PROPOSITO'S PRIVACY POLICY
Proposito aims to be a reliable partner for you in processing personal data and respecting your rights. Accordingly, we have established a privacy policy regarding the collection, use, disclosure, transmission and storage of customer data.
1. DEFINITIONS
1.1. Data subject is a natural person about whom Propositol has information or information that can be used to identify an individual. Examples of data subjects are self-employed Customers, business partners and employees for whom Propositol has Personal Data.
1.2. Privacy Policy is this text, which sets out the Proposito principles for the processing of personal data.
1.3. Personal data is any information about an identified or identifiable natural person.
1.4. Processing of personal data is any operation performed on the data. For example, the collection, storage, organization, modification and disclosure of personal data, access, retrieval, use, transmission, cross-use, aggregation, closure, deletion or destruction, or several of the foregoing, regardless of the manner and means used.
1.5. The Customer is any natural or legal person who uses or has expressed a wish to use the services of Proposito.
1.6. Agreement is a Service provision or other agreement entered into between Proposito and the Customer.
1.7. The website www.proposito.ee is the Proposito website.
1.8. A visitor is a person who uses the Proposito website.
1.9. A child is a person under the age of 13 in the context of the processing of personal data in the Republic of Estonia.
1.10. Services are all services and products offered by Proposito.
1.11. Cookies are data files that are sometimes stored on the Website Visitor's device.
1.12. Proposito data protection officer is a person who follows the application of the Proposito principles of personal data processing and whom the data subject can contact in case of a complaint.
1.13. Sales channels are the ways in which Proposito communicates with the data subject, a tool created for the sale of goods and the provision of services. Including e-mail, telephone, public and social media, various chat lines, personalized and interactive ads, and other similar tools on Websites and elsewhere.
1.14. The product portfolio is various Proposito products and services, the list of which is available on the website www.proposito.ee.
In the Privacy Policy, the Agreement, the General Terms and Conditions and the communication between the parties, the terms have the meanings given above.
2. GENERAL PROVISIONS
2.1. Proposito is a legal entity with the registry code of Proposito OÜ 11627727 located Laki 6, 10621 Tallinn, Estonia.
2.2. Personal data may be processed by Proposito:
2.2.1. determining the purposes and means of processing as controller;
2.2.2. as an authorized processor in accordance with the instructions of the controller;
2.2.3. as the recipient to the extent to whom the personal data is transmitted.
2.3. The privacy policy applies to the data subjects and all Proposito employees and partners who have access to the personal data held by Proposito and are subject to the rights and obligations specified in the privacy policy.
2.3.1. The privacy policy may be supplemented by the privacy notices published on the Website or on the devices, and the privacy policy may be amended and supplemented by them.
3. PRINCIPLES
3.1. Proposito always proceeds to the interests, rights and freedoms of the data subjects when processing personal data.
3.2. The goal of Proposito is responsible processing of personal data, based on best practices, bearing in mind that we are always ready to demonstrate the compliance of the processing of personal data with the set goals.
3.3. Proposito all processes, instructions, actions and activities related to the processing of personal data are based on the following principles:
3.3.1. Legality. In the case of the processing of personal data, there is a legal basis for this, such as consent;
3.3.2. Justice. The processing of personal data is fair, in particular requiring that the subject data and sufficient information on how the personal data is processed.
3.3.3. Transparency. The processing of personal data is transparent to the data subject.
3.3.4. Purposefulness. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.
3.3.5. Accuracy. The personal data is correct and, if necessary, updated, and all reasonable measures have been taken to delete or correct the personal data that is incorrect for the purpose of the personal data processing.
3.3.6. Storage restriction. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data are processed. This means that if Proposito wishes to keep the Personal Data for longer than is necessary for the purpose of collection, Proposito will anonymize the data in such a way that the data subject is no longer identifiable. In the case of data received by Proposito through a customer or similar relationship, Proposito will retain the data for 2 years from the last purchase or until withdrawal of consent.
3.3.7. Reliability and confidentiality. The processing of personal data shall take place in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using reasonable technical or organizational measures. Proposito has internal guidelines, rules for employees, as well as separate agreements with each authorized processor, which provide for best practices, continuous risk assessment and appropriate technical and organizational measures for the processing of personal data.
