to make ordinary Service support available to the Client on working days from 09:00-17:00 and to respond to Client inquiries submitted to Remato's user support contact support@remato.com no later than the next working day.
6. Client and User Obligations
6.1. The Client confirms that they will use the Service only for lawful purposes and in lawful ways.
6.2. The Client is solely and fully responsible for the data entered (including the accuracy of the data) and the actions performed on the Accounts associated with them.
6.3. The Client confirms that they are fully and solely responsible for their Administrator User and Regular Users who have been granted access to the Service.
6.4. The Client and Users are obliged to keep the security elements that allow access to the Service confidential.
6.5. The Client and Users are obliged to notify Remato immediately if there is suspicion that the security elements (including technical means used to access the Platform, User accounts, or associated email accounts or phone numbers, etc.) have fallen into the hands of third parties, or if their User data has leaked.
6.6. The Client and Users are obliged to notify Remato as soon as possible if the interruption in the use of the Service is due to local problems related to the Site ( e.g., interruption of connections provided by the Client, damage to or destruction of physical devices, etc.).
6.7. The Client is obliged to regularly check the transmission of data to TTKI via the Platform, including the accuracy and timeliness of the transmitted data, and to notify Remato immediately of any issues related to data transmission.
6.8. The Client is obliged to process the personal data created, transmitted, and stored in Remato systems in accordance with applicable data protection legislation and the data processing agreement, and to ensure the corresponding processing by their Users.
6.9. The Client and User are prohibited from:
6.9.1. Decompiling the software underlying the Service, except to the extent permitted by applicable law, accessing or attempting to access the source code of the Service, or engaging in or attempting to engage in similar activities to reduce the Code to a comprehensible and readable form;
6.9.2. Sending automated software queries to the Platform.
7. Liability
7.1. Remato offers the Service, Platform, its content, and/or functions on an "as is" and "as available" basis without express or implied warranties.
7.2. In particular, Remato does not confirm or guarantee that: (i) the Client's use of the Service/Platform will meet the client's expectations; (ii) the Service/Platform is compatible with any and all hardware and software used by the Client; (iii) the Client will be able to use the Service/Platform uninterrupted, timely, and available at any moment and in any place; (iv) the Service/Platform is secure and error-free, free from viruses, interruptions, protected from hacking, and other security-threatening intrusions.
7.3. The Client has the right to consume the Services personally through the Administrator User Account or allow other persons to do so through Regular User Accounts. In any case, the Client remains responsible to Remato for the proper fulfillment of the obligations arising from the Agreement. The Client is responsible for ensuring that all Users use the Services and the Platform in accordance with the General Terms. The Client uses the Service at their own risk. Remato is not responsible for any damages or consequences caused to the Client's end clients or partners.
7.4. Neither Remato nor the Client is responsible for delays or damages resulting from an obstacle beyond the reasonable control of the parties, which could not have been reasonably foreseen at the time of entering into the Agreement and whose consequences could not have been reasonably avoided or overcome ("force majeure"). Such delays or damages include, among other things, problems, errors, and interruptions in third-party software and hardware, as well as denial-of-service attacks, security breaches, and other similar circumstances.
7.5. Remato is liable for breach of the Agreement only if the breach is due to Remato's intent or gross negligence. Remato is liable for direct material damage caused to the Client due to breach of the Agreement intentionally or due to gross negligence. Remato is not liable for the Client's lost profits and non-material damage. Remato's liability to the Client in connection with the use of the Service and Platform is limited to an amount corresponding to the fees actually paid by the Client to Remato for the Service over the previous six (6) months (excluding VAT). This limitation applies whether the liability arises from the Agreement or a non-contractual relationship, regardless of the principles of liability.
7.6. Remato is not responsible to the Client or third parties for the consequences of the Client's use of the Services and related activities.
8. Intellectual Property
8.1. The Platform and all its content, intellectual property rights belong to Remato. Including, but not limited to, the Platform's design, graphic solution, images, text, code, domain names, copyrights, business names, trademarks, and other intellectual property, which the Client is granted the right to use in the course of using the Service (except for data entered by the Client).
