Privacy Policy

1. General Provisions

1.1. This privacy policy governs the principles for the collection, processing, and storage of personal data. Personal data are collected, processed, and stored by the data controller Viies maitse OÜ (hereinafter the Controller).

1.2. For the purposes of this privacy policy, a data subject is a customer or any other natural person whose personal data are processed by the Controller.

1.3. For the purposes of this privacy policy, a customer is anyone who purchases goods or services from the Controller’s website.

1.4. The Controller follows the data-processing principles set out in legislation and, among other things, processes personal data lawfully, fairly, and securely. The Controller is able to confirm that personal data have been processed in accordance with the requirements laid down by law.

2. Collection, Processing, and Storage of Personal Data

2.1. The personal data that the Controller collects, processes, and stores are collected electronically, mainly via the website and e-mail.

2.2. By sharing their personal data, the data subject grants the Controller the right to collect, organize, use, and manage, for the purposes defined in this privacy policy, the personal data that the data subject directly or indirectly shares with the Controller when purchasing goods or services on the website.

2.3. The data subject is responsible for ensuring that the data they provide are accurate, correct, and complete. Knowingly providing false information is considered a breach of this privacy policy. The data subject is obliged to inform the Controller immediately of any changes to the data provided.

2.4. The Controller is not liable for damage caused to the data subject or third parties as a result of the data subject providing incorrect information.

3. Processing of Customers’ Personal Data

3.1. The Controller may process the following personal data of the data subject:

3.1.1. First and last name;
3.1.2. Date of birth;
3.1.3. Telephone number;
3.1.4. E-mail address;
3.1.5. Delivery address;
3.1.6. Bank account number;
3.1.7. Payment card details.

3.2. In addition to the above, the Controller has the right to collect data about the customer that are available in public registers.

3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation:

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3.4. Processing of personal data according to purpose:

3.4.1. Purpose – safety and security
Maximum retention period – as specified by law.

3.4.2. Purpose – order processing
Maximum retention period – two months.

3.4.3. Purpose – ensuring the functioning of the online store’s services
Maximum retention period – two months.

3.4.4. Purpose – customer management
Maximum retention period – two months.

3.4.5. Purpose – financial activities, accounting
Maximum retention period – as specified by law.

3.4.6. Purpose – marketing
Maximum retention period – two months.

3.5. The Controller has the right to share customers’ personal data with third parties such as authorized processors, accountants, transport and courier companies, and companies providing payment transfer services. The Controller is the data controller. For the purpose of making payments, the Controller transmits the personal data necessary for payment processing to the authorized processor Maksekeskus AS.

3.6. In processing and storing the data subject’s personal data, the Controller applies organizational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

3.7. The Controller retains data subjects’ data depending on the purpose of processing, but for no longer than seven (7) years.

4. Rights of the Data Subject

4.1. The data subject has the right to access and review their personal data.

4.2. The data subject has the right to receive information about the processing of their personal data.

4.3. The data subject has the right to supplement or correct inaccurate data.

4.4. If the Controller processes the data subject’s personal data on the basis of the data subject’s consent, the data subject has the right to withdraw consent at any time.

4.5. To exercise their rights, the data subject may contact the online store’s customer support at sales@54gurmee.ee.

4.6. To protect their rights, the data subject may also lodge a complaint with the Estonian Data Protection Inspectorate.

5. Final Provisions

5.1. These data-protection terms are drawn up in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and the legislation of the Republic of Estonia and the European Union.

5.2. The Controller has the right to amend the data-protection terms in part or in full by informing data subjects of the changes via the website shop.jree.ee

Images are for illustrative purposes. In rare cases, when a product is unavailable, it will be replaced with an equivalent or better product.