Privacy policy

PRIVACY POLICY

Osterode OU is committed to protecting your privacy and personal data. Osterode OÜ implements all precautions (including administrative, technical and physical measures) to protect the customer's personal data. Only authorized persons have access to change and process data.

All personal data of the customer that becomes known during visits and purchases are treated as confidential information.

The terms used in the privacy policy are set out in the terms of this privacy policy.

In order to ensure the full quality of services on the website, we use cookies on our website. The client can also partially or completely delete cookies. By agreeing to the Privacy Policy, the customer agrees that cookies will be added to his computer. The Customer can withdraw the consent at any time, but in this case, all the necessary functions of the website may not work.

All collected personal data from you will be processed in accordance with current EU and EV legislation.

1. General provisions

1.1. Osterode OÜ (hereinafter "Seller") respects the right to privacy of all its buyers (hereinafter "Client") and undertakes to ensure the protection of personal data and the protection of their rights.

1.2. This privacy policy provides an overview of your rights and the principles of processing your personal data.

1.3. By using our page, the customer confirms that he accepts these Privacy Terms and consents to the processing of his personal data.

2. Definitions

2.1. Personal data is any information related to a natural person - the Data Subject, whose identity is known or can be directly or indirectly determined using such data as a personal identification number or through one or more of his physical, psychological, economic, cultural or social characteristics.

2.2. A data subject is a natural person whose personal data is processed by the Company.

2.3. The data subject's consent is the subject's declaration of will by which he agrees that his personal data will be processed

2.4. Personal data processing is any operation performed with personal data: collection, storage, arrangement, storage, classification, grouping, combination, modification (updating or correction), submission, publication, use, logical and/or mathematical operations, search, distribution, destruction or other an activity or set of activities.

2.5. The Personal Data Processor is a legal or natural person who is authorized by the Company to process personal data

2.6. Personal data processor - Company Osterode OÜ, a company established in accordance with the laws of the Republic of Estonia, whose legal address is Suur-Sõjamäe 4, 11415 Tallinn, Estonia. Company registry code: 10866433. Company data is collected and stored in the Estonian Business Register.

2.7. A cookie is a small text file that is sent to the device of each person visiting the website through which the website is connected and is stored on the customer's or another device.

2.8. Direct marketing is an activity that aims to offer goods, services or special offers by mail, telephone or other direct links and / or to study their views about the goods or services offered.

3. Collection and processing of personal data

3.1. In order to make shopping in our online store as convenient and fast as possible for you, you can create a personal account. When you create a personal account, we collect and process your following personal data: name, surname, email address, phone number, delivery address. Please provide the delivery address only if, when placing the order, you want us to deliver the product to the specified address. When registering an account, the Customer must enter a password. The password is required for future account logins.

3.2. The company collects and processes the following categories of personal data: (a) basic data necessary for the purposes listed above: name, surname and contact data; (b) data necessary for selling goods: order data, information on invoices, data related to payments, etc.; (c) other data collected with your consent that is defined in more detail after obtaining your consent.

3.3. The company does everything in its power to ensure security and protection of personal data for Customers in order to protect them from illegal use of personal data. The customer is obliged to protect his username, password and other data. The customer does not have to disclose his personal data to third parties. If the Customer notices something suspicious, the Seller must be informed immediately. The activities and/or confidentiality and security of minors are the responsibility of their parents or guardians

4. Principles of Personal Data Processing

4.1. Osterode OÜ is guided by the following principles when processing Personal Data:

Legality. In the case of Personal Data Processing, there is a legal basis for this, such as consent or legitimate interest.

Justice. The Processing of Personal Data is fair by requiring, above all, that the Data Subject has sufficient information and information about how the Personal Data is Processed.

Transparency. The Processing of Personal Data is transparent to the Data Subject, i.e. it is possible to easily obtain information on the Processing of Personal Data by contacting Osterode OÜ.

Purposefulness. Personal data is collected precisely and clearly for specified and legitimate purposes and is not subsequently processed in a way that is inconsistent with these purposes.

Reliability and confidentiality. The Processing of Personal Data is carried out in a way that ensures the appropriate security of Personal Data, including protection against unauthorized or illegal Processing and against accidental loss, destruction or damage, using reasonable technical or organizational measures.

