- what personal data (hereinafter as data) MTÜ Lilleoru and Lilleoru Keskus OÜ (hereinafter as Lilleoru) collects and processes regarding offering its services and products, including offering its services and products via its websites www.lilleoru.ee;
- how Lilleoru uses and collects data;
- what measures Lilleoru takes to guarantee safety and integrity of data.
When and to whom these principles apply?
How do we process data?
MTÜ Lilleoru (registry code 80143446, Taevasmaa tee 17, Aruvalla, Rae vald, Harju County 75320, ESTONIA) and Lilleoru Keskus OÜ for the homepage subpage https://pood.lilleoru.ee/ (registry code 11514140, Taevasmaa tee 17, Aruvalla, Rae vald, Harju County 75320, ESTONIA).
What is personal data and what data do we process?
Personal data (data) is data that is specifically or indirectly related to you as an individual.
Lilleoru collects the following data:
1. In order to provide services or sell products, we ask you to provide us with the following information, among others:
- Full name (given name and last name) or in case of a legal person, the name of its representative and contact person;
- Personal code or in case of a legal person, registry code;
- Contact details (phone number, e-mail).
2. In addition, we store and process the following data in connection with the provision of services, the sale of products and online shop services:
- Data listed above;
- Data that is needed for login and authentication (for instance IP-address, cookies);
- Correspondence between you and Lilleoru;
- Information about the use of the services offered by Lilleoru and participation in the courses (eg which Art of Conscious Change courses have you participated in);
- Statistical demographic data (for instance age, gender, profession);
- Data necessary for delivery of the goods (eg suitable parcel machine, delivery address, etc.);
- Data necessary for making the payment (eg the bank used by the buyer, etc);
- Data related to orders (incl. pending orders) (eg data of goods added to the shopping cart, payment data, etc).
3. We collect and use the following data in connection with the provision of the website and online shop services:
- Data on the use of our e-store and website, its services and functionalities, and information collected with the help of cookies (eg from which page the website was accessed, etc.;
- Data to personalize content and ads;
- Data for providing social media functions;
- Data about the buyer published in public databases or on the Internet (eg information about the buyer's interests, eg data from Google Analytics, data from Facebook, etc.).
What is the purposes and legal basis for data processing?
Lilleoru is processing data for the following purposes and under the following legal basis:
1. On the basis of complying with the agreement:
- To perform the agreement for the provision of services and products;
- Customer relationship management;
- Providing access to services and products, including via online shop and our home page.
2. On the basis of our legitimate interests:
- To ensure the quality of services and products;
- To prove transactions and customer communication and to exercise the rights of Lilleoru (incl. to claim a debt);
- To provide additional services;
- For marketing analysis (eg to explain your needs and preferences as a Lilleoru customer or website user, etc.);
- Customer satisfaction surveys and statistics;
- To provide a website and online shop offers.
3. On the basis of a legal obligation:
- For example, for accounting and transmission of data to authorized public authorities, etc.
The use of authorized data processors.
We may authorize the processing of data to our contractual partners (eg Human OÜ, etc.) who process the data for our purposes, in accordance with the instructions and within the limits of the authorization fixed by a written agreement. You can request more detailed information about the authorized data processors used by Lilleoru (eg names and locations, etc.) by writing to firstname.lastname@example.org.
What do we do to protect data and ensure privacy?
We guarantee that all data collected is confidential and protected, and Lilleoru does not transfer, sell or disclose data to third parties without a legal basis (such as your consent or if we are required to do so by law, etc.). We guarantee the accuracy and security of the processed data. You are also responsible for the accuracy of the information you disclose. The website may contain links to third party websites or services. Their websites and services have different privacy policies. Lilleoru is not responsible for the privacy policies of third parties or the processing of data related to its activities, and we recommend that you read the privacy policies of each third party separately before using the website or service.
How do we ensure data security?
We implement necessary IT technical, organizational and physical security measures to protect data from unauthorized persons and against unintentional or unlawful deletion, alteration, disclosure, transfer or other unauthorized or unlawful processing. Only certain authorized persons have access to change and process the data. All information in our organization is treated as confidential information. Lilleoru is not responsible for third party access to the devices under your control, the Internet and their security.
What do you need to do to protect your data?
