Privacy Policy
Privacy Policy
1. General Provisions
1.1. This Privacy Policy governs the principles governing the collection, processing and storage of personal data. Personal data is collected, processed and stored by the main processor of personal data Võtmekeskus OÜ (hereinafter the data processor).
1.2. For the purposes of the Privacy Policy, the data subject is the client or other natural person whose personal data is processed by the data processor.
1.3. For the purposes of the Privacy Policy, a client is anyone who purchases goods or services from the website of a data processor.
1.4. The data processor follows the principles of data processing provided by law, including the data processor processing personal data in a lawful, fair and secure manner. The data processor can confirm that the personal data has been processed in accordance with the law.
2. Collection, processing and storage of personal data.
2.1. The personal data that is collected, processed and stored by the data processor is collected electronically, mainly via the website and email.
2.2. By sharing his personal data, the data subject gives the data processor the right to collect, organize, use and manage personal data for the purposes specified in the privacy policy, which the data subject shares directly or indirectly with the data processor when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring the accuracy, correctness and completeness of the data provided to them. Deliberately providing false information is considered a violation of our privacy policy. The data subject is obliged to immediately notify the data processor of any changes in the data provided.
2.4. The data processor is not liable for any damage caused to the data subject or third parties caused by the provision of false data by the data subject.
3. Processing of personal data of clients.
3.1. The data processor may process the following personal data of the data subject:
3.1.1. Name and surname;
3.1.2. Company name and address
3.1.3. Phone number;
3.1.4. E-mail address;
3.1.5. Delivery address;
3.1.6. Current account number;
3.1.7. Payment card details;
3.2. In addition to the above, the data processor has the right to collect customer data that is available in public registers.
3.3. The legal basis for the processing of personal data is § 6 (1) a), b), c) and f) GDPR:
(a) the data subject has given his consent to the processing of his personal data for one or more specific purposes;
(b) the processing of personal data is necessary to fulfill a contract concluded with the participation of the data subject or to take pre-contractual measures at the request of the data subject;
(c) the processing of personal data is necessary to fulfill a legal obligation of the processor;
(f) the processing of personal data is necessary in the legitimate interests of the processor or a third party, unless such interest outweighs the interests of the data subject or the fundamental rights and freedoms in respect of which the personal data should be protected, in particular if the data subject is a child.
3.4. Processing of personal data in accordance with the purpose of processing:
3.4.1. The purpose of the processing is security and safety
The maximum storage period for personal data is in accordance with the conditions established by law.
3.4.2. Purpose of processing - order processing
The maximum storage period for personal data is 2 years.
3.4.3. The purpose of processing is to ensure the operation of the services of the online store.
The maximum storage period for personal data is 2 years.
3.4.4. The purpose of the processing is customer management
The maximum storage period for personal data is 2 years.
3.4.5. Purpose of processing - financial activities, accounting
The maximum storage period for personal data is in accordance with the conditions established by law.
3.4.6. The purpose of the processing is marketing
The maximum storage period for personal data is 2 years.
3.5. The data processor has the right to transfer personal data of clients to third parties, such as authorized data processors, accountants, transport and courier companies, companies providing transmission services. The data processor is the processor of personal data. The data processor transfers the personal data necessary for making payments to the authorized processor Maksekeskus AS.
3.6. When processing and storing the personal data of the data subject, the processor takes organizational and technical measures to ensure the protection of personal data from accidental or illegal destruction, alteration, disclosure and any other illegal processing.
3.7. The data processor must store the data of the data subjects, depending on the purpose of the processing, but for no longer than 2 years.
4. Rights of the data subject
4.1. The data subject has the right to access and verify his personal data.
4.2. The data subject has the right to receive information about the processing of his personal data.
4.3. The data subject has the right to supplement or correct inaccurate data.
4.4. If the data processor processes the personal data of the data subject on the basis of the consent of the data subject, the data subject has the right to revoke the consent at any time.
4.5. To exercise the rights, the data subject may contact the customer support service of the e-shop at info@autolukuabi.ee.
4.6. In order to protect his rights, the data subject has the opportunity to lodge a complaint with the Estonian Data Protection Inspectorate.