Privacy Policy

1. General Provisions

1.1. This privacy policy governs the principles for the collection, processing, and storage of personal data. The personal data is collected, processed, and stored by the data controller Energiakaubamaja OÜ (hereinafter referred to as the data processor).
1.2. The data subject, within the meaning of this privacy policy, is a client or any other natural person whose personal data is processed by the data processor.
1.3. The client, within the meaning of this privacy policy, is anyone who purchases goods or services from the data processor’s website.
1.4. The data processor follows the principles of data processing as established in legislation, ensuring that personal data is processed lawfully, fairly, and securely. The data processor can confirm that personal data is processed in accordance with the law.

2. Collection, Processing, and Storage of Personal Data

2.1. Personal data collected, processed, and stored by the data processor is obtained electronically, primarily via the website and email.
2.2. By sharing personal data, the data subject grants the data processor the right to collect, organize, use, and manage personal data for the purposes specified in the privacy policy, whether directly or indirectly shared when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the provided data is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject must promptly notify the data processor of any changes to the provided data.
2.4. The data processor is not responsible for any damages resulting from the data subject providing incorrect information, whether to the data subject or third parties.

3. Processing of Customers’ Personal Data

3.1. The data processor may process the following personal data of the data subject:
3.1.1. First and last name;
3.1.2. Date of birth;
3.1.3. Phone number;
3.1.4. Email address;
3.1.5. Delivery address;
3.1.6. Bank account number.

3.2. In addition to the aforementioned, the data processor has the right to collect data about the client from public registers.
3.3. The legal basis for processing personal data is Article 6(1) (a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):

• (a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
• (b) Processing is necessary for the performance of a contract entered into with the data subject or to take steps at the data subject’s request before entering into a contract;
• (c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
• (f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests override the interests of the data subject or fundamental rights and freedoms that require the protection of personal data, especially in cases where the data subject is a child.

3.4. Processing of personal data based on the purpose:

• Security and safety – Maximum retention period: according to legal regulations.
• Order processing – Maximum retention period: 2 years.
• Functionality of the online store – Maximum retention period: 2 years.
• Customer management – Maximum retention period: 2 years.
• Financial activities, accounting – Maximum retention period: according to legal regulations.
• Marketing – Maximum retention period: 2 years.

3.5. The data processor has the right to share customers’ personal data with third parties, such as authorized data processors, accountants, transport and courier companies, and payment service providers. The data processor is the responsible data controller. The data processor transfers the necessary personal data for payment processing to the authorized processor Montonio Finance OÜ.
3.6. When processing and storing personal data, the data processor implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other unauthorized processing.
3.7. The data processor retains data based on the processing purpose but no longer than 7 years.

4. Rights of the Data Subject

4.1. The data subject has the right to access their personal data and review it.
4.2. The data subject has the right to receive information about the processing of their personal data.
4.3. The data subject has the right to supplement or correct inaccurate data.
4.4. If the data processor processes the data subject’s personal data based on consent, the data subject has the right to withdraw consent at any time.
4.5. To exercise their rights, the data subject can contact the online store’s customer support at info@energiakaubamaja.ee.
4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate to protect their rights.

5. Final Provisions

5.1. This privacy policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), as well as with the Personal Data Protection Act of the Republic of Estonia and other applicable Estonian and European Union legislation.
5.2. The data processor has the right to partially or fully amend the privacy policy by notifying data subjects through the website https://energiakaubamaja.ee.