1.1While using the website www.gofaizen-sherle.com (hereinafter – Website), belongs to Gofaizen & Sherle OÜ (hereinafter – Company) and upon concluding the contract on the service provision by Company, you (hereinafter – User) confirm that you have read this Personal data processing policy (hereinafter – Policy) and agree for your personal data processing in accordance with Policy.
1.2Policy sets methods of work with personal data which were collected by the Company while using Website and services provision by Company. While using the Website User agrees for his personal data processing in accordance with Policy and affirms that. In case when the User does not agree with the Policy partially partly or fully, he or she must stop using the Website. All data collected before above-mentioned refusal will be processed in accordance with Policy until the direct User prohibition is received.
– legal entity, which has the following details:
2.1.1Company name:Gofaizen & Sherle OÜ;
2.1.4address:Tartu mnt 53, Tallinn, 10115;
– any information relating to an identified or identifiable natural person («data subject»);
2.2.1an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.3User – natural or legal entity using the Website or services of Company.
2.4Service – company’s obligation within the framework of the service provision contract, concluded between User and Company.
2.5Processing– any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3Personal data and its processing methods
Company collects personal data in next cases:
3.1.1when filling out and submitting forms on the Company’s website;
3.1.2when providing Client with services;
3.1.3when the User uses the functionality of the Company’s website.
Company processes inter alia next personal data:
3.2.1identification data (name, surname, personal code, sex, birth date, etc.);
3.2.2contact details (phone number, e-mail, address and delivery address);
3.2.3payment data (payer’s bank account number, payer’s bank name, other details);
3.2.4IP address and cookies;
3.2.5data which is obligatory to be processed grounded on the Money Laundering and Terrorism Financing Prevention Act;
3.2.6data which is obligatory to be processed grounded on the International Sanctions Act;
3.2.7other data required to provide User with service.
4Targets and legal basis for personal data processing
Company processes data in accordance with next targets and legal grounds:
4.1.1to conclude and perform service provision contract;
4.1.2to provide services in accordance with concluded contract;
4.1.3to provide User with information related to providing services;
4.1.4to grant User access to the Company’s services;
4.1.5to send and display advertisements to the User that are relevant (in the Company’s opinion);
4.1.6to send commercial offers from Company and Company’s partners;
4.1.7to participate in the contests and campaigns performed by Company;
4.1.8for the justified interest of Company, for the purpose of fulfilling a contract, including for establishing violations of the contract or legislation, as well as to confirm such violations. In such case, Company has a legitimate interest in protecting its rights;
4.1.9to collect statistical or technical non-personalized data about the use of the Company’s website and Company’s services;
4.1.10in order to comply with legal requirements.
4.2Company can also process data in certain case of necessity to protect interests of Company and Third Parties only if above-mentioned interests do not outweigh User interests in protecting his/her fundamental rights and freedoms.
4.3If personal data processing is carrying out in accordance with justified Company interests, User has a right to submit objections to such processes.
5Personal data transfer to data Processor
5.1Company has a right to use data processors for data processing without User permission. Company is convinced of Processor’s reliability and responsible to the User for their activities.
Company uses next data Processors:
5.2.1server rental and cloud services providers;
5.2.2agents, translators, lawyers and other persons through whom the Company provides services.
5.3User has a right to receive information about data Processors responsible for his/her personal data processing.
6Personal data transfer to the third parties
Company transfers User’s personal data to the third parties only in certain cases like:
6.1.1this obligation follows from the law;
6.1.2it is required to execute the agreements between Company and User;
6.1.3Company has a justified interest;
6.1.4User gave a permission for data transfer.
Company transfers User’s personal data to the next persons:
6.2.1to public authorities on the grounds provided by Law or the service provision contract concluded between User and Company;
6.2.2to auditors, lawyers and other similar persons if it is required for performance of User’s obligations to Company or third parties.
7Personal data transfer to the third Country
7.1Company transfers personal data to the third countries (in this case third country means the country not included in EEC) only in cases when it is provided on the grounds of Law. In case when recipient country can’t provide required personal data protection measures, Company provide personal data on the condition that required personal data protection measures will be applied for data in accordance with Estonian and EU legal acts.
8Personal data storage
8.1Company stores User’s personal data while it is necessary to process data, to protect Company interests or on the grounds provided by legal acts requirements.
Depending on the type of personal data, the Company store data for the following time:
8.2.1for accounting documents: 7 years from the end of the fiscal year in accordance with the Law;
8.2.2within the period set by law if any;
8.2.3in other cases: 10 years after agreement’s termination (including user agreement) between User and Company;
9.1Company takes organizing, physical measures and IT solutions to provide User’s personal data security.
9.2Company is not responsible for the User personal data protection measures violations if such violations caused by actions performed by User or third persons.
10User’s rights and obligations
In accordance with relevant legal acts (primarily – GDPR) User has a right to perform next rights for personal data processing:
10.1.1request an access to his/her own personal data;
10.1.2request changes in his/her own personal data;
10.1.3request removal of his/her own personal data;
10.1.4submit objections to his/her own personal data processing on any grounds.
To perform his/her rights User must contact Company using contact details specified in c.
10.2.1of the Policy.
10.3Company has a right to request additional information for User’s identification.
10.4Company replies on User’s requests and requirements in the 1 month period and notifies about measures took to perform provided requests and requirements. If User’s request or requirement is too complicated or has a large volume Company has a right to prolong the period for reply up to 2 months. If Company did not take any measures to perform User’s request or requirement User is notified about this and he still has a right to ask Data Protection Inspectorate or court to protect his/her rights.
If the requests or requirements of the User are obviously not justified or excessive, primarily due to their repetitive nature, the Company has the right to:
10.5.1require a reasonable fee for performing requests or requirements;
10.5.2refuse performing requests or requirements.
User has a right to request personal data removal only if one of the following reasons is present:
10.6.1personal data is not useful anymore for the purpose for which it was collected or was processed using another method;
10.6.2User revokes his/her agreement for personal data processing and there are no other legal grounds for User’s personal data processing;
10.6.3User submit objection to personal data processing and this objection has adequate basis to stop personal data processing;
10.6.4User’s personal data was processed illegally;
10.6.5personal data must be removed to perform Company obligations on the grounds provided by Law;
10.6.6in case when personal data of person under the age of 13 the agreement for which processing was obtained previously.
In case when User require removal of his/her personal data he/she must describe on which condition, specified in clause 10.6. of the Policy he/she requires personal data removal. Company is not obligated to remove personal data if there are no grounds for it or if personal data is required for the following reasons:
10.7.1exercise of freedom of speech and information;
10.7.2performing obligations on the grounds provided by Law;
10.7.3personal data is required for Company rights protection;
10.7.4Company has other following from the Law grounds for personal data processing.
10.8In case when personal data is processing by User’s agreement he/she always has a right to revoke his agreement. If User revokes his/her agreement for personal data processing all the data processing performed before revoke considers to be legitimate and lawful.
10.9User must notify Company about changes in his/her contact details to keep them up to date.
10.10In case of User’s rights violation User has a right to ask Personal Data Protection Inspectorate or court to protect his/her rights.
11.1Policy can be changed to comply with changes in Law, personal data processing or under instructions of supervisory authorities. In this case Company updates Policy provided on the website and notifies User with whom Company concluded valid at the moment of changes service provision contract.