1. General provisions
1.1. This Privacy Policy sets out the principles governing the collection, processing and storage of personal data. Personal data is collected, processed and stored by the controller of personal data OÜ Raamatuvabrik (hereinafter referred to as the data controller).
1.2. For the purposes of the Privacy Policy, a data subject is a customer or other natural person whose personal data is processed by the data processor.
1.3. Customer for the purposes of the Privacy Policy is anyone who purchases goods or services from the website of the Data Processor.
1.4. The Data Controller shall comply with the data processing principles laid down in the legislation, including the lawful, fair and secure processing of personal data. The data controller shall be able to confirm that the personal data have been processed in accordance with the law.
2. Collection, processing and storage of personal data
Isikuandmed, mida andmetöötleja kogub, töötleb ja säilitab, on kogutud elektrooniliselt, peamiselt kodulehe ja e-posti vahendusel.
2.3. It is the responsibility of the data subject to ensure that the data he or she has provided is accurate, correct and complete. Knowingly submitting false information will be considered a breach of the Privacy Policy. The data subject is obliged to inform the data processor immediately of any changes to the data provided.
2.4. The data controller shall not be liable for any damage caused by the submission of false data by the data subject to the data subject or to third parties.
3. Processing of customers’ personal data
3.1. The data processor may process the following personal data of the data subject:
3.1.1. First name and surname;
3.1.2. Phone number;
3.1.3. E-mail address;
3.1.4. Bank account number;
3.1.5. Payment card details;
3.2. In addition to the foregoing, the data controller is entitled to collect data about the customer that is available in public registers.
3.3. The legal basis for the processing of personal data is Article 6(1)(p) of the General Data Protection Regulation. a), b), c) and f): (a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes; (b) the processing of personal data is necessary for the performance of a contract entered into with the involvement of the data subject, or in order to take steps at the request of the data subject prior to entering into a contract; (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests override the interests of the data subject or the fundamental rights and freedoms for which the personal data must be protected, in particular where the data subject is a child.
3.4. Processing of personal data for the purposes for which they are processed:
3.4.1. Purpose of the processing – security and safety Maximum retention period of personal data – in accordance with the time limits specified by law
3.4.2. Purpose of the processing – processing of orders Maximum period of retention of personal data – 6 months.
3.4.3. Purpose of the processing – to ensure the functioning of the services of the e-shop Maximum period of retention of personal data – 6 months.
3.4.4. Purpose of the processing – customer management Maximum retention period – 6 months.
3.4.5. Purpose of the processing – financial activities, accounting Maximum retention period of personal data – in accordance with the time limits specified by law
3.4.6. Purpose of processing – marketing Maximum retention period of personal data – 6 months.
3.5. The data processor has the right to share the personal data of customers with third parties, such as authorised data processors, accountants, transport and courier companies, companies providing money transfer services The data processor is the controller of personal data. The data processor shall transmit the personal data necessary for the execution of payments to the processor.
3.6. When processing and storing the personal data of the data subject, the data processor shall implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3.7. The data processor shall keep the data subjects’ data for a period depending on the purpose of the processing, but not longer than 1 year.