Privacy Policy of Peppersack AS

This Privacy Policy (hereinafter the Privacy Policy) provides for the principles on the basis of which Aktsiaselts PEPPERSACK (hereinafter Peppersack) collects and processes personal data of their customers.

The Privacy Policy applies to any and all cases where Peppersack collects and processes personal data of customers who are natural persons (hereinafter the Customer), particularly to the extent in which Peppersack collects and processes personal data of the Customers of the Peppersack’s online store (hereinafter the Online Store).

Controller of personal data

The controller of personal data of the Customers is Aktsiaselts PEPPERSACK, registry code 10304876, address Viru 2 Tallinn.

Peppersack kindly asks anyone having any questions or concerns related to this Privacy Policy and to the processing of personal data of the Customers to contact Peppersack at e-mail address peppersack@peppersack.ee.

Principles of collection and processing of personal data

Customer’s consent. Peppersack collects personal data of the Customers with the consent of the Customers at the start of and during the customer relationship upon the purchase and use of Peppersack’s products and services by the Customers. Peppersack only collects personal data of the Customers if the Customers provide such information voluntarily.

Manner of granting consent. By transferring personal data to Peppersack AS via the website for the purpose of using the services of Peppersack, the Customer grants consent for the processing of their personal data, ticking the following field: “I have read the Privacy Policy of AS Peppersack and grant consent to the processing of my personal data.”

When transferring personal data in any other manner, the Customer grants consent to the processing of personal data in a format that can be reproduced in writing.

Peppersack processes personal data submitted by the Customer in compliance with the requirements established in applicable law and always proceeds from the interests, rights and freedoms of the Customer when processing personal data.

The objective of Peppersack is the responsible processing of personal data, adhering to the best practice and keeping in mind that there is a constant readiness to demonstrate the compliance of the processing of personal data with the purposes established.

All the Peppersack’s operations and procedures related to the processing of personal data are based on the following principles:

* the principle of lawfulness – personal data can only be collected in an honest and lawful manner;

* the principle of purposefulness – personal data can only be collected for the achievement of determined and lawful purposes, and they shall not be processed in a manner not conforming to the purposes of data processing;

* the principle of minimalism – personal data can only be collected to the extent necessary for the achievement of determined purposes;

* the principle of restricted use – personal data can be used for other purposes only with the consent of the Customer or with the permission of a competent authority;

* the principle of data quality – personal data must be up-to-date, complete and necessary for the achievement of the purpose of data processing;

* the principle of security – security measures shall be applied in order to protect personal data from involuntary or unauthorised processing, disclosure or destruction;

* the principle of individual participation – the Customer shall be notified of data collected concerning them, the Customer shall be granted access to the data concerning them and the Customer has the right to demand the rectification of inaccurate or misleading data.

Purposes of processing personal data

Peppersack collects personal data of the Customers for the following purposes:

* for selling and delivering products to the Customers via the Online Store;

* for communicating with the Customers interested in the products and services provided by Peppersack (incl. by e-mail, via social media and, if necessary, by telephone).

Peppersack generally processes the data of the Customers because this is necessary for the performance of the contract entered into with the participation of the Customer or for the application of measures preceding the entry into the contract on the basis of the Customer’s request/reservation. In such a case, the contract entered into with the Customer or the Customer’s request for pre-contractual negotiations shall serve as a legal basis for data processing.

Personal data to be processed

Peppersack may collect personal data to the extent necessary for the purpose of the provision of services, and such data primarily include, but are not limited to, the Customer’s name, e-mail address, postal address, telephone number, preferred language and bank account number.

When the Customer visits the website, Peppersack may collect non-personal data of the Customer via the technical information transmitted by digital devices (e.g. cookies and other similar technologies). Such data include, for instance, the date and time of visiting the website, information downloaded from the website, information about the name of the browser and operating system, the Internet service provider and other similar information.

Peppersack processes such data anonymously and the data are used for statistical purposes and for the purpose of improving the functionality of the website.

When starting to use the Peppersack’s website, the Customer consents to the collection of non-personal data.

Transfer of personal data to third parties

Peppersack AS does not transfer the Customer’s personal data to third parties, unless the obligation to submit the data arises from the legislation applicable in the Republic of Estonia.

Customer’s rights regarding processing of personal data

The Customer has the right to address Peppersack at any time on the basis of the corresponding written and free-format request (peppersack@peppersack.ee) to exercise their rights arising from legislation:

* the right to request access to the personal data concerning the Customer;

* the right to demand rectification of data;

* the right to demand erasure of data;

* the right to restrict processing of personal data;

* the right to object to the processing of personal data;

* the right that no decisions are made in respect of the Customer on the basis of processing carried out by automated means;

* the right to file a complaint with the Data Protection Inspectorate (www.aki.ee).

Amendment of Privacy Policy

Peppersack has the right to amend and supplement the Privacy Policy at any time. The applicable Privacy Policy is always available at the Peppersack’s website.