Privacy Policy
1. General provisions
2. Collection, processing and storage of personal data
3. Processing of the personal data of customers
4. Rights of the data subject
5. Final provisions
Valid from: 01.08.2020
Confirmed by: Jüri Vau, TVC OÜ member of the Board
1. GENERAL PROVISIONS
1.1. This Privacy Policy governs the principles of collection, processing and storage of personal data. Personal data is collected, processed and stored by the controller of personal data TVC OÜ (hereinafter the Controller).
1.2. In the meaning of the Privacy Policy, a data subject is a customer or other natural person, whose personal data is processed by the data controller.
1.3. In the meaning of the Privacy Policy, a customer is anyone, who buys goods or services from the website of the data processor.
1.4. The Controller follows the data processing principles provided in legislation, amongst other things, the Controller processes personal data lawfully, fairly and securely. The Controller is able to confirm that personal data has been processed in compliance with the provisions of legislation.
2. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
2.1. The personal data that is collected, processed and stored by the Controller is collected physically (in case of physical signing of the contract and deeds of delivery and receipt) or electronically (via the website, e-mail and warehouse management information system).
2.2. By sharing his/her personal data, the data subject grants the Controller the right to collect, organize, use and manage for the purposes specified in the Privacy Policy the personal data, which the data subject shares directly or indirectly with the Controller, using the services of TVC OÜ.
2.3. The data subject is responsible for ensuring that the data provided by them is accurate, correct and complete. Knowingly providing false information is deemed a violation of the Privacy Policy. The data subject is obliged to immediately notify the Controller of any changes in the provided data.
2.4. The Controller is not responsible for damage caused to the data subject or third parties through the provision of false data by the data subject.
3. PROCESSING OF THE PERSONAL DATA OF CUSTOMERS
3.1. The Controller may process the following personal data of the data subject:
3.1.1. First name and surname;
3.1.2. identity code;
3.1.3. address;
3.1.4. telephone number;
3.1.5. e-mail address;
3.1.6. addresses of the place of departure and the place of destination;
3.1.7. current account number;
3.1.8. payment card details.
3.2. In addition to the above, the Controller has the right to collect customer data that is available in public registers.
3.3. The legal basis for the processing of personal data is the General Data Protection Regulation § 6 (1) p-d a), b), c) and f):
3.3.1. a) the data subject has given their consent to the processing of their personal data for one or more specific purposes;
3.3.2. b) the processing of personal data is necessary for the performance of a contract concluded with the involvement of the data subject or for taking measures prior to the conclusion of the contract in accordance with the request of the data subject;
3.3.3. c) processing of personal data is necessary in order to fulfill the legal obligation of the Controller;
3.3.4. f) processing of personal data is necessary in case of a legitimate interest of the Controller or a third party, unless such interest is outweighed by the interests or the fundamental rights and freedoms of the data subject, for which personal data must be protected, especially if the data subject is a child.
3.4. Processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing – security and safety.
The maximum period of storage of personal data - according to the deadlines specified in the law.
3.4.2. Purpose of processing – financial activity, accounting.
The maximum period of storage of personal data - according to the deadlines specified in the law.
3.4.3. Purpose of processing - processing of the order.
Maximum storage period of personal data – 12 months from the expiry of the Contract.
3.4.4. Purpose of processing - customer management.
Maximum storage period of personal data – 12 months from the expiry of the Contract.
3.5. The Controller has the right to share the personal data of customers with third parties, such as Authorized Processors - accountants, transportation and courier companies, companies offering cloud service solutions and transmission services. This includes the Controller forwarding to the authorized processor Maksekeskus AS the personal data necessary for making payments.
3.6. The Controller carries out the processing and storage of the personal data of data subjects, implementing organizational and technical measures that ensure the protection of personal data against accidental or illegal destruction, modification, publication and any other illegal processing.
3.7. The Controller stores the data of data subjects for a period depending on the purpose of processing, but not longer than 27 years.
4. RIGHTS OF THE DATA SUBJECT
4.1. The data subject has the right of access to his/her personal data and to view the data.
4.2. The data subject has the right to receive information about the processing of his/her personal data.
4.3. The data subject has the right to modify or rectify inaccurate data.
4.4. If the Controller processes the personal data of the data subject on the grounds of the consent of the data subject, the data subject has the right to withdraw the consent at any time.
4.5. The data subject can turn to TVC OÜ at the customer support e-mail address to exercise the rights: info@tvc.ee.
4.6. The data subject can file a complaint with the Data Protection Inspectorate for the protection of his/her rights.
5. FINAL PROVISIONS
5.1. These data protection conditions have been drawn up in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and the free movement of such data and on the repeal of Directive 95/46 / EC (General Regulation on the Protection of Personal Data), the Personal Data Protection Act of the Republic of Estonia and the legislation of the Republic of Estonia and the European Union.
5.2. The Controller has the right to change the data protection conditions partially or completely, notifying the data subjects of the changes via its website www.tvc.ee.