Privacy Policy

1. General provisions

1.1. This Privacy Policy governs the collection, processing and storage of personal data. Personal data is collected and stored by the data controller Trigono OÜ, registration code: 14733284, Pronksi tn 20 Pärnu 80043, phone: +372 53444505, [email protected] (hereinafter the Controller).

1.2. In this Privacy Policy, the data subject is the customer or another individual whose personal data is processed by the Controller (hereinafter the Subject).

1.3. In this Privacy Policy, a customer is anyone who purchases products or services from the data controller’s website.

1.4. The Controller follows the principles of data processing required by law, including processing personal data in a lawful, fair and secure manner. The Controller can confirm that the personal data has been processed in accordance with the law.

2. Collection, processing and storage of personal data

2.1. The Controller processes and stores personal data that is collected electronically through the website and email.

2.2. The Subject directly or indirectly shares personal data with the Controller when purchasing products and services on the site. By submitting your personal data, you authorize the Controller to collect, organize, use and manage your personal data for the purposes set forth in this Privacy Policy.

2.3. It is the data Subject’s responsibility to ensure that the data they provide is accurate, correct and complete. Knowingly providing false information is considered a violation of this Privacy Policy. The Subject must notify the Controller immediately of any changes to the data provided.

2.4. The Controller is not liable for any damage caused to the Subject or third parties as a result of the Subject providing false data.

3. Processing of personal data

3.1. Controller may process the following personal data of the Subject:

3.1.1. First name and last name;

3.1.2. Date of birth;

3.1.3. Phone number;

3.1.4. Email address;

3.1.5. Delivery address;

3.1.6. Bank account number;

3.1.7. Payment card data;

3.2. In addition to the above, the Controller has the right to collect customer data that is available in public registers.

3.3. The legal basis for processing personal data is §6, section 1, points (a), (b), (c) and (f) of the General Regulation on Personal Data Protection:

(a) the subject has consented to the processing of their personal data for one or more specific purposes;

(b) processing of personal data is necessary to perform a contract concluded with the Subject, or to take pre-contractual measures at the request of the Subject;

(c) processing of personal data is necessary to fulfill a legal obligation of the Controller;

(f) processing of personal data is necessary for the legitimate interests of the Controller or a third party unless such interest outweighs the interests of the Subject or the fundamental rights and freedoms for which the personal data must be protected, in particular, if the data subject is a child.

3.4. Processing of personal data is carried out in accordance with the purposes of processing:

3.4.1. Security and integrity. The maximum period of storage of personal data – in accordance with the conditions established by law.

3.4.2. Order processing. The maximum storage period of personal data is 2 years.

3.4.3. Ensuring the operation of the services of the online store. Maximum storage period of personal data – 2 years.

3.4.4. Customer data management. Maximum storage period of personal data – 2 years.

3.4.5. Financial operations and accounting. Maximum retention period of personal data – in accordance with the conditions established by law.

3.4.6. Marketing. Maximum retention period of personal data – 2 years.

3.5. The Controller has the right to transfer customers’ personal data to third parties, such as authorized data controllers, accountants, transportation and courier companies. The Controller shall transfer personal data required to make payments to Montonio Finance authorized controller.

3.6. When processing and storing the Subject’s personal data, the Controller shall take organizational and technical measures to ensure the protection of personal data from accidental or unlawful destruction, modification, disclosure and any other unlawful purposes.

3.7. The Controller shall store Subjects’ data depending on the purpose of processing, but no longer than in accordance with the conditions established by law.

4. Data Subject’s rights

4.1. The Subject has the right to access and verify their personal data.

4.2. The Subject can change or delete their information on the My Account page.

4.3. The Subject has the right to receive information about the processing of their personal data.

4.4. The Subject has the right to supplement or correct inaccurate data.

4.5. If the Controller processes personal data based on the Subject’s consent, the Subject has the right to withdraw the consent at any time.

4.6. The Subject may contact the online store’s customer service team via e-mail at [email protected] to exercise their rights.

4.6. In order to protect their rights, the Subject has the opportunity to file a complaint with the Data Protection Inspectorate.

5. Cookies

5.1. For ease of use and correct display of we use cookies. These files are stored on your device. With their help, the site remembers some information about you, such as what language you use on the site, what pages have already visited. This information will be useful next time you visit, cookies make it easier to browse and use the site. You can enable or disable cookies in your browser settings. Disallowing cookies may adversely affect the performance of the site.

6. Concluding Provisions

6.1. This Privacy Policy has been prepared on the basis of Regulation (EC) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the repeal of Directive 9546/EC (General Data Protection Regulation), and legislation of the Republic of Estonia and the European Union.

6.2. The Controller has the right to partially or completely change the data protection conditions by notifying Subjects of the changes through the website.