Privacy Policy ~
1. General Provisions
1.1. This Privacy Policy sets out the principles governing the collection, processing, and storage of personal data. The collection, processing, and storage of personal data is carried out by YourChoice OÜ as the data controller (hereinafter – the Data Controller).
1.2. For the purposes of this Privacy Policy, the data subject is a client or any other natural person whose personal data is processed by the Data Controller.
1.3. For the purposes of this Privacy Policy, a client is any person who purchases goods or services on the Data Controller’s website.
1.4. The Data Controller adheres to the data processing principles laid down by law; in particular, the Data Controller processes personal data lawfully, fairly, and securely, and can confirm that personal data has been processed in accordance with the law.
2. Collection, Processing and Storage of Personal Data
2.1. Personal data collected, processed, and stored by the Data Controller is collected electronically, mainly via the website, e-mail, and social media channels.
2.2. By providing their personal data, the data subject grants the Data Controller the right to collect, organize, use, and manage the personal data that the data subject directly or indirectly shares with the Data Controller when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. Knowingly providing false information is considered a breach of this Privacy Policy. The data subject must promptly inform the Data Controller of any changes to the data provided.
2.4. The Data Controller is not liable for any damage suffered by the data subject or third parties as a result of false data provided by the data subject.
3. Processing of Clients’ Personal Data
3.1. The Data Controller may process the following personal data of the data subject:
3.1.1. First and last name;
3.1.2. Date of birth;
3.1.3. Phone number;
3.1.4. E-mail address;
3.1.5. Delivery address;
3.1.6. Bank account number.
3.2. In addition to the above, the Data Controller has the right to collect data about the client that is available in public registers.
3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c) and (f) GDPR:
(a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
(f) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3.4. Processing purposes and retention periods:
3.4.1. Purpose – security and protection. Retention period – as required by law.
3.4.2. Purpose – order processing. Maximum retention period – 2 years.
3.4.3. Purpose – ensuring the operation of the online store services. Maximum retention period – 5 years.
3.4.4. Purpose – customer service. Maximum retention period – 10 years.
3.4.5. Purpose – financial activities and accounting. Retention period – as required by law.
3.4.6. Purpose – marketing.
Online marketing (newsletter and promotional offers). The online store sends newsletters and promotional offers to the buyer’s e-mail address only if the buyer has duly expressed their wish by entering their e-mail address on the website and confirming it by ticking the relevant checkbox. The buyer may unsubscribe from promotional offers and newsletters at any time by notifying us from the e-mail address used to subscribe or by following the instructions in the e-mail.
Dispute resolution.
If the buyer has a complaint about the online store, they must notify us at yourchoice.ou@gmail.com or by phone at +372 58481570. If the buyer and the online store cannot resolve the dispute amicably, the buyer may contact the Consumer Disputes Committee, which is authorized to resolve disputes arising from the contract between the buyer and the online store. Maximum retention period of personal data – 10 years.
3.5. The Data Controller has the right to transfer the client’s personal data to third parties such as authorized processors, accountants, transport and courier companies, translation service providers, etc. The Data Controller acts as the data controller.
Personal data necessary for making payments is transferred to Maksekeskus AS and/or Paysera LT (paysera.com). Personal data necessary for deliveries and shipping is transferred to Itella Estonia OÜ (Smartpost) and Eesti Post AS (Omniva).
3.6. When processing and storing the personal data of the data subject, the Data Controller shall apply organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
3.7. The Data Controller shall store the data subjects’ personal data for a period determined by the purpose of processing, but no longer than 10 years.
4. Rights of the Data Subject
4.1. The data subject has the right to access and review their personal data.
4.2. The data subject has the right to obtain information regarding the processing of their personal data.
4.3. The data subject has the right to complete or correct inaccurate data.
4.4. Where the Data Controller processes the data subject’s personal data based on the data subject’s consent, the data subject has the right to withdraw consent at any time.
4.5. The data subject may exercise their rights by contacting the online store’s customer support at yourchoice.ou@gmail.com.
4.6. The data subject may lodge a complaint with the Data Protection Inspectorate to protect their rights.
5. Final Provisions
5.1. These data protection terms are drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR), the Personal Data Protection Act of the Republic of Estonia, and the legislation of the Republic of Estonia and the European Union.
5.2. The Data Controller has the right to amend the data protection terms in whole or in part by informing data subjects of the changes on the website shop.yourchoice.ee.