Terms of personal data
The data subject (hereinafter Client) who uses www.kivilaine.ee web shop and whose data is processed, gives the right for processing personal data according to the following conditions. The personal data processing is necessary for the functioning of the e-shop services. The use of company services is not possible without processing the data. The conditions have been updated to correspond with the new European Union General Data Protection Regulation which can be viewed here>>
The controller of the personal data is OÜ Kivilaine
Registration code no.: 10074074
Address: Pärnu mnt 8, Tallinn 10148
E-mail: firstname.lastname@example.org (hereinafter Processor).
The Processor may authorise other persons or institutions (hereinafter Authorised Processor) to process the Client’s personal data under the condition that the Authorised Processor has signed an agreement with the Processor according to which the Authorised Processor is obligated to keep the processed personal data as confidential as well as to ensure the personal data protection according to fulfilment of obligations specified in the Authorised Processor legislation. A current list of Authorised Processors including names, addresses and other contact information is made accessible by the Processor to the Client according to the Client’s application. The Processor will not forward the Client’s personal data to any third parties not mentioned in the current agreement, unless such a right or obligation arises from legislation.
The Client has all the personal data rights derived from legislation concerning his/her own personal data. The Client has, among others, the right to obtain from the Processor the personal data held, demand the correction of inaccurate personal data and demand the cessation of data processing. Additionally, the Client has the right to forbid the forwarding of data to third parties at any time whose aim is to use the data for consumer research or direct marketing activities. The client also has the right to demand compensation for the damage caused through illegal personal data processing. In addition to the previously listed points, the Client has the right to contact the Processor as well as the Estonian Data Protection Inspectorate concerning questions regarding his/her own personal data. The website address of the Estonian Data Protection Inspectorate is www.aki.ee.
The Client has all the rights arising from personal data protection legislation concerning his/her own personal data, incl.:
- The right to receive clear and understandable information concerning his/her own data which means applying for access to the personal data, requesting the correction or deletion of data as well as restricting the processing;
- The right to transfer the data (www.aki.ee) which, at the same time, must not damage the rights and freedoms of other data subjects;
- The right to revoke the initial agreement concerning data processing;
- The right to turn to monitoring institutions to receive protection;
- The right to demand correction of inaccurate personal data as well as the cessation of data processing and the forwarding of personal data to third parties for conducting consumer research or direct marketing.
The Processor may process (including collect, store and forward) the Client’s following personal data (depending on service and the data you have forwarded only a part of the data may be processed):
- Name and identity code;
- Contact details;
- Products and services purchased by the Client, their prices and location e-shop
- Client’s birth date (if the Client has forwarded the data to the Processor when becoming a member of the Loyalty Programme);
- Client’s residential or postal address;
- Client’s e-mail address;
- Client’s mobile phone number;
- Client’s age and gender;
- Client’s Loyalty Programme username and password;
- Client’s IP-address;
- Client’s mobile phone identification data;
- The usage purpose of products and services;
- Client’s purchase dates;
- Client’s service use history;
- Information on joining, orders and payments in mailing lists;
- Client’s contact data in social media services, e.g. Facebook username;
- Client’s location data;
- Client’s nickname or screen name;
- Client’s profile picture or avatar;
- Content the Client makes available through the service.
The Processor processes the Client’s personal data with the following aims:
- Making discounts in the Loyalty Programme framework;
- Providing the user a report on his/her purchases, services used and bookings made;
- Carrying out market research (incl. making a birthday offer);
- Consumer research;
- Compiling sales statistics;
- Organising direct marketing;
- Making the Client personal recommendations to make the offer conform with the Client’s preferences and give the Client better and more personal recommendations within the product framework;
- Improving the service and dealing with problems within the service to improve its content;
- Giving the Client hints and tips about how to better use the service, informing the Client of new service functions and forwarding the Client information which may be of interest to the Client.
The Client is obligated to forward the Processor all applications concerning personal data digitally signed using the e-mail address email@example.com to ensure a high level of security while the personal data is being processed.
Should the Processor need to present the Client data for fulfilling the application, then the Client and Processor’s representative agree upon the data presentation means and deadline taking into consideration reasonable bilateral interests concerning an effective and rapid procedure. The Processor usually completes the required actions within 5 working days, unless the Client and Processor have separately agreed upon an alternative deadline.