1.1 This Privacy Policy sets out the principles governing the collection, processing and storage of personal data. Personal data is processed and stored OILIKA OÜ, reg. code: 16111397who is the controller of the personal data (hereinafter referred to as the "controller").
1.2 For the purposes of this Privacy Policy, data subject means the customer or other natural person whose personal data is processed by the controller.
1.3 For the purposes of this Privacy Policy, "customer" means any person who purchases goods or services from the website of the controller.
1.4 The controller shall comply with the principles of processing personal data set out in the law and shall process personal data in a lawful, fair and secure manner. The controller may declare that the personal data have been processed in accordance with the law.
2.1 The personal data that the controller collects, processes and stores is collected electronically, mainly through the website and e-mail.
2.2 By submitting his/her personal data, the data subject grants the controller the right to collect, organise, use and manage, for the purposes specified in the Privacy Policy, the personal data that the data subject shares with the controller, directly or indirectly, when purchasing goods or services from the website or when purchasing a service.
2.3 The data subject is responsible for the accuracy, correctness and completeness of the data he/she provides. Knowingly submitting false information will be considered a breach of the Privacy Policy. The data subject shall promptly notify the controller of any changes to the data provided.
2.4 The controller shall not be liable for any damage caused to the data subject or to a third party as a result of the provision of false information.
3.1 The controller may process the following personal data of the data subject:
3.1.1 First name and surname;
3.1.2 Date of birth;
3.1.3 Telephone number;
3.1.4. e-mail address;
3.1.5 Address for service;
3.1.6. bank account number;
3.1.7. Payment card details;
3.2 In addition to the foregoing, the controller is entitled to collect customer data that is available in public registers.
3.3 Legal basis for the processing of personal data Article 6(1)(a), (b), (c) and (f) of the GDPR:
(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of activities requested by the data subject prior to entering into the contract;
(c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless those interests override the interests of the data subject or fundamental rights and freedoms which require the protection of personal data, in particular where the data subject is a child.
3.4 Processing of personal data for the purposes for which it is processed:
3.4.1 Purpose of the processing - safety and security
Maximum retention period of personal data - in accordance with the time limits set by law.
3.4.2 The purpose of processing is the processing of orders.
The maximum retention period for personal data is 1 year.
3.4.3 The purpose of the processing is to ensure the functioning of the e-shop services.
The maximum retention period for personal data is 1 year.
3.4.4 Purpose of the processing - customer management.
The maximum retention period for personal data is 1 year.
3.4.5 Purpose of processing - financial activities, accounting.
Maximum retention period of personal data - in accordance with the conditions laid down by law.
3.4.6 Purpose of processing - marketing Maximum retention period of personal data - 2 years.
3.5 The Controller has the right to transfer the personal data of customers to third parties, such as processors, accountants, transport and courier companies, translation companies. The controller is responsible for the processing of personal data. The controller will transfer the personal data necessary for the processing of payments to the processor Montonio Finance.
3.6 The controller processes and stores the personal data of the data subject by implementing organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and other unlawful forms of processing.
3.7 The data controller shall keep the data subjects' data for a period depending on the purpose of the processing, but not longer than 2 years.
4.1 Data subjects have the right to access and verify their personal data.
4.2 The data subject has the right to be informed about the processing of his or her personal data.
4.3 The data subject has the right to modify or correct inaccurate data.
4.4 Where the controller processes personal data on the basis of the data subject's consent, the data subject has the right to withdraw his or her consent at any time.
4.5 In order to exercise his/her rights, the data subject may contact the e-shop's customer service at the following address. info@oilika.ee.
4.6 In order to protect his/her rights, the data subject may lodge a complaint with the Data Protection Inspectorate.
5.1 These Data Protection Terms and Conditions have been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EU (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
5.2 The controller has the right to modify the data protection conditions, in whole or in part, by informing the data subjects of the modifications through. www.oilika.ee.
