This Privacy Policy applies for personal data processing activities carried out by MTÜ Solid World DAO (registered in Estonia under the registry code 80612616 and with its seat at Pärnu mnt 15, 10141 Tallinn, Republic of Estonia; hereinafter Solid World, us or we).
We are strongly committed to protecting personal data. This Privacy Policy describes why and how we collect and use personal data and provides information about individuals’ rights. We may use personal data provided to us for any of the purposes described in this Privacy Policy or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable natural person. Solid World processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
Legal bases for each processing activity are specified in the relevant sections below.
When we process personal information for our legitimate interests, we make sure to consider and balance any potential impact on a data subject (both positive and negative), and the data subject’s rights under data protection laws. Our legitimate business interests do not automatically override interests of the data subjects - we will not process personal data for activities where our interests are overridden by the impact on the data subject (unless we have the consent or are otherwise required or permitted to by law).
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
In respect of personal data being regulated by EU legislation please note that: cross border transfers may include countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EEA, such as the European Commission approved standard contractual clauses. The European Commission approved standard contractual clauses are available here.
Personal data held by us may be transferred to:
Third party organisations that provide applications/functionality, data processing or IT services to us. We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them;
Third party organisations that otherwise assist us in providing goods, services or information;
Auditors and other professional advisers;
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law;
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law.
Solid World processes personal data about contacts (existing and potential clients and/or individuals associated with them).
This includes name, employer name, contact title, phone, email and other business contact details. In addition, we may record information about our interactions with contacts.
Personal data relating to business contacts may be used for the following purposes:
Administering, managing and developing our businesses and services. This includes:
managing our relationship with clients;
developing our businesses and services (such as identifying client needs and improvements in service delivery and learning more about a client relationship opportunity);
analysing and evaluating the strength of interactions between us and a contact;
performing analytics, including producing metrics for our leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals;
administering and managing IT systems, websites and applications; and
hosting or facilitating the hosting of events.
Providing information about Solid World and its services.
We use client business contact details to provide information that we think will be of interest about Solid World and its services, in accordance with any permissions required by law. This may include industry updates and insights, other services that may be relevant and invites to events.
Solid World does not sell or release personal data to third parties for purposes of allowing them to market their products and services without consent from individuals to do so.
Personal data will be retained for as long as we have, or need to keep a record of, a relationship with a business contact, which is for the duration of our relationship with a contact or their organisation. Personal data may be held for longer periods where extended retention periods are required by law and in order to establish, exercise or defend our legal rights.
Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data with us where it is strictly needed for those purposes.
Where we need to process personal data to provide professional services, we ask our clients to provide the necessary information to the data subjects regarding its use. Our clients may use relevant sections of this Privacy Policy or refer data subjects to this Privacy Policy if they consider it appropriate to do so.
The categories of personal data processed by us in relation to the services we provide are generally:
Personal details (eg, name, age/date of birth, gender, marital status, country of residence);
Contact details (eg, email address, contact number, postal address)
Financial details (eg, salary and other income and investments, benefits, tax status); and
Job details (eg, role, grade, experience and performance information).
Generally, we collect personal data from our clients or from third parties when providing services to the relevant client.
We use personal data for the following purposes:
Providing professional services. We provide a diverse range of professional services. Some of our services require us to process personal data in order to provide advice and deliverables.
Administering, managing and developing our businesses and services. This includes:
managing our relationship with clients and prospective clients;
developing our businesses and services (such as identifying client needs and improvements in service delivery);
administering and managing IT systems, websites and applications; and
hosting or facilitating the hosting of events.
Security, quality and risk management activities. We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
Providing clients and prospective clients with information about us and our range of services. We use client and prospective client business contact details to provide information that we think will be of interest about us and our services in accordance with any permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
Complying with any requirement of law or regulation. As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
Improving and developing our services. We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new Solid World technologies and offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.
We retain the personal data processed by us for as long as necessary for the purpose for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law and in order to establish, exercise or defend our legal rights.
We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients. The personal data is generally business card data and will include name, employer name, phone, email and other business contact details and the communications with us.
We use personal data for the following purposes:
Receiving services. We process personal data in relation to our suppliers and their staff as necessary to receive the services they are contracted to provide.
Providing professional services to clients. Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients (for example, where our supplier is providing people to work with us as part of our team providing professional services to our clients).
Administering, managing and developing our businesses and services. This includes:
managing our relationship with suppliers;
developing our businesses and services (such as identifying client needs and improvements in service delivery);
hosting or facilitating the hosting of events; and
administering and managing IT systems, websites and applications.
