General provisions
1.1. This Privacy Policy sets out the principles governing the collection, processing and storage of personal data. The personal data is collected, processed and stored by the data controller MIRAI DESIGN OÜ (registration code 16405041), hereinafter referred to as the data processor.
1.2. For the purposes of this Privacy Policy, a data subject is a customer or other natural person whose personal data is processed by a data processor.
1.3. For the purposes of this Privacy Policy, a customer is anyone who purchases goods or services from the website of a data processor.
1.4. The data processor shall comply with the data processing principles laid down by law, including processing data lawfully, fairly and securely. The data controller is able to confirm that the personal data have been processed in accordance with the law.
Collection, processing and storage of personal data
2.1. The personal data collected, processed and stored by the data controller are collected electronically, mainly through the website and e-mail.
2.2. By sharing personal data, the data subject gives the data controller the right to collect, use and manage personal data for the purposes specified in the Privacy Policy.
2.3. The data subject is responsible for the accuracy and timeliness of the information provided. Providing false information will be considered a breach of the Privacy Policy.
2.4. The data controller shall not be liable for any damage caused to the data subject or to third parties as a result of the provision of false data.
Processing of customers’ personal data
3.1. A data processor may process the following personal data of a data subject:
- First name and surname
- Phone number
- E-mail address
- Address for service
- Current account number
- Payment card details
3.2. In addition, the data processor has the right to collect information from public registers.
3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c) and (f) of the GDPR.
3.4. Personal data will be processed in accordance with the following purposes and time limits:
- Safety and security – in accordance with the legal deadlines.
- Order processing – up to 7 years
- Ensuring the functioning of the e-shop – up to 3 years
- Client management – up to 5 years
- Financial activities, accounting – in accordance with legal deadlines
- Marketing – up to 3 years
3.5. The data processor has the right to share customers’ personal data with third parties, such as authorised data processors, accountants, transport and courier companies, and companies providing transfer services. The data processor is the controller of the personal data. The data processor shall transfer the personal data necessary for the execution of payments to the processor Maksekeskus AS.
3.6. When processing and storing personal data relating to a data subject, the data controller shall implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful forms of processing.
3.7. The data will be kept in accordance with the purposes for which it is processed, but for no longer than 7 years.
Data subject rights
4.1. The right to access and obtain information about the processing of your personal data.
4.2. Right to rectification or integration of data.
4.3. Right to withdraw consent where data are processed on the basis of consent.
4.4. Right to contact customer support by e-mail at the following address. info@etnoland.ee.
4.5. The right to lodge a complaint with the Data Protection Inspectorate.
Final provisions
5.1. The Privacy Policy has been drafted in accordance with the data protection legislation of the European Union and the Republic of Estonia.
5.2. The data processor has the right to modify the privacy policy by notifying the data subject by e-mail and by means of the website. https://etnoland.ee website.