8.2. Upon the entry into force of the Agreement, Remato grants the Client and the persons authorized by the Client to use the Service a limited, non-exclusive, non-transferable, and non-sublicensable license to use the content provided through the Service and Platform or other means only in a manner necessary for the intended use of the Service by the Client (and only the Client) and only for the duration of the Agreement.
8.3. If the User submits works protected by copyright or other intellectual property rights to the Platform (e.g., photos, feedback, etc.), the Client grants Remato a free simple license for the exercise of the proprietary rights associated with these works, including the right for Remato to use the works submitted by the User in any way, to allow and prohibit their use on the Platform, reproduce, distribute, translate, adapt, include works in collections or databases, and transmit them to the public. The Client undertakes to ensure that the use of the Platform does not violate any third-party copyrights or other intellectual property rights.
8.4. The Client is prohibited from reproducing, distributing, translating, modifying, processing, creating derivative works from, publicly presenting, replaying, publicly displaying, transmitting, making available to the public, transferring, selling, licensing, etc., the intellectual property of the Platform in any way, unless the Service Provider has given prior written consent or if the law provides otherwise.
8.5. By adding and saving their data to the Platform, the Client and/or User do not become co-authors of the Platform owned by the Service Provider.
9. Confidentiality
9.1. The Client and Remato agree to keep the information obtained and created during the course of the Agreement confidential. The confidentiality obligation does not apply to the extent that the Client or Remato is required to disclose information for the fulfillment of obligations imposed by laws or arising under them, or to the extent that the Client or Remato disclose data to accountants, auditors, financial institutions, lawyers, and other similar professional service providers who are obliged to keep the respective information confidential.
9.2. The confidentiality obligation applies during the term of the Agreement and for 5 years after the end of the Agreement.
10. Governing Law and Jurisdiction
10.1. The Agreement is governed by Estonian law.
10.2. Disputes, conflicts, and claims related to the Agreement will primarily be resolved through negotiations. If no agreement is reached, disputes will be resolved in Estonian courts (the court of first instance is Harju County Court).
11. Final Provisions
11.1. If any provision of the Agreement is deemed void, unenforceable, or illegal in whole or in part for any reason, that provision shall be applied to the greatest extent possible, taking into account the intent of Remato and the Client. The invalidity or unenforceability of the remaining terms or provisions will not be affected by the void provision.
11.2. All notifications between the parties regarding the Agreement shall be sent to the other party at least in a form that allows written reproduction via email.
11.3. Remato delivers various devices and solutions to Clients that assist in using the Service, which is an independent product/service, and the delivery terms are agreed upon separately between Remato and the Client at least in a form that allows written reproduction via email, and the Agreement does not apply to them.
Appendices to the General Terms:
1. Site Data
2. Data Processing Agreement
APPENDIX 1 TO THE GENERAL TERMS – SITE DATA
The following data fields are transferred from TTKI to the Remato SM system and, depending on the functionality and user rights, are also visible to the end user.