5. Data protection rights of the data subject

5.1. You have the right to restrict the processing of your personal data. If you have restricted our right to process your personal data, we will not perform any actions with your personal data other than storing them. You can restrict the processing of personal data in at least one of the following circumstances: Your personal data is inaccurate (the processing of personal data is restricted in this case until the accuracy of the data is checked); Your personal data is processed illegally, but you do not agree to have your personal data deleted; Your personal data is necessary to prepare, present or defend legal claims; Your personal data is processed against your will (Data processing is terminated after it has been checked whether the reasons for processing your personal data outweigh your wishes)

5.2. If you suspect that your personal data has been handled contrary to what is described in this privacy policy or there is a risk that your data has been leaked to strangers, notify us immediately. This is the only way we can keep the potential damage as low as possible.

The buyer has the right to object to the processing of his personal data and to refuse to submit his personal data. The buyer confirms the understanding that personal data is necessary for the identification of the buyer for the conclusion and implementation of contracts (online), and without providing personal data and / or refusing to process them, it is not possible to fulfill the order on our part.

5.3. After submitting a document confirming identity to the Company, the client has the right to receive information from which sources and which personal data have been collected, for which purposes they are to be processed and to whom they are to be submitted. The possibility of viewing personal data is to fill out an application in the Company's stores, which can be found on the website /shops/. After receiving a request from the Client regarding the processing of his personal data, the Company in charge will determine whether his personal data can be processed and provide the Client with the requested data no later than within 30 calendar days from the day of the Client's request. At the customer's request, the answer is issued to the customer free of charge once a year.

6. Processing of personal data for direct marketing purposes

6.1. Based on the client's consent, the purposes of personal data processing are direct marketing and other legal purposes defined before their collection. The processing of personal data is guided by the General Regulation on Personal Data Protection, other laws and legislation that regulate data processing and protection, as well as these Rules.

6.2. The Seller processes the following personal data of the Customer for the indicated purposes: (a) name (b) surname; (c) email address; (d) telephone number; (e) residence (address)

6.3. In order to agree to these conditions, the Customer agrees that notifications to confirm their orders, payments and deliveries or to fulfill orders in another way will be sent to their e-mail address.

6.4. The seller guarantees that the Customer's personal data will be used to fulfill the order in the e-shop. Including, the Customer agrees that his data will be processed for the purpose of performance and information of interest that the Customer orders.

6.5. Osterode OÜ manages the Customer's personal data for direct marketing purposes: name, surname, e-mail address, phone number and stores them for 2 years.

6.6. The seller does not store the buyer's payment information. All payments are made through partner channels

7. Transmission of personal data

7.1. Company employees are granted access to the Buyer's personal data only if it is necessary to perform their duties and the employee is obliged to comply with confidentiality requirements.

7.2. Personal data may be transferred only to those Data Recipients with whom the Company has concluded relevant agreements regarding the transfer / submission of Personal Data and the Seller ensures the appropriate security of Personal Data.

7.3. The company uses only those processors that ensure the implementation of appropriate technical and organizational measures so that data processing is in accordance with the requirements of the regulations and that the rights of buyers as data subjects are protected.

7.4. Personal data may also be provided in response to official requests from government agencies and courts, but only after verification of the legality of these requests.

8. Final Provisions

8.1. By agreeing to these conditions, the customer confirms that Osterode OÜ will manage the data provided by the Customer or, during the performance of the contract, provide it to partners for the purpose of performance of the contract (delivery of goods, security of payment, etc.) to the extent necessary to perform the respective tasks. The client is informed that the recipients of the data may change. The client has been informed that he has the right to request from Osterode OÜ (the processor of personal data) a list of companies to which his personal data has been transferred.

8.2. The Privacy Policy applies to Data Subjects, and the rights and obligations specified in the Privacy Policy are based on all employees of Osterode OÜ who come into contact with Personal Data held by Osterode OÜ.

8.3. This Privacy Policy will enter into force on July 15, 2024. Every change made in the Privacy Policy will be published as an announcement on the tumi.ee page.