4. COMPOSITION OF PERSONAL DATA
4.1. Proposito collects, inter alia, the following types of personal data:
4.1.1. Personal data disclosed to the Proposito by the data subject (name, e-mail address, postal address, birthday, telephone number);
4.1.2. Personal data arising from the normal communication between the data subject and Proposito;
4.1.3. Personal data disclosed by the data subject (e.g. on social media);
4.1.4. Personal data generated when consuming the services (e.g. when purchasing from the Proposito store or e-store);
4.1.5. Personal data generated as a result of visiting and using the Website (e.g. time spent on the Website);
4.1.6. Personal data sent from third parties;
4.1.7. Personal data created and combined by Proposito (correspondence within the customer relationship or list of order history).
5. COMPOSITION OF PERSONAL DATA AND PURPOSES, AND GROUNDS FOR PROCESSING
5.1. Proposito processes personal data exclusively on the basis of consent or law.
5.2. With consent, Proposito processes personal data within the exact limits, to the extent and for the purposes specified by the data subject. In the case of consent, Proposito adheres to the principle that each consent must be clearly distinguishable from other matters and in a comprehensible and easily accessible form, in clear and simple language. Consent may be given in writing or by electronic means. The data subject gives consent voluntarily, specifically, knowingly and unambiguously, for example by ticking a box on the Website.
5.3. Legitimate interest means Proposito's interest in the management and administration of its own company in order to enable it to offer the best possible Services on the market. Pursuant to the law, Proposito processes personal data only after a careful assessment to establish that Propositol has a legitimate interest, on the basis of which the processing of personal data is necessary and in accordance with the interests and rights of the data Subject. In particular, on the basis of a legitimate interest, the processing of personal data may take place for the following purposes:
5.3.1. To ensure a trusted customer relationship, such as the processing of personal data, which is strictly necessary to identify the actual beneficiaries or to prevent fraud;
5.3.2. Customer base management and analysis in order to improve the availability, selection, quality of services and products and to make the best and most personal offers to the customer if agreed;
5.3.3. Identifiers / Cookies and personal data collected when using the Websites, mobile applications and other services. Proposito uses the collected data for web analysis or analysis of mobile applications services, for ensuring operation, improvement, for compiling statistics and for analysing the Visitor's behaviour and user experience, and for providing a better and more personal service;
5.3.4. Organization of campaigns, including organization of personalized and targeted campaigns, conducting customer and visitor satisfaction surveys and measuring the effectiveness of marketing activities performed;
5.3.5. Analysis of Customer and Visitor behaviour in different sales channels, websites;
5.3.6. Service monitoring, Proposito may record messages and orders given both at its premises and by means of communication (e-mail, telephone, etc.), as well as information and other actions taken by Proposito and, if necessary, uses these records to prove orders or other actions;
5.3.7. Measures taken for network, information and cybersecurity reasons, such as combating piracy and ensuring the security of the Websites and for making and storing backups;
5.3.8. For the preparation, submission or defence of legal claims.
5.4. In order to fulfil an obligation arising from law, Proposito processes personal data in order to fulfil obligations foreseen by law or to implement the uses permitted by law. For example, there are legal obligations to process payments or to comply with money laundering rules.
5.5. In the event that the processing of personal data takes place for a purpose other than that for which the personal data was originally collected or is not based on the consent of the data subject, Proposito will carefully assess the admissibility of such processing.
6. DISCLOSURE AND / OR TRANSFER OF CUSTOMER DATA TO THIRD PARTIES
6.1. Proposito cooperates with persons to whom Proposito may transfer data related to data subjects, including personal data, within the framework and for the purpose of cooperation.
6.2. Such third parties may include advertising and marketing partners, companies conducting customer satisfaction surveys, debt collection service providers, payment default registers, IT partners, persons, institutions and organizations providing or providing postal services, provided that:
6.2.1. the respective purpose and processing are lawful;
6.2.2. the processing of personal data takes place in accordance with the instructions of Proposito and on the basis of a valid agreement.
7. SECURITY OF PERSONAL DATA PROCESSING
7.1. Proposito retains personal data only for a strictly minimum period of time. Personal data that has expired will be destroyed using best practices and in accordance with the procedures established by Proposito.
7.2. Proposito has established guidelines and rules of procedure on how to ensure the security of personal data through the use of both organizational and technical measures.
7.3. In the event of any incident involving personal data, Proposito will take all necessary measures to mitigate the consequences and mitigate relevant risks in the future. Among other things, Proposito registers all incidents and, if necessary, notifies the Data Protection Inspectorate and the data subject directly.
8. PROCESSING OF CHILDREN'S PERSONAL DATA
8.1. Proposito services, including information services, are not aimed at children.
8.2. Proposito does not knowingly collect information about persons under the age of 13, i.e. children, and in case of conscious activity in this regard, we follow the wishes of the parent or guardian.