Name of data field in TTKI | Type of field in TTKI |
OBJECT | |
Object name | mandatory |
Object address | mandatory |
Cadastral number | mandatory |
Construction notice or start of construction notice number | mandatory |
EHR / TarkTee code | mandatory |
Type of work | optional |
Estimated cost | optional |
Start date of construction | mandatory |
Estimated end date of construction | mandatory |
Actual end date of construction | optional |
MAIN CONTRACTOR | |
Company or person's name | mandatory |
Company registration code or personal identification code | mandatory |
Registration code | mandatory |
Main contractor's address | mandatory |
VAT number | optional |
MAIN CONTRACTOR'S REPRESENTATIVE | |
Personal identification code | mandatory |
First name | mandatory |
Last name | mandatory |
Contact person's role | mandatory |
Phone number | optional |
Email address | optional |
CLIENT | |
Country of registration | mandatory |
Personal identification code / Registration code | mandatory |
Client name | mandatory |
Address | optional |
VAT number | optional |
Work chain (yes/no) | optional |
OWNER'S SUPERVISION | |
Country of registration | mandatory |
Personal identification code / Registration code | mandatory |
Name of the owner's supervision provider | mandatory |
Work chain (yes/no) | optional |
Responsibility area | mandatory |
Address | optional |
VAT number | optional |
ASSOCIATED SITE REGISTRATION SYSTEMS | |
Site name | mandatory |
Part of the site since (date) | mandatory |
Allowed types of registration systems (standard card, etc.) | mandatory |
Registration system code | mandatory |
SUBCONTRACTOR | |
Country of registration | mandatory |
Personal identification code / Registration code | mandatory |
Client name | mandatory |
Address | optional |
VAT number | optional |
Type of work | optional |
SUBCONTRACTOR'S REPRESENTATIVE | |
Personal identification code | mandatory |
First name | mandatory |
Last name | mandatory |
Contact person's role | mandatory |
Phone number | optional |
Email address | optional |
DOCUMENTS | |
Document name | mandatory |
Document short description | optional |
COMPANY EMPLOYEES | |
Name | mandatory |
Personal identification code | mandatory |
Employer | mandatory |
Employer registration code | mandatory |
Type of registration means (standard card or other) | mandatory |
Registration means number | mandatory |
Visited the site (yes/no) | mandatory |
External employee (posted worker / rental worker) | mandatory |
Source (TÖR, manually added) | mandatory |
Access to the site (allowed/not allowed) | mandatory |
APPENDIX 2 TO THE GENERAL TERMS – DATA PROCESSING AGREEMENT
This data processing agreement is concluded between Remato Solutions OÜ (Remato) and the Client, forms an integral part of the Agreement (hereinafter referred to in this data processing agreement as the Service Agreement), and constitutes a data processing agreement between the Client as the data controller and Remato as the data processor under Article 28 of the GDPR (the Client and Remato hereinafter collectively referred to in this data processing agreement as the Parties and each separately also as the Party).
Considering that:
1. The terms used in this data processing agreement with capitalized letters have the meaning given to them in the General Terms unless otherwise provided in the data processing agreement itself;
2. GDPR means the General Data Protection Regulation (EU) 2016/679, applicable from May 25, 2018;
3. When using the Service, the Client is considered the data controller for personal data uploaded, entered, created, or otherwise made available through the Platform, and Remato is considered the data processor for such personal data, processing it according to the terms of this data processing agreement;
the Parties have agreed as follows:
1. The Parties confirm that they are obliged to comply with the obligations arising from the GDPR and other applicable data protection legislation (Remato's obligations as a data processor and the Client's obligations as a data controller) regarding the personal data processed on the Platform and/or during the use of the Service.
2. The Client confirms that they have the appropriate legal basis for processing personal data on the Platform and/or in the Service, they have informed the data subjects of the respective processing, and they have the right to authorize Remato to process personal data in accordance with the Service Agreement and the terms set forth in this data processing agreement.
3. Remato confirms that it undertakes to process personal data as a data processor in accordance with this data processing agreement, the Service Agreement, the GDPR, and other applicable data protection legislation.
4. The Client confirms that Remato may use personal data in aggregated or anonymous form for internal analysis to improve the quality of the Services and to develop the Service by adding functionality, new features, etc. The Client also confirms that Remato may store and use different technologies, such as web cookies, web beacons, etc., on the Client's and its authorized persons' devices to collect the aforementioned data for the Platform/Service. Automatically collected data may include the following: IP addresses (to determine the user's location), information about browsers and the user's device, browsing activity on different Platform sites, pages, or other content viewed or interacted with by the user, and the dates and times of service visits, access, or usage.
5. This data processing agreement is a data processing agreement between the Client as the data controller and Rem ato as the data processor under Article 28 of the GDPR. The Client instructs Remato to process personal data in accordance with the terms of the data processing agreement.
