1. General Provisions
1.1. This privacy policy regulates the principles of collecting, processing and storing personal data. Personal data is processed and stored by ALTAIRBALT OÜ, which is the personal data controller (hereinafter referred to as the controller).
1.2. For the purposes of this privacy policy, the data subject means the client or other natural person whose personal data is processed by the controller.
1.3. For the purposes of this privacy policy, the client means any person who purchases goods or services on the controller’s website.
1.4. The controller complies with the principles of processing personal data provided by law and, among other things, processes personal data lawfully, fairly and securely. The controller can declare that the personal data have been processed in accordance with the provisions of law.
2. Collection, processing and storage of personal data
2.1. The personal data collected, processed and stored by the controller are collected electronically, primarily via the website and e-mail.
2.2. By providing their personal data, the data subject grants the controller the right to collect, organize, use and manage for the purposes specified in the privacy policy the personal data that the data subject shares with the controller directly or indirectly when purchasing goods or services on the website.
2.3. The data subject is responsible for the accuracy, correctness and integrity of the data provided by them. Providing knowingly false data is considered a violation of the privacy policy. The data subject must immediately notify the controller of any changes to the data provided.
2.4. The controller shall not be liable for any damage or loss caused to the data subject or a third party as a result of the data subject providing false data.
3. Processing of personal data of clients
3.1. The controller may process the following personal data of the data subject:
3.1.1. First name and last name;
3.1.2. Date of birth;
3.1.3. Telephone number;
3.1.4. E-mail address;
3.1.5. Delivery address;
3.1.6. Bank account number;
3.1.7. Payment card details;
3.2. In addition to the above, the controller has the right to collect customer data that is available in public registers.
3.3. The legal basis for the processing of points (a), (b), (c) and (f) of the personal data of Article 6(1) of the General Data Protection Regulation:
(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3.4. Processing of personal data in accordance with the purpose of processing:
3.4.1. The purpose of processing is safety and security
The maximum storage period of personal data is in accordance with the statutory deadlines.
3.4.2. The purpose of processing is order processing.
The maximum storage period of personal data is 1 year.
3.4.3. The purpose of processing is to ensure the operation of the online store services
The maximum storage period of personal data is 1 year.
3.4.4. The purpose of processing is customer management
The maximum storage period of personal data is 1 year.
3.4.5. The purpose of processing is financial activities, accounting.
The maximum storage period for personal data is in accordance with the conditions established by law.
3.4.6. The purpose of processing is marketing. The maximum storage period for personal data is 2 years.
3.5. The controller has the right to transfer personal data of clients to third parties, such as processors, accountants, transport and courier companies, companies providing translation services. The controller is responsible for the processing of personal data. The controller transfers personal data necessary for making payments to the processor, Maksekeskus AS.
3.6. The controller processes and stores the personal data of the data subject, applying organizational and technical measures to ensure the protection of personal data against any accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3.7. The controller stores the data of data subjects depending on the purpose of processing, but not longer than 2 years.
4. Rights of the data subject
4.1. The data subject has the right to access and verify their personal data.
4.2. The data subject has the right to receive information about the processing of their personal data.
4.3. The data subject has the right to change or correct inaccurate data.
4.4. If the controller processes the personal data of the data subject on the basis of the consent provided by the latter, the data subject has the right to withdraw their consent at any time.
4.5. To exercise their rights, the data subject may contact the online store’s customer support at info@aboutbeauty.ee.
4.6. To protect their rights, the data subject may file a complaint with the Data Protection Inspectorate.
5. Final Provisions
5.1. These data protection terms have been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
5.2. The controller has the right to partially or completely change the data protection terms by notifying data subjects of the changes via https://aboutbeauty.ee.