Privacy policy

1. General provisions

1.1. This Privacy Policy governs the principles governing the collection, processing and storage of personal data. Personal data is collected and stored by the controller of personal data MIAL OÜ 12732228/ voge collection

1.2. For the purposes of this Privacy Policy, a data subject is a customer or other natural person whose personal data is processed by the data controller.

1.3. For the purposes of the Privacy Policy, a customer is anyone who purchases goods or services from the website of the data processor.

1.4. The data processor complies with the principles of data processing provided by legislation, among other things, the data processor processes personal data legally, fairly and securely. The data processor is able to confirm that personal data has been processed in accordance with the provisions of legislation.

2. Collection, processing and storage of personal data

2.1. Personal data collected, processed and stored by the data processor are collected electronically, mainly via the website and e-mail.

2.2. By sharing your personal data, the data subject grants the data controller the right to collect, organise, use and manage, for the purposes defined in the privacy policy, the personal data that the Data Subject Shares directly or indirectly with the data controller when purchasing goods or services on the website.

2.3. The data subject is responsible for ensuring that the data provided by him is accurate, correct and complete. Making knowingly false information is considered a violation of the Privacy Policy. The data subject shall immediately notify the data controller of changes in the data submitted.

2.4. The data controller shall not be liable for any damage caused by the data subject to the data subject or to third parties caused by the submission of false data.

3. Processing of personal data of customers

3.1. The data controller may process the following personal data of the data subject:

3.1.1. First and last name;

3.1.2. Birth date;

3.1.3. Phone;

3.1.4. Email address;

3.1.5. Delivery address;

3.1.6. Current account number;

3.1.7. Payment card details;

3.2. In addition to the above, the data processor has the right to collect data about the client that is available in public registers.

3.3. The legal basis for the processing of personal data is Section 6 (1) (A), (b), (c)and (f) of the General Data Protection Regulation (GDPR):

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(b) the processing of personal data is necessary for the performance of a contract concluded with the participation of the data subject or for taking measures prior to the conclusion of the contract in accordance with the data subject's request;

(c) the processing of personal data is necessary for the fulfilment of a legal obligation of the controller;

(f) the processing of personal data is necessary in the case of a legitimate interest of the controller or a third party, unless such interest is overridden by the interests of the data subject or by the fundamental rights and freedoms for which the personal data must be protected, in particular where the data subject is a child.

3.4. Processing of personal data according to the purpose of processing:

3.4.1. Purpose of processing-security and security
Maximum time for storage of personal data-in accordance with the deadlines specified by law

3.4.2. Purpose of processing-order processing

Maximum retention period of personal data:
Personal data related to the processing of orders and the performance of the contract (name, contact details, delivery address, order data) will be stored for up to 3 years from the date of execution of the contract, based on the limitation period for possible civil legal claims.

⸻

3.4.3. Purpose of processing-ensuring the functioning of e-shop services

Maximum retention period of personal data:
Personal data necessary to ensure the technical functioning of the online store (e.g. IP addresses, cookies, session data, log files) will be stored for up to 1 year, unless longer storage is necessary to ensure security, detect misuse or comply with legal obligations.

⸻

3.4.4. Purpose of processing-customer management

Maximum retention period of personal data:
Personal data used for managing customer relationships (correspondence, history of requests, customer account data) are stored for up to 3 years from the last communication with the customer, unless a longer retention obligation arises from law or if this is not necessary to protect the legitimate interests of the data processor.

⸻

3.4.5. Purpose of processing-financial activities and accounting

Maximum retention period of personal data:
Personal data related to accounting and financial activities (invoices, payment documents) are stored for 7 years in accordance with the requirements arising from the accounting and tax laws of the Republic of Estonia.

⸻

3.4.6. Purpose of processing-marketing

Maximum retention period of personal data:
Personal data processed for marketing purposes (e-mails, SMS, personal offers) will be stored until the withdrawal of the data subject's consent or for up to 3 years from the last activity of the client, if the consent has not been withdrawn earlier.

NB! Depending on the data processors used (e.g. e-mail marketing platforms, advertising platforms, analytics services), the above list may need to be supplemented.

⸻

3.7. General retention period of personal data

The data controller stores the personal data of data subjects in accordance with the purpose of the processing, but for no longer than 7 years, unless the applicable legislation provides for a longer retention period.

4. Data subject's rights

4.1. The data subject has the right to have access to and access to his or her personal data.

4.2. The data subject has the right to obtain information about the processing of his or her personal data.

4.3. The data subject has the right to supplement or correct inaccurate data.

4.4. If the data controller processes the personal data of the data subject on the basis of the data subject's consent, the data subject shall have the right to withdraw his or her consent at any time.

4.5. In order to exercise his or her personal data rights, the data subject can contact the customer support of the e-shop by e-mail voge.collection@gmail.com

4.6. The data subject may file a complaint with the Data Protection Inspectorate in order to protect his or her rights.

5. Final provisions

5.1. These data protection terms and conditions have been drawn up in accordance with regulation (EU) no 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), the personal data protection act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.

5.2. The data controller has the right to amend the data protection terms in part or in full by notifying the data subjects of changes to the website https://vogecollection.com/  via.