1. General provisions
1.4. The controller observes the principles relating to personal data processing provided by legislation and, among other things, processes personal data in a lawful, fair, and secure manner. The controller is able to declare that personal data has been processed in accordance with the provisions of the legislation.
2. Collection, processing, and storage of personal data
2.1. The personal data collected, processed, and stored by the controller has been collected electronically, mainly via the website and e-mail.
2.4. The controller is not liable for any damage or loss caused to the data subject or a third party as a result of the submission of false data by the data subject.
3. Processing of personal data of customers
3.1. The controller may process the following personal data of the data subject:
3.1.1. Given name and surname;
3.1.2. Date of birth;
3.1.3. Telephone number;
3.1.4. E-mail address;
3.1.5. Delivery address;
3.1.6. Bank account number;
3.1.7. Payment card details;
3.2. In addition to the foregoing, the controller has the right to collect data about the customers that are available in public registers.
3.3. The legal basis for the processing of personal data points (a), (b), (c) and (f) of Article 6(1) of the General Data Protection Regulation:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular where the data subject is a child.
3.4. Processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing – security and safety, the maximum period of storage of personal data – according to the terms specified by law.
3.4.2. Purpose of processing – the processing of orders, maximum period of storage of personal data – we delete the data collected in this context after its storage is no longer necessary, or we limit its processing where it is subject to legal obligations to retain data.
3.4.3. Purpose of processing – ensuring the functioning of online store services, maximum period of storage of personal data – we delete the data collected in this context after its storage is no longer necessary, or we limit its processing where it is subject to legal obligations to retain data.
3.4.4. Purpose of processing – customer management, the maximum period of storage of personal data – we delete the data collected in this context after its storage is no longer necessary, or we limit its processing where it is subject to legal obligations to retain data.
3.5. The controller has the right to share the personal data of customers with third parties such as processors, accountants, transport and courier companies, and companies providing transfer services. The controller is in charge of the processing of personal data. The controller transmits the personal data necessary for making payments to the processor, Maksekeskus AS.
3.6. The controller processes and stores the personal data of the data subject implementing the organizational and technical measures to ensure that the personal data is protected against any accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
3.7. The controller stores the data of the data subjects depending on the purpose of processing, but no longer than 10 years.
4. Rights of the data subject
4.1. The data subject has the right to gain access to and examine their personal data.
4.2. The data subject has the right to obtain information on processing their personal data.
4.3. The data subject has the right to modify or rectify inaccurate data.
4.4. If the controller processes the personal data of the data subject based on the consent granted by the latter, the data subject has the right to withdraw their consent at any time.
4.5. To exercise their rights, the data subject can contact the customer support of the online store at [email protected].
4.6. To protect their rights, the data subject can file a complaint with the Data Protection Officier writing an email to [email protected].
5. Collection of personal data from our website visitors
5.1. Our website is accessed purely to gain information, i.e. where you do not register or provide us information in any other way, we only collect the personal data provided by your browser to our server. Where you want to view our website, we collect the following data necessary for technical purposes to be able to demonstrate our website to you and to ensure adequate access stability and security:
5.1.1. IP address;
5.1.2. Date and time;
5.1.3. Time zone (GMT);
5.1.4. Enquiry content (the exact web page accessed);
5.1.5. Website generating the enquiry;
5.1.7. OS and its interface;
5.1.8. Browser language and version.
This data is retained for security reasons (e.g. for investigation of misuses or prevention of fraud) for a maximum of seven days and deleted upon expiry thereof. The data which has to be retained for a longer period as evidence will only be deleted after the relevant incident is finally clarified.
5.2. Additionally to the data listed in the foregoing, your computer will save our cookies when you access our website. Cookies are small text files which are stored on your hard drive as files assigned to your browser and through which certain information is provided to the cookie sender (in this case to us). Cookies are not able to execute any programmes or to infect your computer with any virus. Their purpose is to make your work in the internet generally more user-friendly and effective.
A cookie is a piece of information placed on the hard drive of Internet users by the server of the site they visit. It contains several pieces of data: the name of the server which installed it, an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and save pieces of information.
5.3.1. This website uses the following cookie types whose scope and functions are explained in more detail below:
– Strictly necessary cookies (please refer to 5.3.2.);
– Essential cookies (please refer to 5.3.3.).
5.3.2. Strictly necessary cookies are deleted automatically when you close your browser. They include in particular session cookies. They store information about the so-called session ID with which diverse enquiries of your browser are assigned within the entire session. They enable us to recognise your computer as that of our former visitor when you return to our website. The session cookies are deleted when you close your browser.
5.3.3. Essential cookies are deleted automatically after a pre-set period of time which can differ from cookie to cookie. You can delete the cookies at any time using the security settings of your browser.
5.3.4. You can configure your browser settings at your discretion and in particular decline acceptance of third-party cookies or of all cookies. We point out, however, that in such case you will not be able to make use of some of the functions on this website.
6. Final provisions
6.1. These data protection terms and conditions have been prepared in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and legislation of the Republic of Estonia and the European Union.
6.2. The controller has the right to amend the data protection terms and conditions in part or in full, notifying the data subjects of the amendments via www.modernnomad.eu.