Controller of personal data
The controller of personal data of the Customers is Aktsiaselts PEPPERSACK, registry code 10304876, address Viru 2 Tallinn.
Principles of collection and processing of personal data
Customer’s consent. Peppersack collects personal data of the Customers with the consent of the Customers at the start of and during the customer relationship upon the purchase and use of Peppersack’s products and services by the Customers. Peppersack only collects personal data of the Customers if the Customers provide such information voluntarily.
When transferring personal data in any other manner, the Customer grants consent to the processing of personal data in a format that can be reproduced in writing.
Peppersack processes personal data submitted by the Customer in compliance with the requirements established in applicable law and always proceeds from the interests, rights and freedoms of the Customer when processing personal data.
The objective of Peppersack is the responsible processing of personal data, adhering to the best practice and keeping in mind that there is a constant readiness to demonstrate the compliance of the processing of personal data with the purposes established.
All the Peppersack’s operations and procedures related to the processing of personal data are based on the following principles:
* the principle of lawfulness – personal data can only be collected in an honest and lawful manner;
* the principle of purposefulness – personal data can only be collected for the achievement of determined and lawful purposes, and they shall not be processed in a manner not conforming to the purposes of data processing;
* the principle of minimalism – personal data can only be collected to the extent necessary for the achievement of determined purposes;
* the principle of restricted use – personal data can be used for other purposes only with the consent of the Customer or with the permission of a competent authority;
* the principle of data quality – personal data must be up-to-date, complete and necessary for the achievement of the purpose of data processing;
* the principle of security – security measures shall be applied in order to protect personal data from involuntary or unauthorised processing, disclosure or destruction;
* the principle of individual participation – the Customer shall be notified of data collected concerning them, the Customer shall be granted access to the data concerning them and the Customer has the right to demand the rectification of inaccurate or misleading data.
Purposes of processing personal data
Peppersack collects personal data of the Customers for the following purposes:
* for selling and delivering products to the Customers via the Online Store;
* for communicating with the Customers interested in the products and services provided by Peppersack (incl. by e-mail, via social media and, if necessary, by telephone).
Peppersack generally processes the data of the Customers because this is necessary for the performance of the contract entered into with the participation of the Customer or for the application of measures preceding the entry into the contract on the basis of the Customer’s request/reservation. In such a case, the contract entered into with the Customer or the Customer’s request for pre-contractual negotiations shall serve as a legal basis for data processing.
Personal data to be processed
Peppersack may collect personal data to the extent necessary for the purpose of the provision of services, and such data primarily include, but are not limited to, the Customer’s name, e-mail address, postal address, telephone number, preferred language and bank account number.
When the Customer visits the website, Peppersack may collect non-personal data of the Customer via the technical information transmitted by digital devices (e.g. cookies and other similar technologies). Such data include, for instance, the date and time of visiting the website, information downloaded from the website, information about the name of the browser and operating system, the Internet service provider and other similar information.
Peppersack processes such data anonymously and the data are used for statistical purposes and for the purpose of improving the functionality of the website.
When starting to use the Peppersack’s website, the Customer consents to the collection of non-personal data.
Transfer of personal data to third parties
Peppersack AS does not transfer the Customer’s personal data to third parties, unless the obligation to submit the data arises from the legislation applicable in the Republic of Estonia.
Customer’s rights regarding processing of personal data
The Customer has the right to address Peppersack at any time on the basis of the corresponding written and free-format request (firstname.lastname@example.org) to exercise their rights arising from legislation:
* the right to request access to the personal data concerning the Customer;
* the right to demand rectification of data;
* the right to demand erasure of data;
* the right to restrict processing of personal data;
* the right to object to the processing of personal data;
* the right that no decisions are made in respect of the Customer on the basis of processing carried out by automated means;
* the right to file a complaint with the Data Protection Inspectorate (www.aki.ee).