1. General Terms
1.1. This privacy policy regulates the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller, Ideaalpuhastus OÜ (hereinafter referred to as the data processor).
1.2. The data subject, as defined in this privacy policy, is the customer or any other natural person whose personal data is processed by the data processor.
1.3. The customer, as defined in this privacy policy, is anyone who purchases goods or services from the data processor’s website.
1.4. The data processor follows the principles of data processing established by the legal acts, including processing personal data lawfully, fairly, and securely. The data processor is able to confirm that personal data has been processed in accordance with the requirements set by the legal acts.
2. Collection, Processing, and Storage of Personal Data
2.1. The personal data that the data processor collects, processes, and stores is collected electronically, primarily through the website and email.
2.2. By sharing their personal data, the data subject grants the data processor the right to collect, organize, use, and manage personal data for the purposes defined in this privacy policy, which the data subject shares directly or indirectly with the data processor when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. The deliberate submission of false information is considered a violation of this privacy policy. The data subject is obligated to promptly inform the data processor of any changes to the provided data.
2.4. The data processor is not liable for any damage caused to the data subject or third parties due to the submission of incorrect data by the data subject.
3. Processing of Customer Personal Data
3.1. The data processor may process the following personal data of the data subject:
3.1.1. First and last name;
3.1.2. Date of birth;
3.1.3. Phone number;
3.1.4. Email address;
3.1.5. Delivery address;
3.1.6. Bank account number;
3.1.7. Payment card details;
3.2. In addition to the above, the data processor has the right to collect data about the customer that is available in public registers.
3.3. The legal basis for processing personal data is Article 6(1) of the General Data Protection Regulation, points a), b), c), and f):
a) The data subject has given consent to process their personal data for one or more specific purposes;
b) The processing of personal data is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
c) The processing of personal data is necessary for the performance of a legal obligation to which the data controller is subject;
f) The processing of personal data is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, particularly where the data subject is a child.
3.4. Personal data processing according to the processing purpose:
3.4.1. Processing purpose – security and safety
Maximum retention period of personal data – according to the time limits set by law
3.4.2. Processing purpose – order processing
Maximum retention period of personal data – 5 years
3.4.3. Processing purpose – ensuring the operation of the online store services
Maximum retention period of personal data – 5 years
3.4.4. Processing purpose – customer management
Maximum retention period of personal data – 5 years
3.4.5. Processing purpose – financial activity, accounting
Maximum retention period of personal data – according to the time limits set by law
3.4.6. Processing purpose – marketing
Maximum retention period of personal data – we retain data (email address) only if the customer has consented to receive newsletters from us, and we will keep it until the customer expresses the desire to stop receiving newsletters.
3.5. The data processor has the right to share customer personal data with third parties, such as authorized processors, accountants, transport and courier companies, and companies providing transfer services. The data processor is the data controller of personal data.
3.6. When processing and storing the data subject’s personal data, the data processor implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
3.7. The data processor retains data about the data subject based on the purpose of processing, but no longer than for 5 years.
4. Rights of the Data Subject
4.1. The data subject has the right to access their personal data and review it.
4.2. The data subject has the right to obtain information about the processing of their personal data.
4.3. The data subject has the right to correct or update inaccurate data.
4.4. If the data processor processes the data subject’s personal data based on the data subject’s consent, the data subject has the right to withdraw consent at any time.
4.5. The data subject can exercise their rights by contacting the customer support of the online store at info@joosepi.ee.
4.6. The data subject also has the right to file a complaint with the Data Protection Inspectorate to protect their rights.
5. Final Provisions
5.1. These data protection terms have been created in accordance with the European Parliament and Council Regulation (EU) No. 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and the laws of the Republic of Estonia and the European Union.
5.2. The data processor has the right to modify these data protection terms in part or in full, notifying the data subjects of any changes via the website https://joosepi.ee/.