6. When processing personal data, Remato undertakes to:
6.1. process personal data only for the provision of Services based on the Service Agreement and to the extent necessary for the provision of Services, or otherwise in accordance with the Client's instructions, given in at least a form that allows written reproduction;
6.2. inform the Client if, in Remato's opinion, the execution of the Client's instructions could lead to a breach of this data processing agreement or GDPR requirements;
6.3. implement the technical and organizational measures specified in Appendix 1 to the data processing agreement to protect personal data from unauthorized or unlawful processing and accidental or unlawful loss, destruction, damage, alteration, or disclosure;
6.4. forward all requests or inquiries related to the personal data of data subjects (e.g., Client's employees, subcontractors' employees working on the Site, etc.) (e.g., requests for access to personal data, correction of personal data, etc.) to the Client without responding to them substantively; and considering the nature of personal data processing, undertake to assist the Client as the data controller as much as possible by implementing appropriate technical and organizational measures to fulfill the Client's obligation to respond to requests to exercise data subject rights under Chapter III of the GDPR;
6.5. keep personal data confidential and not disclose it to third parties unless disclosure to certain third parties is permitted under the Service Agreement or this data processing agreement (e.g., TTKI, Tax and Customs Board, subcontractors);
6.6. ensure that all Remato employees involved in providing Services to the Client have undertaken to keep personal data confidential;
6.7. ensure that personal data is transmitted outside the EU only in accordance with the conditions set forth in Chapter V of the GDPR and only with the prior consent of the Client, given in at least a form that allows written reproduction;
6.8. make available the information reasonably required by the Client to demonstrate compliance with the obligations of the data controller and data processor under Article 28 of the GDPR;
6.9. allow the Client or their authorized professional advisor to conduct audits related to personal data processing and protection once a calendar year and assist in carrying out these audits;
6.10. immediately notify the Client of any data protection incidents and take all necessary measures to eliminate/mitigate the consequences of the data protection incident, unless the Client has given different instructions;
6.11. assist the Client in fulfilling the obligations set forth in Articles 32–36 of the GDPR, taking into account the method of personal data processing and the information available to Remato;
6.12. delete or anonymize all personal data at the end of the data processing agreement or upon the Client's request, except where EU or Estonian laws require data retention. If Remato has used other data processors for personal data processing, Remato will require them to take corresponding actions.
7. The Parties also agree as follows:
7.1. Duration of personal data processing – The duration of personal data processing is the time during which the Services are provided to the Client under the Service Agreement;
7.2. Data subjects – Processed personal data may include the following categories of data subjects: Client's employees/representatives authorized to use the Platform/Service, Client's subcontractors' employees/representatives, persons authorized to access the Site, or other persons listed in Appendix 1 to the General Terms (Site Data), which the Parties may update from time to time;
7.3. Categories of personal data – Processed personal data may include the following categories: first and last name, email address, personal identification code, information on entry and exit times from the Site, information on User roles/permissions, and other circumstances as listed in the Site Data;
7.4. Processing operations and purpose – Personal data is processed for the purpose of electronically registering the data of persons entering and leaving the Client's Site, and the duration of their stay there, and submitting it to TTKI in accordance with applicable legislation; at the Client's choice, also for obtaining a real-time overview of the specific Site work chain, managing guest cards, managing work safety instructions, fulfilling legal obligations related to linear construction projects via the app, accessing Site security cameras and their recordings, i.e., for providing Services to the Client to the extent agreed upon with them.
8. By agreeing to the terms of this data processing agreement, the Client grants Remato a general authorization (within the meaning of Article 28(2) of the GDPR) to engage subcontractors for the provision of Services and the processing of personal data as necessary for this purpose. Remato will notify the Client via email of any proposed changes regarding the addition or replacement of subcontractors, thereby giving the Client the opportunity to object to such changes. The Client must notify Remato of objections to the new subcontractor within 7 days of receiving the respective notice from Remato via email. If the Client objects to a new subcontractor as described in the previous sentence, Remato will make reasonable efforts to make the Service available to the Client in a manner that avoids the processing of personal data by the new subcontractor to whom the objection was raised, without unduly burdening the Client. If Remato is unable to make such a change within a reasonable time, not exceeding 30 days, the Client may unilaterally terminate the Service Agreement.
