Chat now

Privacy policy

1. General provisions

1.1. This Privacy Policy regulates the principles governing the collection, processing and storage of personal data. Personal data is collected and stored by the controller of personal data Furgner OÜ, registry code 12460379, address Sakala 7-19, Tallinn, Harju county 10141 (hereinafter controller).

1.2. For the purposes of the Privacy Policy, a data subject is a client or other natural person whose personal data is processed by the data controller. For the purposes of the Privacy Policy, a client is anyone who purchases goods or services from the data controller’s website.

1.3. When making an order from the data controller’s online store, the data subject agrees to the terms and conditions of this Privacy Policy by clicking the appropriate box in the order.

1.4. The controller follows the principles of data processing provided by legislation, among other the controller is processing personal data legally, fairly and securely. The controller is able to confirm that personal data have been processed in accordance with the legislation.

1.5 The personal data collected, processed and stored by the data controller is collected electronically, mainly through the website when making an order and via e-mail. When submitting an order, the personal data of the data subject entered by the data subject shall be entered in the client register and used for the performance of the sales contract and the offering of products to the data subject.

1.6. By sharing the personal data, the data subject gives the data controller the right to collect, organize, use and manage personal data for the purposes defined in the Privacy Policy, which the data subject shares directly or indirectly with the controller when purchasing goods or services on the website.

1.7. The data subject is responsible for ensuring that the data provided is accurate, correct and complete. Knowingly providing false information is considered a violation of the Privacy Policy. The data subject is obliged to immediately notify the data controller of any changes in the submitted data.

1.8. The data controller is not liable for any damage caused to the data subject or third parties caused by the submission of false data by the data subject.

 

2. Processing and storage of clients' personal data

2.1. The data controller may process the following personal data of the data subject: first name and surname, personal identification code, phone number, e-mail address, delivery address, payment method, purchase history, bank account number, acceptance of terms of use, and acceptance of receipt of sales offers.

The data controller cannot see the data subject's bank card details. In order to make a transaction, the client is directed to the secure environment of Maksekeskus AS. At the time of payment, the client's bank card details are entered by the client into the database located on the server of Maksekeskus AS and the data is stored on the server of Maksekeskus AS. The data controller is not responsible for the use of data by Maksekeskus AS.

2.2. In addition to the above, the controller has the right to collect data about the client that is available in public registers.

2.3. The legal basis for the processing of personal data is Article 6 (1) a), b), c) and f) of the General Data Protection Regulation:

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The source of personal data and the basis for their processing is the establishment of a customer relationship under the terms of use when registering an order in the online store. The processing of personal data is a condition of the contractual relationship.

2.4. Purpose and storage of personal data

2.4.1 Purpose

Personal data is used to manage client orders and deliver goods.

Purchase history data (purchase date, goods, quantity, client data) is used to compile an overview of purchased goods and services and to analyse client preferences.

The bank account number is used to return payments to the client.

Personal data, such as e-mail, phone number, client name, is processed to resolve issues related to the provision of goods and services (customer support).

The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and to compile website usage statistics.

2.4.2. Storage

The data controller retains the data of the data subjects depending on the purpose of the processing.

When closing the client account of the online store, personal data will be deleted, unless such data needs to be kept for accounting or for resolving consumer disputes.

If the purchase in the online store has been made without a client account, the purchase history will be stored for three years.

In the event of a dispute over payments and consumer disputes, personal data will be kept until the claim is met or the limitation period expires.

Personal data required for accounting purposes will be kept for seven years.

2.5. The data controller has the right to share personal data of clients with third parties, such as online store customer support, authorised data controllers, accountants, transportation and courier companies, manufacturers of goods, companies providing transmission services.

The data controller undertakes not to transfer the personal data of clients to unauthorised third parties, unless the obligation to transfer personal data arises from law.

2.6. When processing and storing personal data of the data subject, the controller shall implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

The transfer of personal data to the authorised processors of the online store (e.g. transportation service provider and data hosting) takes place on the basis of agreements concluded with the online store and the authorised processors. Authorised processors undertake to ensure appropriate safeguards for the processing of personal data.

2.7. The data controller is the chief processor of personal data. The data controller forwards the personal data necessary for making payments to the authorised processor Maksekeskus AS.

2.8. Personal data is stored on the servers of ELKDATA OÜ, located in the territory of a Member State of the European Union or countries that have joined the economic area of ​​the European Union. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that have joined the Privacy Shield framework.

2.9. The employees of the online store have access to personal data to access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.

 

3. Rights of data subject

3.1. The data subject has the right to access and review their personal data. Registered users can access personal data in the user profile of the online store, unregistered clients can access personal data through customer support.

3.2. The data subject has the right to receive information on the processing of own personal data.

3.3. The data subject has the right to supplement or correct inaccurate data.

3.4. If the data controller processes the personal data of the data subject on the basis of the data subject's consent, the data subject has the right to withdraw the consent at any time.

3.5. The data subject consents the data controller to send advertising materials and sales offers to the e-mail address entered by the data subject when submitting the order, if the data subject has expressed a wish to receive such notifications when submitting the order (clicking the appropriate box).

3.6. In order to exercise the rights, the data subject can contact the online store customer support at (info@furgner.com).

3.7. In order to protect the rights, the data subject can submit a complaint to the Data Protection Inspectorate (info@aki.ee).

4. Final provisions

4.1. The data protection terms and conditions have been compiled in accordance with the Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and legislation of the Republic of Estonia and the European Union.

4.2. The data controller has the right to partly or fully change the data protection terms and conditions by notifying the data subjects of the changes via the website (www.furgner.com).