To ensure data security, our website and online shop must be used carefully and with secure devices (eg computer, smartphone, application, etc.). Usernames, passwords, passwords, as well as ID card, Mobile ID and Smart-ID PIN codes related to you, your device or our website or online shop must be kept secret and protected. Please be aware that we cannot guarantee the security of the data and are not liable for any possible negative consequences if the data is not protected due to your own failure to comply with the above security requirements.
Are we transferring data outside the European Union?
We generally process data within the European Union, but in some cases they are transmitted and processed (including stored) in countries outside the EU (eg direct marketing service providers). For more detailed information on data transfer outside the EU, please contact us at e-mail email@example.com.
How do we use your contact information for marketing purposes?
If we have received your contact information in connection with the provision of our services or the sale of products, we may send you offers for our products or services either by post or e-mail, unless you have prohibited us from doing so. We may also provide Lilleoru with offers for similar or related services or products made by our carefully selected partners (eg Human OÜ). The partner will not have access to your data unless you have expressed a specific interest in the partner's goods or services.
How can I unsubscribe from the offers?
You have the right to contact Lilleoru at any time to indicate your wish not to receive personal offers. To unsubscribe from newsletters and direct marketing letters, each newsletter and / or direct mail has a link (unsubscribe). You can also cancel by writing to firstname.lastname@example.org. If you have canceled the offers, but still want to receive them in the future, it is possible to allow sending offers again by joining the newsletter recipients via the Website or by writing to email@example.com. In connection with the provision of the service and / or products, Lilleoru has the right to contact you at any time and send you a feedback e-mail at any time in order to improve the quality of the service.
What are Cookies and how do we use them?
- to personalize content and ads;
- to provide social media features;
- to analyze the use of websites.
We may also provide our social media, advertising and analytics partners with information about how the website is used. The use of such cookies is not directly necessary for the functioning of the website, but it ensures a better browsing experience. Cookies can be deleted or blocked, but in this case not all functions of the website may work as intended. Cookies help us to offer our services and products better and more personally.
What is Google Analytics and how do we use it?
What are Facebook’ modules?
What, how and for what reason the website keeps logs?
The server hosting our website may store queries made by the user to the server (web address opened by the user, browser and device used by the user, IP address, access time). This data is used only for technical purposes to ensure the operation and security of the website and to detect security incidents.
How you can get to know the data in more detail and submit requests for data?
You can get more detailed information about your data by asking questions at the e-mail address firstname.lastname@example.org or via your e-shop account. If the data has changed or is incorrect for any other reason, you must notify the e-mail address email@example.com or change it yourself in the e-shop. We have the right to respond to such inquiries within 30 days.
What are your rights regarding personal data?
You have the following rights regarding your data:
- You have the right to access your personal data at any time;
- Right to accuracy of personal data. If you have discovered incorrect data or changed your personal data while reviewing your data, you can always change them either in our online shop or by contacting us;
- The right to be forgotten. In certain cases, you have the right to have your data deleted. This applies in particular to data processing based on consent and legitimate interests. This includes, for example, marketing profiles and the like. Complete deletion of data is not possible if we also use the data for other purposes, in connection with which deletion of data is not permitted either by contract or law (eg contracts and invoices must be kept for 7 years under the Accounting Act). The final deletion of data cannot be requested before the online shop order has been fulfilled and the time for submitting claims has elapsed, as in this case we will have to process the data in order to fulfill your order;
- Right to object. You have the right to object to the processing of data concerning you, which we do on the basis of a legitimate interest. If an objection is submitted, we will terminate the data processing if possible;
- The right to restrict the processing of data concerning you. You have the option of restricting the processing of data by notifying us in the following cases: to verify the accuracy of personal data if you have challenged its accuracy; to record illegal data processing; you need data to prepare, file or defend a legal claim; you object to the consideration of a legitimate interest and wish to limit the processing until a decision is taken;
- The right to contact us or the supervisory authority and the court if you would like further information regarding the use of your data. If you think your privacy has been violated, you can contact the Data Protection Inspectorate.
How long we keep the data?
What to do if you want more information about data processing?
If you would like a more detailed explanation of your data processing, please write to us at e-mail firstname.lastname@example.org. We will respond to your inquiry as soon as possible, but no later than within 30 days.