Privacy Policy: Last updated: February 2023

Back to homepage


Data Protection Terms

Last updated: February 2023

The purpose of the following information is to inform you about how we, UAB "Konica Minolta Baltia" (hereinafter: we, the company, or Konica Minolta) process your personal data and to inform you of your rights arising from the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter: the Regulation) and other data protection laws.

Controller and Data Protection Officer
The controller is:
UAB Konica Minolta Eesti Filiaal
Suur-Sõjamäe 37A, Soodevahe, Harjumaa, 75322
tel: +37253550659
email: support.eshop@konicaminolta.ee
website: www.konicaminolta.ee/shop

If you have questions about the processing of your personal data, you can contact our company's Data Protection Officer:
Ms. Frederike Rehker
Konica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen, Germany
tel: +49 (0)511 7404-0
email: dataprotection@konicaminolta.eu

What are my rights as a data subject?
As a data subject, you have the following rights:

2.1. Right to access your data (Article 15 of the Regulation):
You have the right to be informed at any time about the types of your personal data being processed, the purposes of processing, the recipients of these data, or the types of recipients, and the retention period of personal data.

2.2. Right to rectification (Article 16 of the Regulation):
You have the right to request the correction of your inaccurate personal data and the completion of incomplete personal data.

2.3. Right to erasure (Article 17 of the Regulation):

- You have the right to request the immediate deletion of your personal data. As the controller, we are obligated to delete your personal data, especially in the following cases:
- Your personal data are no longer necessary for the purpose for which they were collected or processed in another way;
-You have withdrawn your consent to the processing of personal data, and there is no other legal basis for the processing of your personal data;
-Your personal data have been processed unlawfully;
-Your personal data must be deleted to comply with a legal obligation applicable to us;
-Your personal data were collected in connection with the provision of information society services referred to in Article 8(1) of the Regulation. Please note that the right to erasure is limited in cases where:
-Your personal data are necessary for the fulfillment of a legal obligation explicitly provided for in Union or Member State law;
-Your personal data are necessary for the establishment, exercise, or defense of legal claims.

2.4. Right to restriction of processing (Article 18 of the Regulation):

-You also have the right to request the restriction of the processing of your personal data, meaning that your personal data will only be processed for limited purposes. This right is applicable when:
-You contest the accuracy of your personal data, and we need to verify the accuracy of your personal data;
-The processing of your personal data is unlawful, but you do not request the deletion of personal data, only the restriction of use;
-We no longer need your personal data for processing purposes, but they are necessary for the establishment, exercise, or defense of legal claims;
-You have objected to the processing of your personal data, pending verification of whether our legitimate interests outweigh your reasons.

2.5. Right to data portability (Article 20 of the Regulation):

You have the right to receive the personal data you have provided to us as a controller in a structured, commonly used, and machine-readable format and to transmit this data to another controller, where technically feasible. The right to data portability applies when:

-Your personal data are processed by automated means, either based on your consent or under a contract;
-The exercise of the right to data portability does not adversely affect the rights and freedoms of others.

2.6. Right to object (Article 21 of the Regulation):

You have the right to object at any time, based on your particular situation, to the processing of your personal data carried out for reasons of legitimate interest, including profiling based on these provisions. Additionally, you have the right to object at any time to the processing of your personal data for direct marketing purposes or profiling related to such direct marketing. If you object to the processing of your personal data based on legitimate interest, we will assess whether our legitimate interests outweigh your interests, rights, and freedoms. If your interests, rights, and freedoms are more important, your personal data will not be further processed. The same applies in the event that your personal data are still needed for the establishment, exercise, or defense of legal claims. If you object to the processing of your personal data for direct marketing purposes or profiling related to such direct marketing, your personal data will no longer be processed for these purposes.