8.3. If Proposito becomes aware that it has collected personal data from or about a child, Proposito will use all means possible to stop processing such personal data.
9. RIGHTS OF THE DATA SUBJECT
9.1. Rights related to the consent:
9.1.1. The data subject has the right at any time to notify Proposito of his / her wish to withdraw his / her consent to the processing of personal data.
9.1.2. Can withdraw the consent of the newsletter sending given to Proposito by using the link below the newsletter.
9.2. When processing personal data, the data subject also has the following rights:
9.2.1. The right to receive information, i.e. the data subject's right to receive information about the personal data collected about him or her.
9.2.2. The right to inspect data which includes, inter alia, the data subject's right to a copy the processed personal data.
9.2.3. Right to correct incorrect personal data.
9.2.4. The right to delete data, i.e. in certain cases the data subject has the right to demand that personal data was deleted, for example, if the processing takes place only on the basis of consent.
9.2.5. The right to demand a restriction on the processing of personal data. This right arises, among other things, if the processing of personal data is not permitted on the basis of law or if the data subject disputes the accuracy of the personal data. The data subject has the right to demand that the processing of personal data be limited to a time that allows the controller to verify the accuracy of the personal data or if the processing of personal data is illegal, but the data subject does not request the deletion of personal data.
9.2.6. The right to the supervisory authority's assessment of whether the processing of the data subject's personal data is lawful.
10. EXERCISE OF RIGHTS AND SUBMISSION OF CLAIMS
10.1. Exercise of rights:
10.1.1. In the event of a question, request or complaint related to the processing of personal data, the data subject has the right to contact Proposito by e-mail info@proposito.ee
10.2. Submission of complaints:
10.2.1. The data subject has the right to file a complaint with Proposito, the Data Protection Inspectorate or a court if the data subject finds that his or her rights have been violated during the processing of personal data.
10.2.2. Contact information of the Data Protection Board (AKI) can be found on the AKI website at: http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.1. Proposito may collect and process data about visitors on the websites and other information platforms services using Cookies (i.e. small fragments of information stored by the visitor's browser on the visitor's computer or other device's hard drive) or other similar technologies (e.g. IP address, device information, location information).
11.2. Proposito uses the collected data to enable the provision of the service in accordance with the habits of the visitor or the customer; ensure the best quality of service; to inform the visitor and the clients about the content and make recommendations; make ads more relevant and intensify marketing efforts; facilitate login and data protection. The collected data is also used to count visitors and to record their usage habits.
11.3. Proposito uses session, persistent and advertising cookies. The session cookie is automatically deleted after each visit; Persistent cookies remain after repeated use of the website. Third party cookies are used by Proposito partner websites. The origin of these cookies is not controlled by Proposito and due to that information about these cookies should be requested from third parties directly.
11.4. With regard to cookies, visitors agree to their use on the website, in the settings of the platform or in a web browser.
11.5. Most web browsers allow cookies. Without fully enabled cookies, the full functions of the website will not be available to the Visitor. Enabling or disabling cookies and other similar technologies is under the visitor's control through their web browser settings, platform settings and such privacy enhancing platforms.
12. IMPORTANT DOCUMENTS, INSTRUCTIONS, PROCEDURES
12.1. The following documents, procedures, instructions shall be followed when applying the Proposito privacy conditions:
12.1.1. Register of processing operations, which contains all the purposes, methods, types and categories of personal data to be processed and the corresponding bases for processing;
12.1.2. Proposito's policy on the use of organizational and technical measures, which sets out the various measures that Proposito takes to ensure that personal data is kept confidential and secure at all times.
12.1.3. All About Cookies: Descriptions of cookies and other web technologies used by Proposito.
13. CONTACT DETAILS AND INFORMATION
13.1. Contact details relevant to the Proposito data subject:
13.1.1. Proposito can be contacted regarding personal data questions at the e-mail address: info@proposito.ee
14. OTHER TERMS AND CONDITIONS
14.1. Propositol has the right to unilaterally amend these privacy terms. Proposito informs data subjects via www.proposito.ee about the change. We operate on the assumption that if you start using the Proposito website www.proposito.ee, you have read and agreed to the privacy terms.
In the online store, payments are processed using the makecommerce.lt platform managed by Maksekeskus AS (Niine 11, Tallinn 10414, Estonia, reg. No: 12268475), so your personal information necessary to complete and confirm the payment will be transferred to Maksekeskus AS