Privacy Policy
1. General provisions
1.1. This Privacy Policy governs the principles governing the collection, processing and storage of personal data. Personal data is collected and stored by the controller of personal data Kiti OÜ (hereinafter data processor).
1.2. For the purposes of this Privacy Policy, a data subject is a customer or other natural person whose personal data are processed by the data processor.
1.3. For the purposes of the Privacy Policy, "client" means anyone who purchases goods or services on the website of a data processor.
1.4. The data processor shall adhere to the principles of data processing provided by legislation, including the lawful, fair and secure processing of personal data by the data processor. The data processor is able to confirm that the personal data have been processed in accordance with the provisions of legislation.
2. Collection, processing and storage of personal data
2.1. The personal data collected, processed and stored by the data processor is collected electronically, mainly via the website and e-mail.
2.2. By sharing your personal data, the data subject grants the data processor the right to collect, organise, use and manage, for the purposes specified in the privacy policy, the personal data that the data subject directly or indirectly shares with the data processor when buying goods or services on the website.
2.3. The data subject shall be responsible for ensuring that the data provided by him/her are accurate, correct and complete. Submission of knowingly false information is considered a violation of the Privacy Policy. The data subject is required to immediately inform the data processor of any changes in the submitted data.
2.4. The data processor shall not be liable for any damage caused to the data subject or third parties by the submission of false information by the data subject.
3. Processing of personal data of customers3.1. The data processor may process the following personal data of the data subject:3.1.1 First and last name;
3.1.2. Phone number;
3.1.3. Email address;
3.1.4. Delivery address;
3.2. In addition to the above, the data processor has the right to collect data about the client that are available in public registers.
3.3. The legal basis for the processing of personal data is Section 6 (1) (a), (b), (c) and (f) of the GDPR: (a) the data subject has consented to the processing of his or her personal data for one or more specific purposes; (b) the processing of personal data is necessary for the performance of a contract concluded with the data subject or for the taking of measures prior to the conclusion of a contract in accordance with the data subject's request; (c) the processing of personal data is necessary for the performance of a legal obligation of the controller; (f) the processing of personal data is necessary for the legitimate interest of the controller or a third party, unless such interest is outweighed by the interests or fundamental rights and freedoms of the data subject, in which personal data must be protected, in particular if the data subject is a child.
3.4. Processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing - security and securityThe maximum period of storage of personal data - according to the deadlines specified in the Act
3.4.2. Purpose of processing - processing of the orderMaximum period of storage of personal data 12 months
3.4.3. Purpose of processing - ensuring the functioning of the e-shop services Maximum period of storage of personal data - 12 months
3.4.4. Purpose of processing - customer managementMaximum period of storage of personal data - 12 months
3.4.5. Purpose of processing - financial activities, accounting Maximum period of storage of personal data - according to the deadlines specified in the Act
3.4.6. Purpose of processing - marketingMaximum period of storage of personal data - 12 months
3.5. The data processor has the right to share the personal data of clients with third parties, such as authorised data processors, accountants, transport and courier companies, companies providing transmission services. The data processor is the controller of personal data. The data processor shall forward the personal data necessary for the execution of payments to the authorised processor Maksekeskus AS.
3.6. Upon processing and storage of personal data of a data subject, the data processor shall take organisational and technical measures which ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3.7. The data processor shall store the data of the data subjects depending on the purpose of the processing, but for no longer than 3 years.4. Rights of the data subject
4.1. The data subject has the right to access and access their personal data.
4.2. The data subject has the right to receive information on the processing of his/her personal data.
4.3. The data subject has the right to supplement or correct inaccurate data.
4.4. If the data processor processes the personal data of the data subject on the basis of the consent of the data subject, the data subject has the right to withdraw the consent at any time.
4.5. In order to exercise the rights, the data subject can contact the customer support of the e-shop at info@kassiliiv.eu.
4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate.
5. Final provisions
5.1. These data protection conditions have been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC / EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
5.2. The data processor has the right to change the data protection conditions in part or in full by notifying the data subjects of the changes via the website www.kassiliiv.eu.