2.7. Right to lodge a complaint with a supervisory authority (Article 77 of the Regulation):

You also have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection laws. The contact details of the supervisory authority are as follows:
Data Protection Inspectorate
Tatari 39, Tallinn 10134
tel: 627 4135
email: info@aki.ee
website: www.aki.ee

2.8. Right to Withdraw Consent (Article 7 of the Regulation):

If you have given us consent for the processing of your personal data, you have the right to withdraw your consent at any time without stating a reason. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3. General Information about the Principles of Personal Data Processing:
Your personal data will be processed only in a manner that is accurate and clearly defined before the start of processing operations, for legitimate purposes, and in accordance with the principle of purpose limitation set out in Article 5(1)(b) of the Regulation.

4. General Information about the Lawfulness of Personal Data Processing:
The processing of your personal data always takes place on the legal grounds specified in Article 6 of the Regulation (or, for special categories of personal data, taking into account the exceptions set out in Article 9 of the Regulation).

4.1. Legal Bases for Processing Personal Data:

Consent:
If we obtain your consent for the processing of your personal data, they are processed on the legal basis specified in Article 6(1)(a) of the Regulation. For example, we send you promotional messages by email and/or phone only after obtaining your explicit consent for such processing.
Contractual or Pre-contractual Obligations:
If the processing of your personal data is necessary for the performance of a contract in which you are a party or for taking pre-contractual measures at your request, the legal basis for such processing is stipulated in Article 6(1)(b).
Legal Obligation:
If the processing of your personal data is necessary to fulfill our legal obligation, the processing is carried out in accordance with Article 6(1)(c) of the Regulation.
Legitimate Interest:
If the processing of personal data is necessary for our legitimate interests or those of a third party, and your fundamental rights and freedoms do not outweigh such interests, the legal basis for such processing is specified in Article 6(1)(f).

4.2. Legal Bases for Processing Special Categories of Personal Data:
Special categories of personal data are processed only in exceptional cases, taking into account the existence of legal bases specified in Article 9(2) of the Regulation.
For the processing of such data, the legal bases specified in Article 9 of the Regulation are as follows:
Explicit Consent:
If you have given explicit consent for the processing of the aforementioned special categories of personal data, the legal basis for such processing is specified in Article 9(2)(a).
Obligations Related to Employment and Social Security:
If the processing of special categories of personal data is necessary for the fulfillment of obligations related to employment, social security, or social protection law, the legal basis is specified in Article 9(2)(b).
Data Manifestly Made Public:
If you have made your special categories of personal data manifestly public, the data may be processed in accordance with Article 9(2)(d).
Establishment, Exercise, or Defense of Legal Claims:
If the processing helps us establish, exercise, or defend legal claims, it is carried out in accordance with Article 9(2)(e).

Data Retention Periods:

We delete personal data in accordance with Article 17 of the Regulation or restrict their processing in accordance with Article 18 of the Regulation, unless otherwise specified. Personal data that is no longer needed for the purpose for which it was collected is deleted, except when further processing is necessary for a limited period for other legal reasons.

6. General Information about Disclosing Personal Data to Recipients:

We do not sell or rent personal data. Data is only transmitted to third parties when necessary for the respective service. For example, we collaborate with service providers in the fields of marketing, sales, information technology, logistics, and personnel. We carefully select our service providers. In other cases, data is transmitted to government authorities in accordance with legal norms or based on court decisions.
Location of Data Processing:
We process your data in Estonia and other European countries (EU/EEA). Your data may be processed outside the European Union or the European Economic Area (in third countries) only with your explicit consent as required by legislation or due to the need to provide you with services. In such exceptional cases, we ensure compliance with the conditions specified in Article 44 of the Regulation and subsequent articles, taking into account the adequacy decision made by the European Commission for a specific country, including, in the absence of a decision, the obligation to establish appropriate safeguards according to Article 46 of the Regulation.