Security, quality and risk management activities. We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
Providing information about us and our range of services. We use business contact details to provide information that we think will be of interest about us and our services in accordance with permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
Complying with any requirement of law or regulation. As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Personal data will be retained about our contacts at our suppliers for as long as it is necessary for the purposes set out above (for example, for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation). Personal data may be held for longer periods where extended retention periods are required by law and in order to establish, exercise or defend our legal rights.
This section describes why and how we collect and use personal data in connection with our recruitment activities.
If your application is successful, we perform pre-employment screening checks as part of our onboarding process. Depending on the role you have applied for, these checks may include criminal records checks.
We collect personal data in connection with our recruitment activities as described below. Most of the personal data we collect as part of our recruitment process is provided by you such as:
Contact details (name, email, telephone number);
Areas of interest;
Username and password to apply for a role;
CV, experience, education, academic and professional qualifications;
Information provided as part of interviews and assessments;
Diversity and equal opportunities data;
Pre-employment screening information if your application is successful;
Information about your and your immediate family’s financial relationships if your application is successful; and
Bank account details if your application is successful.
We create personal data in connection with our recruitment activities such as:
Interview and assessment results and feedback; and
Offer details.
We obtain personal data from third party sources such as:
References from your named referees;
Information from your referrer (where applicable);
Results of screening checks (depending on the role applied for);
Verification of information provided during the recruitment process by contacting relevant third parties (for example, previous employers, education and qualification providers) or using publicly available sources (for example, to verify your experience, education and qualifications); and
Information from social media sites that you are a member of about your engagement with our recruitment campaigns.
We process personal data for our legitimate interests to attract and secure the best talent to work with us as follows:
To attract talent and market opportunities at Solid World including by arranging, hosting and participating in events, marketing and advertising opportunities and using recruiters to help find talent for us.
To identify and source talent including by searching publicly available sources (such as professional networking and job websites of which you are a member).
To process and manage applications for roles at Solid World, evaluate you for open positions that match your interests and experience throughout the Solid World network, manage your candidate profile, send you email notifications and other announcements, request additional information or otherwise contact you about your candidacy.
To screen and select talent by evaluating your suitability for employment with Solid World, including through interviews and assessments and conducting background checks.
To hire and onboard talent by making an offer to successful applicants and carrying out pre-employment screening checks.
To conduct statistical analyses and create reports, demographic analysis of candidates, reports on our recruitment activities, and analysis of candidate sourcing channels.
Any other purposes stated when you provide the information to us.
Where allowed by law, we carry out criminal records checks for the following purposes:
To comply with legal obligations to ensure an individual is eligible to work;
As permitted by law, to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; or
To comply with government and public sector clearance requirements.
We retain personal data processed in connection with recruitment activities as follows:
If your application is successful, we retain relevant personal data as part of your employee record.
If your application is unsuccessful, we retain and use the information you provided to us as part of your application for a reasonable period of time to deal with any matter which may arise in connection with your application, for purposes of contacting you regarding other employment opportunities and for our legitimate business purposes (for example, to make sure we do not contact an individual about a role they have already applied for).
This section describes how Solid World handles personal information collected through the sites at https://www.solid.world/ and any other Solid World sites that link to this Privacy Policy (collectively, Sites).
By using the Sites and providing personal information to us, you acknowledge you have read this Privacy Policy, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such personal information by us and any third party recipients in accordance with this Privacy Policy.
Some sites of the Sites may have privacy statements that differ from this one and/or contain additional information as required under local law. Please refer to the privacy statements on the sites you visit in order to understand how they collect and process your data. By accessing any sites available within the Sites or content within them, you (a) acknowledge you will review those privacy statements and (b) to the extent required under applicable law, consent to the collection, processing and use of your personal data as described in those privacy statements.
The Sites may link to third-party sites not controlled by Solid World and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We encourage you to review each third-party site’s privacy policy before disclosing any personally identifiable information.
When you use our Sites, we may collect information about you and your use of the relevant site, including through cookies and analytics tools. We may collect personal information about you, such as your name, job title, company name, address, email address and telephone number, either directly from you or by combining information we collect via the Sites with personal information we collect and maintain through other channels (such as client relationship management systems or identification and access management systems, including IP addresses) or as we may lawfully collect from social media or other third-party sites.
Below are examples of how you may provide personal information to us via Sites:
searching and browsing for content;
subscribing to or ordering newsletters and/or publications;
participating in join our mailing list initiatives;
participating in bulletin boards, discussion or message forums;
registering for events and conferences;
submitting resumes or work history information;
contacting us for further information;
visiting our Sites while logged into a social media platform; and/or
providing us with business cards or other contact information.
