Privacy Policy
1. General provisions
1.1. This privacy policy governs the principles governing the collection, processing and storage of personal data. Personal data is processed and stored by Pikka Candles (SIA GP Studio), which is the controller of personal data (hereinafter - the controller).
1.2. For the purposes of this Privacy Policy, the data subject is the customer or other natural person whose personal data are processed by the controller.
1.3. For the purposes of this Privacy Policy, a customer is anyone who purchases goods or services on the controller's website.
1.4. The controller shall respect the legal principles regarding the processing of personal data and, inter alia, process personal data in a lawful, fair and secure manner. The controller may declare that personal data have been processed in accordance with the provisions of the law.
2. Collection, processing and storage of personal data
2.1. Personal data collected, processed and stored by the controller is collected electronically, mainly through a website and e-mail.
2.2. By sharing his personal data, the data subject grants the controller the right to collect, organize, use and administer, for the purposes set out in the Privacy Policy, personal data with which the data subject directly or indirectly shares with the controller when purchasing goods. or services on the site.
2.3. The data subject is responsible for the accuracy, correctness and integrity of the data they submit. Deliberately providing false information is considered a violation of our privacy policy. The data subject is obliged to notify the controller immediately of any changes to the submitted data.
2.4. The controller shall not be liable for any loss or damage caused to the data subject or to a third party as a result of the submission of false data by the data subject.
3. Processing of customers' personal data
3.1. The controller may process the following personal data of the data subject:
3.1.1. Name and surname;
3.1.2. Date of birth;
3.1.3. Phone Number;
3.1.4. E-mail address;
3.1.5. Delivery address;
3.1.6. Bank Account Number;
3.1.7. Payment card data;
3.2. In addition to the above, the controller has the right to collect customer data that is available in public registers.
3.3. Legal basis for the processing of personal data in Article 6 (1) (a), (b), (c) and (f) of the General Data Protection Regulation:
(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) processing is necessary for the purposes of the legitimate interests of the controller or of a third party, unless such interests exceed the interests of the data subject or the fundamental rights and freedoms requiring the protection of personal data, in particular where the data subject is a child.
3.4. Processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing - security and safety
Maximum storage time of personal data - in accordance with the terms specified by law
3.4.2. Purpose of processing - order processing
Maximum storage period of personal data - 3 months
3.4.3. The purpose of processing is to ensure the operation of online store services
Maximum storage period of personal data - 3 months
3.4.4. Purpose of processing - customer management
Maximum storage period of personal data - 3 months
3.4.5. Purpose of processing - financial activities, accounting
Maximum storage time of personal data - in accordance with the terms specified by law
3.4.6. Purpose of processing - marketing
Maximum storage period of personal data - 3 months
3.5. The controller has the right to share customers' personal data with third parties, such as processors, accountants, transport and courier companies, companies providing transfer services. The controller is responsible for the processing of personal data. The controller transfers the personal data necessary for making payments to the processor Maksekeskus AS.
3.6. The controller shall process and store the personal data of the data subject by implementing organizational and technical measures to ensure that personal data are protected against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3.7. The controller shall store the data subject's data depending on the purpose of the processing, but not longer than 3 years.
4. Rights of the data subject
4.1. The data subject has the right to access and verify his or her personal data.
4.2. The data subject has the right to obtain information on the processing of their personal data.
4.3. The data subject has the right to modify or correct inaccurate data.
4.4. If the controller processes the personal data of the data subject on the basis of his or her consent, the data subject has the right to withdraw his or her consent at any time.
4.5. To exercise their rights, the data subject can contact online store customer support at hello@pikkacandles.eu
4.6. In order to protect his rights, the data subject may submit a complaint to the Data Protection Inspectorate.
5. Final provisions
5.1. These data protection terms and conditions have been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC Regulation on the Protection of Personal Data of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
5.2. The controller has the right to amend the data protection terms and conditions in part or in full by notifying the data subjects of the amendment via the website www.pikkacandles.eu