7. Use of Cookies:

7.1 General Information about Cookies:

We use cookies on our website. A cookie is a small text file that your web browser stores on your hard drive to collect information and associate the cookie with the website that set it. Certain cookie files we use are deleted after your browsing session (session cookies), while others remain on your device and allow your web browser to recognize it on your next visit (persistent cookies). Cookies on our website serve various purposes.
For a better overview, cookies are categorized as follows:
Essential Cookies:
These are crucial cookies that ensure the basic functionality and security of the website.
Functional Cookies:
These cookies are used for user convenience, such as storing device-based preferences, language settings, text size, username, or other configurations.
Marketing Cookies:
These cookies are used for delivering advertisements to potential customers.
Analytical Cookies:
These cookies analyze website usage to evaluate and improve site performance. You can manage or delete previously stored cookies in your web browser settings. Please note that changing settings may affect the correct functioning of some features on our website.
For more information on managing cookies in a specific web browser, refer to the following sources:

"How to delete cookies in Internet Explorer" (microsoft.com);
"Clear, enable, and manage cookies in Chrome" (Google Chrome Help);
"Delete, search, and download history in Firefox" (Firefox Help (mozilla.org)).

8. Data Processing in Different Systems:

8.1. CMS System Kentico

We use a content management system (CMS) called Kentico on our website. Kentico is managed by the company Kentico Software s.r.o in the Czech Republic. Kentico is utilized for delivering and managing websites, online stores, intranets, and other corporate websites. For website development and maintenance, we use Kentico EMS and Kentico Cloud software. This system allows us to create content for our website and distribute it on the websites of subsidiaries and partner companies.

The CMS collects anonymous activity data from website visitors. When visitors provide their data, such as filling out a contact form, this data is associated with their email address. Our website also allows customers to shop in our online store, involving the processing of the following data:

First name
Last name
Email address
Company name
Customer number
Invoice and delivery address
Mobile phone number
IP address
Purchase history
This data is necessary for the functioning of our e-commerce platform and is retained for as long as customer relationships persist and the need to comply with retention periods stipulated by applicable laws. Kentico uses cookies for its technical applications. For more information about cookies, refer to chapter 7 of this document.

Data collected by Kentico is stored on web servers located in Microsoft Azure, based in the Netherlands. In exceptional cases, your personal data may be transferred to a third country, such as the United States. Since the United States does not provide an adequate level of protection for personal data, there is an additional risk to the rights and freedoms of data subjects.

The legal basis for processing visitor activity data collected by Kentico is our legitimate interest as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest is to ensure the proper functioning and security of our website. For more information on data protection with Kentico, refer to Kentico's data protection.

8.2 Usercentrics

We use the Usercentrics Consent Management Platform (CMP) on our website. This platform is JavaScript-based and allows us to gain insights into essential software solutions, decide on the necessity of implementing other software solutions requiring prior consent, and enables visitors to withdraw their consent at any time without specifying reasons, preventing further processing of personal data by the respective software solution. The platform helps us comply with GDPR requirements related to consent.

Data processed by Usercentrics CMP includes:

Consent data
Consent ID
Consent status (opt-in 'allow,' opt-out 'deny')
Consent timestamp
Language used for cookie consent

8.3 Web Analytics

8.3.1 Google Analytics

We use Google Analytics on our website, provided by Google Ireland Limited in Ireland. Google Analytics is a web analytics application used to analyze website traffic to improve it regularly. Statistical data is used for enhancing offers and making them more interesting for users. Google Analytics stores a cookie on your device to analyze your visits/website usage. Refer to chapter 7 of this document for more information about cookies.

You can manage which cookies you allow by changing your web browser settings. Note that altering settings may affect the proper functioning of some features on our website. Additionally, you can limit the collection of data generated by cookies regarding your website usage (including your IP address) and its subsequent processing by Google by downloading and installing the Google Analytics browser add-on for data deactivation.