9. The authorized processors that Remato currently uses for the provision of Services, including personal data processing, and to which the Client agrees are:
Bunny.net (Slovenia) – CDN service;
- Datadog (United States, data stored in Europe) – monitoring and session recording management service;
- DigitalOcean (United States, data stored in the Netherlands) – web hosting service;
- Fireworks AI (United States) - AI service;
- Flatfile (United States) – data import service;
- Google Analytics (United States) – web analytics service;
- Google Firebase (United States) – mobile app analytics service;
- Google Vertex (United States, data is stored in Finland) - AI service;
- HelpCrunch (United States) – client communication service;
- ImageKit (United States, data stored in Germany) – image delivery and storage service;
- Mailchimp (United States) – marketing service;
- Merit (Estonia) – accounting software service;
- Messente (Estonia) – SMS sending service;
- Mixpanel (United States) – business analytics service;
- Pilvio (Estonia) – data storage service;
- Pipedrive (Estonia) – sales management software service;
- Postmark (United States) – email sending service;
- Stripe (Ireland) – financial service;
- SuperTokens (United States, data stored in Ireland) – authentication service;
- Trello (United States) – workflow mapping service;
Some of our subcontractors may be located outside the European Union, but any data transfers are always covered by the necessary data protection mechanisms (e.g., standard contractual clauses established by the European Commission).
10. If Remato uses another data processor for personal data processing operations, it will do so only under a written contract with such a person, whereby the other data processor undertakes to comply with data protection conditions equivalent to those set forth in this data processing agreement. In any case, Remato remains responsible for the proper fulfillment of obligations related to personal data processing and protection by its representatives, employees, and subcontractors.
11. Notwithstanding anything set forth in this data processing agreement, Remato may disclose personal data to the extent required by applicable laws. In such a case, Remato will make reasonable efforts to notify the Client of such data disclosure in advance (to the extent permitted by law). If the Client wishes to contest the obligation to disclose personal data, they will provide reasonable assistance to Remato at their own expense.
12. The data processing agreement terminates upon the termination of the Service Agreement.
13. For matters not regulated in this data processing agreement, such as applicable law, dispute resolution, liability, etc., the terms of the Service Agreement apply.
Appendices to the Data Processing Agreement:
1. Technical and Organizational Measures
Appendix 1 to the Data Processing Agreement – Technical and Organizational Measures
Security Measures | |
1.1. | Access control to premises and facilities (physical). The following technical and organizational measures are established for access control to premises and facilities: |
- Access system, card reader (e.g., magnetic card), numeric code
- Management of key or keychain documentation
- Door protection (electronic door openers, security doors)
- Security service (G4S security service on-site)
- Alarm system
- CCTV
1.2.Access control to systems (virtual). The following technical and organizational measures are established for user identification and authentication:
- Encryption of transmitted data
- Personal and individual user login when entering the system and/or company network
- Additional system login for special applications
- Automatic blocking of the computer after a certain period of inactivity without user action (e.g., password-protected screensavers or automatic pause function)
- User access logs
1.3.Access control to data. To ensure that only authorized employees have access to data according to their access rights, the following measures are established:
- Role-based access control
- Authorization routines
- Reports / data logs
- Reviews / audits
- Limited use of removable media (e.g., external hard drives), encryption, and authorization before use
1.4.Disclosure control. The following measures are established for secure transport, transmission, or storage of data on data carriers (manual or electronic):
- Secure data networks (e.g., VPN)
- Logging
- Remote access (e.g., client file transfer, web access) via dedicated endpoints in the external network.
1.5.Input control. To monitor and track whether data has been entered, modified, removed, or deleted and who has entered it, the following measures are in place:
- Access rights
- System logs
- Security/logging software
- Functional responsibilities
1.6.Availability control. The following measures are taken to ensure data availability and protect data from accidental destruction or loss:
- Backup processes
- Backup storage
- Antivirus/firewall
- Hosting service provider that meets ISO 27001, 27017, 27018 standards, plus SOC 1, 2, and 3
1.7.Separation control. The following measures are established to ensure that data processed for different purposes is processed separately:
- Logical separation of client data in databases
- Encryption of transmitted client data
- Separation of testing, development, and production environments