0

Privacy Policy

  1. General provisions
    1.1. This Privacy Policy governs the principles of collection, processing and storage of personal data. Personal data are collected, processed and stored by the responsible data processor – Gelardo OÜ (hereinafter – the Data Processor).
    1.2. For the purposes of this Privacy Policy, a data subject is a client or any other natural person whose personal data are processed by the Data Processor.
    1.3. For the purposes of this Privacy Policy, a client is any person who purchases goods or services on the Data Processor’s website.
    1.4. The Data Processor complies with the principles of data processing established in the applicable legislation and processes personal data lawfully, fairly and securely. The Data Processor can demonstrate that personal data have been processed in accordance with the requirements of the legislation.
  2. Collection, processing and storage of personal data
    2.1. The personal data collected, processed and stored by the Data Processor are collected electronically, mainly via the website and e-mail.
    2.2. By providing his or her personal data, the data subject grants the Data Processor the right to collect, systematise, use and manage personal data for the purposes specified in this Privacy Policy – regardless of whether the data subject provides such data directly or indirectly by purchasing goods or services on the website.
    2.3. The data subject is responsible for the accuracy, correctness and completeness of the data provided. The intentional provision of false data is considered a breach of this Privacy Policy. The data subject is obliged to promptly notify the Data Processor of any changes to the data provided.
    2.4. The Data Processor is not liable for any damage caused to the data subject or third parties as a result of the data subject providing inaccurate information.
  3. Processing of clients’ personal data
    3.1. The Data Processor may process the following personal data of the data subject:
    3.1.1. First name and surname
    3.1.2. Date of birth
    3.1.3. Telephone number
    3.1.4. E-mail address
    3.1.5. Delivery address
    3.1.6. Bank account number
    3.2. In addition to the above, the Data Processor has the right to collect information about the client that is available in public registers.
    3.3. The legal basis for the processing of personal data is Article 6(1), points (a), (b), (c) and (f) of the General Data Protection Regulation (GDPR):
    a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    b) the processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
    c) the processing is necessary for compliance with a legal obligation to which the Data Processor is subject;
    f) the processing is necessary for the purposes of the legitimate interests pursued by the Data Processor or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
    3.4. Processing of personal data according to purpose:
    3.4.1. Purpose – safety and security
    Maximum storage period – in accordance with the time limits laid down by law
    3.4.2. Purpose – order processing
    Maximum storage period – 24 months
    3.4.3. Purpose – provision of e-shop services
    Maximum storage period – 24 months
    3.4.4. Purpose – customer management
    Maximum storage period – 24 months
    3.4.5. Purpose – financial activities, accounting
    Maximum storage period – in accordance with the time limits laid down by law
    3.4.6. Purpose – marketing
    Maximum storage period – 24 months
    3.5. The Data Processor has the right to transfer clients’ personal data to third parties such as authorised processors, accountants, transport and courier companies, and providers of payment services. The Data Processor is the responsible controller of personal data. The personal data necessary for processing payments are transferred to the authorised processor Maksekeskus AS.
    3.6. When processing and storing personal data, the Data Processor applies organisational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure or any other unlawful processing.
    3.7. The Data Processor stores the personal data of data subjects depending on the purpose of the processing, but no longer than 2 years.
  4. Rights of the data subject
    4.1. The data subject has the right to access his or her personal data and to familiarise himself or herself with them.
    4.2. The data subject has the right to obtain information about the processing of his or her personal data.
    4.3. The data subject has the right to supplement or rectify inaccurate data.
    4.4. Where the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw his or her consent at any time.
    4.5. To exercise his or her rights, the data subject may contact the e-shop customer support service at: info@digilema.com
    4.6. The data subject has the right to lodge a complaint with the Data Protection Inspectorate.
  5. Final provisions
    5.1. This Privacy Policy has been drawn up in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
    5.2. The Data Processor has the right to make partial or complete amendments to this Privacy Policy by notifying the data subjects thereof via the website www.digilema.ee.

Do you have any questions?

Leave a request and we will contact you

Question Form

By clicking the send button you agree to the privacy policy