Data processing by Google Analytics is based on your consent according to Article 6(1)(a) of the GDPR. Due to the localization of Google, your personal data may be transmitted to a third country, meaning outside the European Union or European Economic Area, specifically the United States. The processing of your personal data outside the EU/EEA is based on your consent according to Article 49(1) of the GDPR. Since the United States does not offer an adequate level of protection for personal data, an additional risk is associated with processing data, posing a threat to the rights and freedoms of data subjects. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms.

For more information about Google's terms of use and privacy, visit Google Analytics Terms or Google Analytics Privacy Overview.

8.3.2 Dynatrace

We use the Dynatrace application from the United States to measure website performance and loading times. The application processes visitor IP addresses using cookies. The software itself is located on servers in Germany owned by Konica Minolta, ensuring that data is not transmitted to the service provider. We retain data for 35 days. The legal basis for processing your personal data using Dynatrace is your consent under Article 6(1)(a) of the GDPR. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms.

8.4 Targeted Advertising

8.4.1 Marketo

If you subscribe to our newsletter and provide information, we use marketing automation software Marketo from Marketo Inc. in the United States. Marketo collects statistical data on our website usage and communication activities for optimizing our services/products and conducting email marketing and sales activities. Data processing is partially automated to assess specific personal aspects (profile analysis). Marketo captures your IP address and uses cookies for tracking and analyzing website usage. For more information about cookies, refer to chapter 7 of this document.

Data obtained through cookies are transmitted and stored on Marketo servers located in the EU/EEA. Marketo uses this information on our behalf to assess the website usage of registered individuals and compile reports on activities on the website. To prevent cookies from being stored by the website, adjust your web browser settings, but keep in mind that it may affect the functionality of our website. We have entered into an agreement with Marketo for exceptional and unforeseeable cases where personal data may be transferred to the United States.

For more information about Marketo's data protection, visit Marketo Data Privacy. The legal basis for processing your personal data for these purposes is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without stating reasons. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms.

8.4.2 Newsletter

Konica Minolta sends newsletters to its customers and interested parties. The only personal data processed for this purpose is your email address. Providing additional or separately marked data is voluntary. When subscribing to the newsletter, we request your consent twice, meaning that after subscribing, we send you an email to your specified email address, asking you to confirm whether you still want to receive information. If you do not confirm the subscription by clicking on the link in the email, the link sent to you will be deactivated, and your data will be deleted. If you agree to receive information, we provide access to:

News and information about Konica Minolta's product range
Invitations to events, trade shows, and webinars
Success stories
Market trend research, market studies, and reports
Calls to participate in customer satisfaction surveys
During the newsletter subscription process, we store your IP address, registration, and confirmation time for 30 days, asking for your consent twice. With your consent, we assess your behavior as a user on our websites and in the newsletter, linking it to your email address/user profile in our database. Additionally, we store data about your web browser and operating system parameters and the internet connection used to access our website. When creating a user profile, we customize our website's advertising method to your preferences and optimize offers specifically for you.

Our newsletter contains information from Konica Minolta Business Solutions Europe GmbH and other affiliated companies (list of companies). The legal basis for processing your personal data for these purposes is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without stating reasons. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms.
Consent withdrawal does not affect the legality of processing based on consent before withdrawal. More information about the right to withdraw consent can be found in section 2.8 (General Data Protection Regulation Article 7) of these data protection terms.

Konica Minolta may also use email addresses collected during contract negotiations to inform you by email about similar products and services. You may object to such communication at any time without incurring costs, except for postal expenses. The objection must be sent to the address: UAB "Konica Minolta Baltia," J. Jasinskio g. 16 A, LT-03163 Vilnius. The objection can also be sent by email to: support.eshop@konicaminolta.lt. The legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.

