PRIVACY TERMS
1. General Provisions
These privacy terms govern the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller Prangli Kodumajutus OÜ (hereinafter referred to as the "Data Controller").
a. A data subject, as defined by these privacy terms, is a customer or any other natural person whose personal data is processed by the Data Controller.
b. A customer, as defined by these privacy terms, is anyone who purchases goods or services from the Data Controller’s website.
c. The Data Controller follows the principles of data processing as set out in legal acts, including processing personal data lawfully, fairly, and securely. The Data Controller confirms that personal data has been processed in accordance with legal provisions.
These data protection terms have been drawn up in accordance with the European Parliament and Council Regulation (EU) No 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and other applicable Estonian and EU legislation.
​
2.What types of information do we collect?
Personal data collected, processed, and stored by the Data Controller is primarily gathered electronically through the website and email. We receive, collect, and store any information you enter on our website or provide to us in any other way.
a. By sharing personal data, the data subject grants the Data Controller the right to collect, organize, use, and manage personal data for the purposes defined in the privacy policy. This includes any data directly or indirectly provided when purchasing goods or services through the website.
b. The data subject is responsible for ensuring that the information provided is accurate, correct, and complete. Knowingly providing false information is considered a breach of the privacy policy. The data subject must promptly inform the Data Controller of any changes to the provided data.
c. The Data Controller is not liable for any damages caused to the data subject or third parties resulting from the provision of false information.
​
The Data Controller may process the following personal data of the data subject:
-
First and last name, phone number, email address, delivery address, account number, and the name of the payer (whether private or legal entity), as well as payment card details.
-
We also collect your IP address used to connect your computer to the Internet, login details, email address, password, computer and connection information, and purchase history.
-
We may use software tools to measure and collect session information, including page response times, visit durations for certain pages, page interaction information, and methods used to leave the page.
-
Additionally, we collect identifiable information (including name, email address, password, and communication), payment information (including credit card information), comments, feedback, product reviews, recommendations, and personal profiles.
​
Furthermore, the Data Controller has the right to collect data about the customer from public registers.
The legal basis for processing personal data is Article 6(1) (a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a. The data subject has given consent to the processing of their personal data for one or more specific purposes;
b. The processing of personal data is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
c. The processing of personal data is necessary for compliance with a legal obligation to which the Data Controller is subject;
f. The processing of personal data is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly if the data subject is a child.
​
3. Why do we collect and store personal data for a long time?
a. To provide and manage orders, we store data for up to seven years after making a purchase.
b. To provide customer assistance, customer management and technical support, we store data for up to seven years after making a purchase.
c. To comply with applicable laws and regulations, including financial activities and accounting. we keep the data for 7 years after the last transaction.
d. In order to be able to contact our visitors and users with general or personalized service-related notices and advertising messages, we retain until the data subject expresses a wish to stop receiving the information.
Our company is hosted on the Wix.com platform. Wix.com provides us with an online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com's data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company meet the standards established by PCI-DSS, which is administered by the PCI Security Standards Council, a collaborative effort of brands such as Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card data by our store and its service providers.
​
The data processor stores the data of the data subjects depending on the purpose of the processing, but not longer than 10 years.
​
4. Who do we share personal data with?
a. The data processor has the right to share customers' personal data with third parties, such as authorized data processors, accountants, transport and courier companies, companies providing transfer services. The data processor is the responsible processor of personal data.
The data processor transmits the personal data necessary for making payments to the authorized processor Maksekeskus AS and the payment intermediary platform Stripe.com.
b. When processing and storing the personal data of the data subject, the data processor implements organizational and technical measures that ensure the protection of personal data against accidental or illegal destruction, modification, disclosure and any other illegal processing.
5. What are the rights of the data subject?
a. The data subject has the right to get access to his personal data and to consult them.
b. The data subject has the right to receive information about the processing of his personal data.
c. The data subject has the right to supplement or correct inaccurate data.
d. If the data processor processes the data subject's personal data on the basis of the data subject's consent, the data subject has the right to withdraw the consent at any time.
e. The data subject can contact our customer support at pranglikodumajutus@gmail.com to exercise their rights.
f. The data subject can file a complaint with the Data Protection Inspectorate to protect his rights.
​
​​6. We do not collect information from minors and our website is not directed to minors.
​
7. Privacy policy updates.
We reserve the right to change this privacy policy at any time, so please review it often. Changes and clarifications take effect immediately after they are published on the website. If we make material changes to this policy, we will notify you here at https://www.pranglikodumajutus.ee/privaatsustingimused that it has been updated.
​
8. Contact information
If you wish to: access, correct, amend or delete any personal data we have about you, please contact us at pranglikodumajutus@gmail.com.​