1. General provisions
1.1. This Privacy Policy governs the principles concerning the collection, processing and storage of personal data. Personal data are collected, processed and stored by the data controller Aastakäik OÜ (hereinafter referred to as the Data Controller).
1.2. For the purposes of this Privacy Policy, the Data Subject is a client or another natural person whose personal data are processed by the Data Controller.
1.3. For the purposes of this Privacy Policy, a client is anyone who buys goods or services from the Data Controller.
1.4. The Data Controller shall comply with the principles of data processing set out in legislation, inter alia, the Data Controller shall process personal data lawfully, fairly and securely. The Data Controller is able to confirm that personal data are processes as provided in legislation.
2. Collection, processing and storage of personal data
2.1. The personal data collected, processed and stored by the Data Controller are collected electronically, mainly through the website and e-mail.
2.2. By sharing their personal data, the Data Subject grants the Data Controller the right to collect, arrange, use and manage, for the purposes defined in the Privacy Policy, the personal data that the Data Subject directly or indirectly shares with the Data Controller when purchasing goods or services.
2.3. The Data Subject is responsible for making sure that the data they provide are accurate, correct and complete. Knowingly providing false information is considered a violation of the Privacy Policy. The Data Subject is obliged to inform the Data Controller immediately of any changes to the data provided.
2.4. The Data Controller is not liable for any damage caused to the Data Subject or third persons as a result of false data submitted by the Data Subject.
3. Processing of client’s personal data
3.1. The Data Controller may process the following personal data of the Data Subject:
3.1.1. first name and surname;
3.1.2. phone number;
3.1.3. e-mail address;
3.1.4. object address;
3.2. In addition to the above, the Data Controller has the right to collect data about the client that are available via public registers.
3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c) and (f) of the General Data Protection Regulation:
1. a) the Data Subject has given consent to the processing of their personal data for one or more specific purposes;
2. b) processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
3. c) processing is necessary for compliance with a legal obligation to which the controller is subject;
4. f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child.
3.4. Processing of personal data based on the purposes of the processing:
3.4.1. Purpose of processing – security
Maximum period of retention of personal data – in accordance with the time limits specified by the law
3.4.2. Purpose of processing – to process the order
Maximum period of retention of personal data – the company’s period of operation
3.4.3. Purpose of processing – client management
Maximum period of retention of personal data – the company’s period of operation
3.4.4. Purpose of processing – financial activities, accounting
Maximum period of retention of personal data – in accordance with the time limits specified by the law
3.5. The Data Controller has the right to share client’s personal data with third persons, such as processors, accountants, transport and courier companies.
3.6. When processing and storing the personal data of a Data Subject, the Data Controller shall take organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
4. Data Subject’s rights
4.1. The Data Subject has the right to access and examine their personal data.
4.2. The Data Subject has the right to get information about the processing of their personal data.
4.3. The Data Subject has the right to complete or amend inaccurate data.
4.4. If the Data Controller is processing the Data Subject’s personal data on the basis of the Data Subject’s consent, the Data Subject has the right to withdraw their consent at any time.
4.5. To exercise their rights, the Data Subject can contact the company at info@aastakaik.ee
4.6. The Data Subject has the right to lodge a complaint with the Data Protection Inspectorate to protect their rights.
5. Final provisions
5.1. These data protection terms have been prepared in line with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and legislation of the European Union.
5.2. The Data Controller has the right to amend the data protection terms in whole or in part by informing data subjects about such amendments through the website www.aastakaik.ee.