Privacy

Privacy Policy

General Data Protection Conditions

1.1. This document (hereinafter referred to as the “Data Protection Terms”) explains how Vesiir OÜ (hereinafter referred to as the “Service Provider”), located at Pärnu mnt 141, 11314 Tallinn, registration number 10203514, uses personal data and ensures its lawful processing, confidentiality and security.

1.2. The Service Provider is responsible for fulfilling its obligations, and for the secure and fair processing of personal data through its employees and systems.

1.3. The Service Provider processes personal data in accordance with the principles set out in the General Data Protection Regulation, the Personal Data Protection Act, the Money Laundering and Terrorist Financing Prevention Act and in other relevant legislation of the guidelines of the Data Protection Inspectorate, and these Data Protection Terms.

1.4. The Service Provider bases its processing of personal data on the following:

1.4.1. Lawfulness, fairness and transparency.

1.4.2. The Service Provider processes personal data for specific and clearly defined legitimate purposes.

1.4.3. The Service Provider shall only process personal data that is necessary to achieve the purpose of the processing.

1.4.4. The Service Provider shall take appropriate measures to ensure the accuracy of the data being processed, and shall correct or delete inaccurate and redundant data as soon as possible.

1.4.5. The Service Provider retains personal data only for as long as is necessary for the purpose of processing personal data or to fulfil a legal obligation.

1.4.6. The Service Provider has implemented physical, organizational and technological security measures to ensure the lawful processing and protection of personal data. We are based on the principles of reliability and confidentiality.

1.5. The Service Provider has the right to unilaterally amend these Data Protection Terms at any time by notifying the same on the website www.vesiir.ee/en/privacy .

  1. Definitions

2.1. Personal data – any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, personal identification number, location information, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social characteristics of that natural person.

2.2. Service – Services provided by the Service Provider to the Client. The Service Provider provides the following services (see www.vesiir.ee):

2.3.1. Consultation;

2.3.2. Contact Person Service.

2.3. Data subject (hereinafter referred to as “Client”) is a natural person whose personal data is processed by Vesiir OÜ. For the purposes of the Data Protection Terms, the Client is primarily the Service Provider’s transaction partners and persons whose personal data the Service Provider has received when providing services to transaction partners.

2.4. Processing of personal data – any automated or non-automated operation or set of operations performed on personal data or sets of such data, such as collection, documentation, organization, structuring, storage, adaptation and modification, retrieval, reading, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

2.5. Personal data breach – a breach of security that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

2.6. Controller – A natural or legal person who determines the purposes and means of the processing of personal data.

2.7. Processor – A natural or legal person who processes personal data on behalf of a Controller. A Service Provider is a Controller or Processor of personal data in various personal data processing operations. Processors may also be involved (e.g. an accounting firm, a cloud service provider, a web hosting company, etc.).

  1. Processing of Personal Data

3.1. The Service Provider collects and processes the following personal data when providing services to the client:

3.2. The Client’s first and last name, personal identification number, address, telephone number, e-mail address.

3.3. The Client’s bank account number;

3.4. The Client’s purchase history;

3.5. Information about the Client’s order and service use;

3.6. Website usage statistics (IP address, device information, browser type).

  1. Purpose of Processing Personal Data

4.1. The Service Provider processes the Client’s data only for the purpose of providing the service and fulfilling the client agreement, improving quality and fulfilling legal obligations;

4.2. Client identification;

4.3. For billing and payment management;

4.4. Customer service and communication, responding to inquiries;

4.5. Fulfilling legal obligations;

4.6. For developing the website and improving user experience;

4.7. The Client consents to the processing of his/her personal data to the extent necessary for the provision of services and the fulfilment of these terms and conditions.

  1. Legal Basis for Processing Personal Data

5.1. The legal basis for processing personal data is data received from the Client: by e-mail, from various documents, from the invoice submitted to the Client, from the order form of the e-shop, etc.;

5.2. Performance of the contract concluded with the Client;

5.3. Performance of the obligation arising from legal acts;

5.4. Client’s consent (e.g. sending marketing information);

5.5. The legitimate interest of the Service Provider, as the provider of a service (e.g. ensuring the functioning of the website);

  1. Retention of Personal Data

6.1. We retain personal data for as long as necessary to fulfil the purposes for which it was collected or to comply with obligations arising from legislation.

  1. Sharing of Personal Data

7.1. The Service Provider does not sell or transfer the Client’s data to third parties, except if necessary.

7.2. To provide the service (e.g. payment service provider, web hosting service);

7.3. To fulfil obligations arising from legislation.

  1. Customer Rights

8.1. Right to be informed;

8.2. Right to access data;

8.3. Right to rectify data;

8.4. Right to erasure of data, “right to be forgotten” (especially for marketing purposes).

It may happen that complete deletion of all personal data is not possible, because we also use the data to fulfil the contract, in connection with which deletion of data before the expiry of the term is not permitted for reasons arising from the contract or the law. Contact us with questions about your rights: info@vesiir.ee