8.4.3. LinkedIn Insight Tag

We use the LinkedIn Insight Tag tool from LinkedIn Ireland Unlimited Company for conversion purposes on our website. The LinkedIn Insight Tag is a JavaScript code snippet added to our website, collecting and transmitting data about visitors' movements on our site to LinkedIn. The data includes the web address (URL), IP address, device and web browser information, and the timestamp of the visit. LinkedIn does not provide us with data for identifying individuals. LinkedIn uses this information to provide us with reports on website audience and advertising performance based on aggregated data, helping us optimize our site. Due to LinkedIn's localization, your personal data may be transmitted to a third country, especially the United States. The legal basis for processing your personal data using LinkedIn Insight Tag is your consent according to Article 6(1)(a) of the GDPR. If your personal data is processed outside the EU/EEA, it is based on your consent according to Article 49(1) of the GDPR. Additional risk exists due to the insufficient data protection level in the United States. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms. Data processed via LinkedIn Insight Tag is encrypted and anonymized within seven days. Anonymized data is automatically deleted within 90 days if no longer needed for the original purpose of collection. For more information on LinkedIn's data protection, visit LinkedIn Privacy Policy.

8.4.4. Facebook Pixel

We use Facebook Pixel, a marketing service provided by Facebook Inc. in the United States, on our website. The code added to the website stores a cookie on your device, enabling us to display customized and interest-based ads to our website visitors who also use Facebook. Facebook Pixel allows tracking user movements after clicking on a Facebook ad, helping us assess and optimize the effectiveness of Facebook marketing campaigns. Facebook Ireland Limited may aggregate information collected by the pixel and use it for advertising, including third-party advertising. Your browsing data on our website may lead Facebook Ireland Limited to infer your interests and share this information for advertising purposes. Due to Facebook's localization, your personal data may be transmitted to a third country, especially the United States. The legal basis for processing your personal data using Facebook Pixel is your consent according to Article 6(1)(a) of the GDPR. If your personal data is processed outside the EU/EEA, it is based on your consent according to Article 49(1) of the GDPR. Additional risk exists due to the insufficient data protection level in the United States. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms.

8.4.5. Twitter Tag

We have added the Twitter Tag to our website for targeted advertising and tracking ad conversions, provided by Twitter Inc. in the United States. The application allows us to deliver ads based on your interests if you have interacted with Twitter's platform. Tags register visits to our website and collect activity data (such as interactions with displayed ads, like clicks, tweets, and likes). If you later visit Twitter, you may see ads based on your interests. Twitter Tag allows Twitter to receive information that your device visited our website. If you are a Twitter user, visits may be associated with your user account. Even if you are not a registered or logged-in Twitter user, Twitter may remember your IP address and other identifying information. Twitter Tag allows us to track the effectiveness of Twitter ads for statistical and market research purposes. The collected data is anonymous, meaning personalized data is not visible. However, Twitter retains and processes the information generated by tags on its servers located in the United States. The legal basis for processing your personal data using Twitter Tag is your consent according to Article 6(1)(a) of the GDPR. If your personal data is processed outside the EU/EEA, it is based on your consent according to Article 49(1) of the GDPR. Additional risk exists due to the insufficient data protection level in the United States. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms. More information on opting out of this feature can be found: Your Privacy Settings | Twitter Help, and additional information on Twitter's data processing is available in Twitter's Privacy Policy.

8.4.6. Channel Mix

Channel Mix, located in the United States, is used to measure the effectiveness of marketing campaigns based on Google Analytics data. No personal data is processed in this context. Only statistical data collected through Google Analytics, such as data on marketing activities and customer platform optimization, is used.