1.1. This Privacy Policy governs the principles governing the collection, processing and storage of personal data. Personal data is collected and stored by the controller of personal data Kiti OÜ (hereinafter data processor).
1.2. For the purposes of this Privacy Policy, a data subject is a customer or other natural person whose personal data are processed by the data processor.
1.3. For the purposes of the Privacy Policy, "client" means anyone who purchases goods or services on the website of a data processor.
1.4. The data processor shall adhere to the principles of data processing provided by legislation, including the lawful, fair and secure processing of personal data by the data processor. The data processor is able to confirm that the personal data have been processed in accordance with the provisions of legislation.
2. Collection, processing and storage of personal data
2.1. The personal data collected, processed and stored by the data processor is collected electronically, mainly via the website and e-mail.
2.2. By sharing your personal data, the data subject grants the data processor the right to collect, organise, use and manage, for the purposes specified in the privacy policy, the personal data that the data subject directly or indirectly shares with the data processor when buying goods or services on the website.
2.3. The data subject shall be responsible for ensuring that the data provided by him/her are accurate, correct and complete. Submission of knowingly false information is considered a violation of the Privacy Policy. The data subject is required to immediately inform the data processor of any changes in the submitted data.
2.4. The data processor shall not be liable for any damage caused to the data subject or third parties by the submission of false information by the data subject.
3. Processing of personal data of customers3.1. The data processor may process the following personal data of the data subject:3.1.1 First and last name;
3.1.2. Phone number;
3.1.3. Email address;
3.1.4. Delivery address;
3.2. In addition to the above, the data processor has the right to collect data about the client that are available in public registers.
3.3. The legal basis for the processing of personal data is Section 6 (1) (a), (b), (c) and (f) of the GDPR: (a) the data subject has consented to the processing of his or her personal data for one or more specific purposes; (b) the processing of personal data is necessary for the performance of a contract concluded with the data subject or for the taking of measures prior to the conclusion of a contract in accordance with the data subject's request; (c) the processing of personal data is necessary for the performance of a legal obligation of the controller; (f) the processing of personal data is necessary for the legitimate interest of the controller or a third party, unless such interest is outweighed by the interests or fundamental rights and freedoms of the data subject, in which personal data must be protected, in particular if the data subject is a child.
3.4. Processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing - security and securityThe maximum period of storage of personal data - according to the deadlines specified in the Act
3.4.2. Purpose of processing - processing of the orderMaximum period of storage of personal data 12 months
3.4.3. Purpose of processing - ensuring the functioning of the e-shop services Maximum period of storage of personal data - 12 months
3.4.4. Purpose of processing - customer managementMaximum period of storage of personal data - 12 months
3.4.5. Purpose of processing - financial activities, accounting Maximum period of storage of personal data - according to the deadlines specified in the Act
3.4.6. Purpose of processing - marketingMaximum period of storage of personal data - 12 months
3.5. The data processor has the right to share the personal data of clients with third parties, such as authorised data processors, accountants, transport and courier companies, companies providing transmission services. The data processor is the controller of personal data. The data processor shall forward the personal data necessary for the execution of payments to the authorised processor Maksekeskus AS.
3.6. Upon processing and storage of personal data of a data subject, the data processor shall take organisational and technical measures which ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3.7. The data processor shall store the data of the data subjects depending on the purpose of the processing, but for no longer than 3 years.4. Rights of the data subject
4.1. The data subject has the right to access and access their personal data.
4.2. The data subject has the right to receive information on the processing of his/her personal data.
4.3. The data subject has the right to supplement or correct inaccurate data.
4.4. If the data processor processes the personal data of the data subject on the basis of the consent of the data subject, the data subject has the right to withdraw the consent at any time.
4.5. In order to exercise the rights, the data subject can contact the customer support of the e-shop at info@kassiliiv.eu.
4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate.
5. Final provisions
5.1. These data protection conditions have been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC / EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
5.2. The data processor has the right to change the data protection conditions in part or in full by notifying the data subjects of the changes via the website www.kassiliiv.eu.