Privacy Policy

Version 1
Valid from 01/01/2021

  1. INTRODUCTION

    This privacy policy is given on behalf of Markit Holding AS (Estonia) and all its subsidiaries (hereinafter “Markit”, “we” or “us”), who are the data controllers.

    This privacy policy describes how we collect, use and process the personal data of data subjects representing or associated with our business customers (hereinafter “you” or “users”).

    We process personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (Regulation (EU) 2016/679) (hereinafter the “GDPR”) and any other applicable data protection legislation.

  2. PERSONAL DATA WE PROCESS

    We collect your personal data to enable us to fulfil our obligations resulting from our contractual relationship with our business customers. We may also have legal obligation to process and share your personal data with public authorities such as tax and government agencies.

    We collect the following categories of personal data about you:

    • general personal data (first and last name, language of communication);

    • employment or other contractual details (your position at our business customer and your business contact details such as telephone numbers and e-mail addresses);

    • your account details in our internet-based IT equipment procurement system (Markit System) (usernames, logins, user activity, other data provided by users voluntarily);

    • consent (details on given consent to send you commercial information for marketing purposes).

    We obtain your personal data directly from you, including gathering data through your activity within the Markit System, or indirectly, from the business customer you represent or are associated with.

  3. PURPOSES FOR PROCESSING THE PERSONAL DATA

    Where appropriate and in accordance with any local laws and requirements, we generally use user data in the following ways:

    • to ensure the fulfilment of our contractual relationship with our business customers;

    • to send user updates regarding the status of orders and any other transactions or relevant changes in user’s or customer accounts;

    • to monitor the fulfilment of our business customer’s contractual obligations;

    • to send information materials to user emails and/or postal address;

    • to recommend solutions or product offers that Markit believes would be suitable or beneficial for the customer;

    • to ensure that we comply with the laws and manage risks to the business;

    • to ensure system resilience and improve system features;

    • to help us to establish, exercise or defend legal claims if necessary;

    • Markit may use this information to consult with credit rating agencies or other information sources to determine the amount of credit to be applied to our business Customer.

  4. LEGAL BASES FOR PROCESSING PERSONAL DATA

    There are a number of different ways where Markit is lawfully able to process the personal data of users. These are the following:

    • to carry out our legal obligations (GDPR Art. 6(1)(c));

    • processing is within our legitimate interests (GDPR Art. 6(1)(f)), mainly where:

      • processing is necessary to fulfil the agreement with our business customers;

      • we need to carry out presales and post-sales activities, to communicate with our business customer;

      • we need to improve customer service and system resilience.

  5. BUSINESS CUSTOMERS WHO ARE DATA SUBJECTS

    Where under applicable laws our business customer is regarded as a data subject the following additional information applies:

    • the following personal data may be collected about you:

      ordering, delivery and invoicing data (order and delivery details, tax identification number, financial and tax settlements);

    • the processing of your personal data may be based on GDPR Art. 6(1)(b) – to ensure the fulfilment of our contractual relationship.
  6. USING THE WEBSITE

    Markit uses cookies for improving its service and user experience and to analyse how our website is used. Cookies cannot be used alone to identify the user, but they may be linked directly or indirectly to the when combined with other information. In these cases, cookies may be treated as personal data. Cookies are stored on the user’s computer and transmitted from there to Markit website. User can deactivate or limit the transmission of cookies by changing the settings in the internet browser. However this may result of not being able to take full advantage of Markit system. Please see more details in our Cookie Policy.

  7. SHARING THE PERSONAL DATA

    In order for us to meet the purposes described in this policy, your personal data may be transferred to the following recipients:

    • between and within Markit group entities;

    • to the distributors and transport service providers;

    • to cloud-based storage providers; and

    • to other third parties (such as tax, audit and other authorities, third-party service providers, e.g. accounting and legal service providers, IT consultants, insurance companies and other professional advisers and business consultants).

  8. TRANSFERS OUTSIDE THE EEA

    We transfer data outside of the European Economic Area (EEA, i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) only where it is compliant with data protection legislation. Such transfers may be based on adequacy decisions made by the European Commission or based on EU Standard Contractual Clauses, and you have the right to receive a copy of the applied appropriate safeguards by contacting us.

  9. STORING THE PERSONAL DATA

    We ordinarily process the personal data of users during the course of the contractual relationship with the customer, and then retain it for up to 10 years after the agreement between Markit and customer has been terminated. We may make exceptions from this where there is justification for retaining the data for longer periods or if this is required by law.

    Once we have determined that we no longer need to hold the personal data of the user, we will delete or anonymize it from Markit systems.

  10. RIGHTS OF THE USER

    You have various rights in relation to your personal data which we process about you, set out in the following:

    • Right to request access: you may ask us to confirm what information we process about you at any time. If you request further copies of this information, we may charge a reasonable administrative cost. Where we are legally permitted to do so, we may refuse from such request. If we refuse this request we will tell you the reasons for doing so.

    • Right to rectification: you may request that we rectify any inaccurate or incomplete personal data that we process about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where we are legally permitted to do so, we may refuse from such request. If we refuse this request we will tell you the reasons for doing so.

    • Right to erasure: you have the right to request that we erase your personal data in certain circumstances. Where we are legally permitted to do so, we may refuse from such request. If we refuse this request we will tell you the reasons for doing so.

    • Right to restrict processing: you have the right to request that we restrict processing of your personal data in certain circumstances. This means that we can only continue to store the data and will not be able to carry out any further processing activities. Where we are legally permitted to do so, we may refuse from such request. If we refuse this request we will tell you the reasons for doing so.

    • Right to object: in certain circumstances you have the right to object to us processing your personal data. Where we are legally permitted to do so, we may refuse from such request. If we refuse this request we will tell you the reasons for doing so.

    • Right of data portability: in general you have the right to transfer your personal data between data controllers, subject to possible limitations from applicable law. Personal data what we collect is related to user’s activity in the name of our business customer and thus this data cannot be transferred to any third party by the user.

    • Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the supervisory authority of your local country. In Estonia it is the Estonian Data Protection Inspectorate, see contact details in the website (https://www.aki.ee/en/contacts). You can find the contact details of your local supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en.

  11. MODIFICATIONS

    If Markit changes the categories of personal data processed or purposes of personal data processing, Markit will make respective amendments to this policy and inform our customers and also the users, where possible.

  12. FURTHER ASSISTANCE

    If you have any questions or comments regarding how we collect, use and process personal data, please contact our data protection coordinator at gdpr@markit.eu.