OÜ Loodusvägi Privacy Policy

valid from 25.05.2018

OÜ Loodusvägi (hereinafter ‘Loodusvägi’ or ‘we/us/our’) offers health-promoting organic products through informed product development, responsible production and marketing. We wish to support organic rural life and to contribute to the development of a clean planet.

Our Privacy Policy explains and describes how, for what purposes, and on what basis we process our customers’ (hereinafter ‘you/your’) personal data, as well as what your rights are regarding your personal data and what our liability and obligations are.

The Privacy Policy is accessible on our website www.loovfood.com. Please note that we may change the Privacy Policy from time to time. We shall notify you of any changes a reasonable time beforehand.

1. Controller

We are the controller of your personal data. Our contact details: OÜ Loodusvägi, registry code 11544988, address Mehaanika tn 21, Tallinn, Estonia, e-mail: andmekaitse@loodusvagi.ee.

2. What personal data do we process?

We process your following personal data:

(1) Personal information and contact details, e.g. name, e-mail address, phone number, IP address;

(2) Cookie data (see item 6).

We may receive personal data directly from you when you visit our website, when you submit your personal data on our website along with a request to receive the newsletter, or when you contact us via the contact details published on the web.

3. For what purposes do we process your personal data?

We process personal data for the following purposes:

(1) To deliver our newsletter;

(2) To process your inquiries and requests;

(3) To carry out satisfaction surveys and analyses of customer preferences, and to use results of surveys and analyses to market and develop products, among other things;

(4) To ensure the better functioning of our website.

4. On what basis do we process your personal data?

We process personal data in accordance with the requirements of the current legislation in Estonia, which is in line with the European General Data Protection Regulation (GDPR).

We primarily process personal data on the basis of our legitimate interest (item 3.1 and 3.3 and 3.4 of the Privacy Policy) and to fulfill legal obligations (item 3.2 of the Privacy Policy).

5. What are your rights relating to personal data?

You have the following rights related to your personal data:

(1) Right to access personal data – You have the right to know what personal data we store about you and how we process these, including the right to know the purpose of processing, the persons to whom we disclose the data, information regarding automated decision making and the right to get copies of your personal data.

(2) Right to rectify personal data – You have the right to request insufficient, incomplete and incorrect personal data to be rectified.

(3) Right to withdraw consent given for the processing of personal data – You have the right to withdraw consent given to us for the processing of personal data. Please note that withdrawing consent shall have no impact on the lawfulness of processing that has occurred before the withdrawal.

(4) Right to the erasure of personal data (‘the right to be forgotten’) – In some cases you have the right to demand that we erase your personal data (e.g. you withdraw the consent given to process personal data or personal data is no longer needed for the purposes for which they were collected). We have the right to refuse to erase personal data when the processing of personal data is necessary to fulfill our legal obligations, to exercise the right to freedom of expression and information, for the establishment, exercising or defense of legal claims or if it is in the public interest.

(5) Right to the restriction of processing – In certain cases you have the right to forbid or restrict the processing of your personal data for a limited time (e.g. you have objected to the processing of personal data).

(6) Right to object – You have the right, depending on the specific situation, to object to us processing your personal data, when the processing of your personal data is performed due to our legitimate interest or in the public interest. You may object to the processing of personal data for the purpose of direct marketing at any time and we shall react immediately.

(7) Right to data portability – If the processing of your personal data is based on your consent and your personal data is processed automatically, then you have the right to obtain the personal data about you that you have presented to us as the controller, in a structured, commonly used format and in machine-readable form and you have the right to transfer personal data to another controller. In addition, you have the right to demand that we transmit personal data directly to another controller when it is technically feasible.

(8) Automated decision-making (incl. profiling) – If we have informed you that we use decision-making based on automated decision-making (incl. profiling) that shall have legal consequences to you or shall have a significant impact on you, then you may demand that the automated decision is not made based solely on automated processing.

(9) Lodging a complaint – You have a right to lodge a complaint against us in connection with personal data processing with the personal data protection supervisory authority in the Republic of Estonia, the Estonian Data Protection Inspectorate (www.aki.ee).

You can find more information about your rights in Chapter 3 of the GDPR.

If you would like to exercise one of your rights relating to personal data or to ask a question about the Privacy Policy, please submit a request to the e-mail andmekaitse@loodusvagi.ee. We shall generally respond to your request via e-mail no later than within one month.

Please note that before we can issue you with the information that you have requested in relation to your personal data, we must verify your identity.

6. Cookies

We use cookies on our website that you can accept if you choose to use our website. Cookies help us to improve the services offered to you and make these more convenient.

We may also use the following third-party cookies:

Google cookies enable us to target you with advertising and to measure the effectiveness of these.

Google Analytics cookies – we use these to analyse website traffic in order to determine whether a guest is a returning or a new one, which sub pages of the website are visited, how much time is spent on the website and where our visitors originate from. This type of data is essential for us to be able to better understand the behavior of our website visitors and to improve the website’s user experience.

Infusionsoft is used to analyse the effectiveness of our newsletters and other marketing messages we send you. We mainly use it to analyse whether the newsletter we sent has been opened and whether the links included in the newsletter have been clicked on. This type of data is necessary for us to analyse the effectiveness of newsletters.

As our website visitor, you have the option to disable or restrict the storing of cookies on your device according to your preferences. You can also delete any cookies that have already been stored on your device. To do this, you must change the privacy settings on your web browser. However, not all website functions may work when cookies are disabled or restricted.

Data on how users use our websites and applications are used for statistical purposes in order to improve our websites and applications, and to display personalized content to customers.

If you prefer your personal data not to be processed when you visit our website during browsing, you can activate the private browsing feature of your web browser.

7. What kinds of security measures do we implement for personal data?

We implement various measures (physical, technical, organisational) to protect personal data from illegal or unauthorized alteration, disclosure, acquisition, destruction, loss or unauthorized access to them.

We have restricted our employees’ and processors’ access to personal data. Access to personal data is only granted to those persons who directly require access in order to carry out their duties.

We only use processors who have provided us with sufficient guarantees and who we believe are able to process personal data securely. We enter into written agreements with all our processors, thereby ensuring that all our processors implement sufficient protective measures in relation to personal data.

8. What should be done in the case of a personal data breach?

Please notify us immediately of any personal data breach or imminent risk of a breach that you become aware of at andmekaitse@loodusvagi.ee. We take the subject of personal data security very seriously and we shall react immediately to any potential cases of a breach.

9. To whom do we disclose personal data?

We shall disclose your personal data or provide access to personal data to authorities and supervisory authorities when we have a legal obligation to do so.

We shall disclose your personal data to our processors, as well as to persons who have a legal right to receive personal data.

We generally process personal data within the European Economic Area (European Union countries plus Norway, Iceland and Liechtenstein). If we need to transfer your personal data outside the European Economic Area then the transfer shall take place in accordance with the requirements of the GDPR.

10. How long do we retain personal data for?

We shall retain personal data for as long as it is required or permitted according to legislation or necessary for the purposes set out in the Privacy Policy.

We shall retain personal data relating to disputes until the expiration of the claim.

At the end of the personal data retention period we shall delete the personal data permanently.