Privacy Policy

1. General Provisions

1.1. This privacy policy governs the principles concerning the collection, processing, and storage of personal data. Personal data is collected, processed, and stored by the controller of personal data. (THREE GENERATIONS COFFEE SHOP LTD) (hereinafter the data processor).

1.2. In the meaning of the privacy policy, a data subject is a customer or any other natural person whose personal data is processed by the data controller.

1.3. In terms of the Client Privacy Policy, a client is anyone who purchases goods or services from the data processor's website.

1.4. The data processor shall adhere to the data processing principles established in the legislation, including processing personal data lawfully, fairly and securely. The data processor is capable of confirming that personal data has been processed in accordance with the legislation.

2. Collection, processing, and retention of personal data

2.1. The personal data collected, processed, and stored by the data controller are collected electronically, primarily via the website and email.

2.2. By sharing their personal data, the data subject grants the data processor the right to collect, organise, use, and manage personal data that the data subject shares with the data processor directly or indirectly when purchasing goods or services on the website, for the purpose defined in the privacy policy.

2.3. The data subject is responsible for ensuring that the data provided by them is accurate, correct, and complete. The intentional provision of false data is considered a breach of the privacy policy. The data subject is obliged to immediately inform the data controller of any changes to the data provided.

2.4. The data processor shall not be liable for any damage caused to the data subject or to third parties as a result of the data subject providing incorrect data.

3. Processing of customer personal data

3.1. The data controller may process the following personal data of the data subject:

3.1.1. First and last name;

3.1.2. Date of birth;

3.1.3. Telephone number;

3.1.4. Email address;

3.1.5. Delivery address;

3.1.6. Bank account number;

3.1.7. Payment card details;

AMEND THE LIST ACCORDING TO WHAT FURTHER DATA WILL BE PROCESSED. REMOVE ANYTHING FROM THIS LIST THAT IS NOT COLLECTED.

3.2. In addition to the foregoing, the data processor has the right to collect data about the client that is available in public registers.

3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation:

a) the data subject has given consent to the processing of their personal data for one or more specific purposes;

b) the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject;

f) the processing of personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3.4. Processing of personal data in accordance with the purpose of processing:

3.4.1. Purpose of processing – security
The maximum retention period for personal data – in accordance with the deadlines specified by law

3.4.2. Purpose of processing – processing of orders
Maximum personal data retention period – Kuni 3 years from order fulfilment.

3.4.3. Purpose of processing – ensuring the operation of e-shop services
Maximum personal data retention period – Up to deleting user account or up to 3 years Last login (active session). The technical details (logs) of visiting customers are usually deleted 30–90 days during.

3.4.4. Purpose of processing – customer management
Maximum personal data retention period – Until the closure of the customer account or 3 years after the last customer contact/purchase.

3.4.5. Processing purpose – Financial activities, accounting
The maximum retention period for personal data – in accordance with the deadlines specified by law

3.4.6. Processing purpose – marketing
Maximum personal data retention period – Up to until consent is withdrawn by the customer.

3.5. The data processor has the right to share customer personal data with third parties, such as authorised data processors, accountants, transport and courier companies, and payment service providers. The data processor is the controller of personal data. The data processor shall transfer the personal data necessary for payment processing to the authorised processor Maksekeskus AS.

3.6. In the processing and storage of the data subject’s personal data, the data processor shall implement organisational and technical measures to ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

3.7. The data processor shall retain the data subjects' data depending on the purpose of processing, but for no longer than 7 years.

4. Data Subject Rights

4.1. The data subject has the right to access their personal data and to inspect it.

4.2. The data subject has the right to be informed about the processing of their personal data.

4.3. The data subject has the right to supplement or rectify inaccurate data.

4.4. If the data controller processes the personal data of the data subject based on the data subject's consent, then the data subject has the right to withdraw consent at any time.

4.5. The data subject may contact the e-shop's customer support at ave.liiviku@gmail.com to exercise their rights.

4.6. The data subject has the right to lodge a complaint with the Data Protection Inspectorate to protect their rights.

5. Final provisions

5.1. These data protection terms have been drafted in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and the legal acts of the Republic of Estonia and the European Union.

5.2. The data processor has the right to amend the data protection terms in whole or in part, informing the data subjects of the amendments on the website ingridikodukohvik.ee through.

0
    0
    Cart
    Your shopping basket is emptyBack to ordering food
    Scroll to Top