1. General Provisions
1.1. This Privacy Policy regulates the principles governing the collection, processing, and storage of personal data. The controller responsible for the processing of personal data is BEIZ OÜ (registration number 16767502), hereinafter referred to as the data controller.
1.2. For the purposes of this Privacy Policy, a data subject is a customer or any other natural person whose personal data is processed by the data controller.
1.3. For the purposes of this Privacy Policy, a customer is any person who purchases goods or services from the data controller’s website.
1.4. The data controller processes personal data in accordance with applicable legislation and follows the principles of lawfulness, fairness, and security. The data controller is able to confirm that personal data has been processed in compliance with applicable laws.
2. Collection, Processing and Storage of Personal Data
2.1. Personal data collected, processed, and stored by the data controller is obtained electronically, primarily through the website and email communication.
2.2. By submitting personal data, the data subject grants the data controller the right to collect, organize, use, and manage personal data for the purposes specified in this Privacy Policy, which the data subject provides directly or indirectly when purchasing goods or services through the website.
2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. Providing knowingly false information is considered a violation of this Privacy Policy. The data subject must immediately notify the data controller of any changes to the provided information.
2.4. The data controller is not responsible for any damage caused to the data subject or third parties due to the submission of incorrect data by the data subject.
3. Processing of Customer Personal Data
3.1. The data controller may process the following personal data of the data subject
First and last name
Date of birth
Phone number
Email address
Delivery address
Bank account number
Payment card details
3.2. In addition, the data controller may collect information about the customer from public registers where available.
3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR)
a) the data subject has given consent to the processing of personal data for one or more specific purposes
b) processing is necessary for the performance of a contract with the data subject or to take steps prior to entering into a contract
c) processing is necessary to comply with a legal obligation
f) processing is necessary for the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject
4. Purposes of Personal Data Processing
Personal data may be processed for the following purposes
Security and safety
Retention period – in accordance with legal requirements
Order processing
Retention period – up to one year
Operation of online store services
Retention period – up to one year
Customer management
Retention period – up to one year
Financial activities and accounting
Retention period – in accordance with legal requirements
Marketing activities
Retention period – up to one year
4.1. The data controller may share customer personal data with third parties such as authorized data processors, accountants, transport and courier companies, and payment service providers.
The data controller is the responsible processor of personal data. For the purpose of processing payments, necessary personal data may be transferred to the authorized processor Maksekeskus AS.
4.2. The data controller implements organizational and technical security measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
4.3. Personal data is stored depending on the purpose of processing, but no longer than five years.
5. Rights of the Data Subject
5.1. The data subject has the right to access and review their personal data.
5.2. The data subject has the right to receive information about the processing of their personal data.
5.3. The data subject has the right to correct or update inaccurate data.
5.4. If personal data is processed based on consent, the data subject has the right to withdraw consent at any time.
5.5. To exercise their rights, the data subject may contact customer support at
info@rehvidekeskus.ee
5.6. The data subject also has the right to file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
6. Final Provisions
6.1. This Privacy Policy has been prepared in accordance with
Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) the Personal Data Protection Act of the Republic of Estonia other applicable legislation of the European Union and the Republic of Estonia
6.2. The data controller reserves the right to partially or fully amend this Privacy Policy, notifying users of changes via the website