8.4.7. Google AdWords

We use Google AdWords on our website, an application from Google Ireland Limited. This application allows us to display attractive offers on external websites using advertising material (Google ads). Google displays this advertising material through advertising servers, which use cookies. For more information on cookies, refer to chapter 7 of this document. Advertising server cookies help us evaluate performance indicators such as ad impressions, clicks, or ad conversions. This helps us identify the effectiveness of individual advertising measures. If you visit our website through Google ads, Google AdWords saves a cookie on your device. This cookie stores analyzable indicators (unique cookie identifier, ad display, display frequency, last display time, data about refusal of ads, a note that the user no longer wants ads). Google AdWords cookies expire after 30 days. Cookies are not intended for personal identification. They allow Google AdWords to recognize only your web browser. If you visit certain web pages on the client's website with AdWords added and this cookie has not yet expired, both Google and the client can determine that you clicked on the ad and were then directed to the client's website. Google provides us as the client with statistical analysis. Analytical data helps us assess the effectiveness of advertising measures. We do not process other data. The legal basis for processing your personal data using Google AdWords is your consent according to Article 6(1)(a) of the GDPR. If your personal data is processed outside the EU/EEA, it is based on your consent according to Article 49(1) of the GDPR. Additional risk exists due to the insufficient data protection level in the United States. For information on withdrawing your consent, refer to section 2.8 (Article 7 of the GDPR) of these data protection terms. More information on Google's data protection is available at Privacy Policies - Privacy & Terms - Google. Additional information on GDPR & Google Ads can be found at GDPR & Google Ads FAQs – Google.

8.4.8. Microsoft Clarity

This website uses features of the web analytics service Microsoft Clarity. The provider is Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter: Microsoft).
Microsoft Clarity provides website usage statistics, session recordings, and heatmaps, created mainly through the tracking of mouse movements. Microsoft Clarity will use the processed information for evaluating the use of our website, compiling reports on website activity, and providing other services related to the use of the website. Hence, we use Microsoft Clarity to analyze and regularly improve the user behavior on our website and with the help of the statistics we obtain, we can make our offer more interesting and user-friendly for you as a user.
The collection of your user data is done via cookies, which are set on your end device and enable an analysis of the visit of our website. For more information on cookies, please see "7. Cookies" in this privacy policy.
We will process the following data with Microsoft Clarity:

  • Unique user ID
  • Date and time of visit
  • IP Address
  • Location data
  • Session ID
  • User behavior
    • Interaction data
    • Mouse movements
    • Clicks
    • Scrolling activity

The deletion of the data processed on a user level in Microsoft Clarity takes place automatically after 13 months. Text fields, such as contact forms, surveys or search fields are masked out in the screen recordings so that the entries you make are not recorded. Personal data entered in our online forms is therefore not processed by Microsoft Clarity.
In exceptional circumstances, due to Microsoft's headquarters, your personal data may be transferred to the USA and thus be transferred to a so-called third country. A transfer to a third country is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. Microsoft Corporation is certified under the DPF so that the GDPR standard of data protection applies to these transfers.
The legal basis for the processing of your personal data in the context of the use of Microsoft Clarity is your consent pursuant to Art. 6 I lit. a GDPR. Information on your right of withdrawal can be found under point "2.8 Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

8.5. Google Fonts

We use fonts from Google Inc. (United States) on our website. Google Fonts are integrated into our local web server, not Google's servers. This means that we have no connection to Google's servers, and no data transmission or storage occurs.

8.6. Order Processing

We use message broker software located on AWS Frankfurt servers to synchronize order processing between our CMS system and internal servers. The following data is transmitted through this service:

First and last name
Company name
Contact information (email address, phone number)
Invoice and delivery address
Notes (free text)
IP address
Due to the processing of your personal data on Amazon AWS web servers, your personal data may be transmitted to the United States, a third country. The United States does not guarantee an adequate level of data protection, creating an additional risk to the rights and freedoms of data subjects. For more information on Amazon Web Services' data protection, visit: AWS Data Privacy.

9. Konica Minolta Group Data Protection Terms

Konica Minolta Group Global Data Protection | KONICA MINOLTA

Cookie Consent Form
Device Data (HTTP User-Agent, HTTP Redirection)
The use of Usercentrics' CMP and the related processing of personal data are necessary for the fulfillment of legal obligations according to Article 6(1)(c) of the GDPR. Therefore, using this platform is crucial for collecting and providing evidence, as stipulated in Article 5(2) of the GDPR.