We do not intend to collect sensitive information through the Sites unless we are legally required to do so. Examples of sensitive information include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records. We ask that you do not provide sensitive information of this nature when using the Sites. If you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under your local law, for us to collect and use that information in the ways described in this section of this Privacy Policy or as described at the point where you choose to disclose this information.
We also do not actively seek demographic information from visitors to the Sites. However, you may choose to provide such information (including for example when visiting our Site from a social media site, submitting a resume, or responding to an online job application). If you choose to provide demographic information to us, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under applicable law, for us to collect and use that information in the ways described in this section of the Privacy Policy or as described at the point where you choose to disclose this information.
It is our policy to collect only minimum personal information required. If the Sites seek non-mandatory personal information about you, you will be notified of this at the point of collection. If you believe a Site has collected excessive information about you, please contact us to raise any concerns.
Some pages on the Sites may permit you to send emails to us. Messages sent via the Sites will contain your screen name and email address, as well as any additional information you wish to include in the message.
When you provide personal information to us through Sites, we may use it for any of the purposes described in this section of the Privacy Policy or as stated at the point of collection (or as obvious from the context of collection), including:
to administer and manage the Sites, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the Site;
to personalise and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you;
to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using the Sites);
to determine the company, organisation, institution, or agency that you work for or with which you are otherwise associated;
to develop our businesses and services;
to conduct benchmarking and data analysis including, for example, regarding usage of the Sites and demographics analyses of their users;
to conduct quality and risk management reviews;
to understand how people use the features and functions of our Sites in order to improve the user experience;
to monitor and enforce compliance with applicable terms of use, including acceptable use policies; and/or
any other purposes for which you provided the information to Solid World, including any of the purposes given in the ‘Collection of personal information’ section above.
Our Sites do not collect or compile personal information for sale to non-Solid World parties for consumer marketing purposes.
If you would like to find out more about the different categories of information we collect on the Sites, please review the ‘Collection of personal information’ section above.
Please see our Cookie Policy.
We will retain your personal information on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. We keep mailing list information until a user unsubscribes from our mailing lists. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.
Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you opt into any subscriptions, you will receive automated emails when content is updated. If you opt into any newsletters, you will receive curated emails known as newsletters. If you select any preferences such as issues, topics, subjects or industries, you may receive email communications related to those self-selected topics.
If you want to unsubscribe from mailing lists or any registrations, you should look for and follow the instructions we have provided within the appropriate area(s) of the Sites or in the relevant communications to you.
If you do not wish to receive emails or marketing communications from us, you can at any time contact us to request that such communications cease. If you wish to unsubscribe or no longer receive only certain communications, please identify such communications in your request.
If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.
We are committed to providing reasonable and practical access that allows visitors to the Sites to identify and correct any inaccuracies in the information we collect about them.
When we keep personal information about you, we are responsible for keeping an accurate record of the information that you have submitted to us. We do not assume responsibility for verifying the ongoing accuracy of your personal information.
If you have questions about the accuracy of identifying information you previously submitted to Solid World, or want to have outdated information removed, please contact us. When requested, and provided that it is practical and commercially feasible to comply with the request and there is no legal or regulatory need for us to keep the information, we will delete identifying information from current operational systems.
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
You have certain rights in relation to the personal information we hold about you. In particular, you have a legal right to:
obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data;
request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed;
delete your personal data in the following cases:
the personal data is no longer necessary in relation to the purposes for which they were collected and processed;
our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
you object to processing for direct marketing purposes;
your personal data has been unlawfully processed; or
your personal data must be erased to comply with a legal obligation to which we are subject.
restrict personal data processing in the following cases:
for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data;
your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
object to the processing of your personal data in the following cases:
our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
our processing is for direct marketing purposes.
data portability:
The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
withdraw consent:
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).
submit a complaint or request to us in relation to the processing of your personal data and, absent a satisfactory resolution of the matter, file a complaint in relation to the processing of your personal data with the Estonian Data Protection Inspectorate (www.aki.ee; info@aki.ee).
We recognise that transparency is an ongoing responsibility so we will keep this Privacy Policy under regular review. This Privacy Policy was last modified on May 17, 2023.
We may update this Privacy Policy at any time by publishing an updated version in our website. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to review this Privacy Policy periodically to be informed about how we are protecting your information.
In respect of the personal data processing activities outlined in this Privacy Policy, the data controller is MTÜ Solid World DAO.
If you have any questions about this Privacy Policy or how and why we process personal data, please contact us at: Pärnu mnt 15 / Tatari 2, 10141 Tallinn, Estonia, email: info@solid.world.