Privacy policy

Effective Date: 13.05.2024

At kristintattar.com, operated by Vasudhara OÜ (Estonian registry code 14950722; “we”, “us”), we deeply value the privacy of our customers and visitors. Protecting your personal information is a core aspect of our business ethics and operations. We are committed to handling your personal data with care and respect, ensuring transparency and trust throughout your experience with us.

This Privacy Policy explains how we collect, use, and protect the personal data provided by users when they access our website or make purchases from our online store. It aims to provide clarity on our data processing practices and your rights under the General Data Protection Regulation (GDPR) and applicable privacy legislation.

By engaging with our website and services, you acknowledge and consent to the practices described in this Privacy Policy. If you disagree with any terms provided herein, we advise refraining from using our services.

1. Data Controller

1.1.       Identification of the Data Controller: The data controller responsible for the processing of your personal data on kristintattar.com is Vasudhara OÜ, a company registered in the Republic of Estonia, under company registration number 14950722.

1.2.       Contact Details: If you have any questions about this Privacy Policy or our data processing practices, or if you wish to exercise any of your rights as described in this policy, please contact us by email: help@kristintattar.com.

2. PERSONAL DATA COLLECTED

2.1.       Types of Personal Data Collected: we collect various types of personal data to provide and improve our products to you. This data includes, but is not limited to:

·           Contact Information: such as your name, email address, telephone number, and shipping address, which you provide when you make a purchase.

·           Payment Information: necessary to process payments, such as your credit card numbers or bank account details, collected securely through our payment processing partners.

·           Transaction Data: details about the products you buy, as well as the date and time of your purchase.

·           Communication Records: any communications with us via email or otherwise.

·           Subscription Data: information provided by you when you opt-in to receive our newsletter, which may include email address, marketing preferences and activity to tailor our communications.

·           Usage Data: information on how you use our website, including the pages you view and the links you click, collected via cookies and similar technologies.

2.2.       Method of Data Collection:

·           Direct Collection: We gather data directly from you when you enter it on our website during purchase processes, or while interacting with us.

·           Indirect Collection: Data is also collected indirectly through the use of cookies and other tracking technologies that record your interactions with our website. This helps us understand your preferences and improve your user experience.

3. PURPOSE OF DATA PROCESSING

3.1.       We collect and process personal data for specific and limited purposes to ensure transparency and maintain trust with our users. The personal data you provide us is used for the following purposes:

·           Order Fulfillment: We use your contact and payment information to process and deliver your orders efficiently. This includes managing payments, arranging shipping, and providing you with invoices and/or order confirmations.

·           Customer Service: Your contact details and communication records are used to respond to your inquiries, solve any potential issues with our products or services, and improve overall customer support.

·           Marketing and Communication: With your consent, we use your contact information to send promotional emails about new products, special offers, or other information we think you may find interesting. You can opt-out of these communications at any time.

·           Website Improvement: Usage data helps us analyze how our website is used, which assists in improving website functionality and creating a more personalized shopping experience.

·           Legal Compliance: We process personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

4. LEGAL BASIS FOR PROCESSING

4.1.       We ensure that all processing of your personal data is based on clear legal grounds as required under applicable data protection laws, including the General Data Protection Regulation (GDPR). The legal bases for processing your personal data include:

·           Contractual Necessity: We process your personal data as necessary to fulfill our contractual obligations to you. This includes using your contact and payment information to complete transactions, deliver products you have ordered, and communicate with you about the status of your order.

·           Consent: For certain types of processing, such as sending marketing communications and placing cookies that are not strictly necessary for the functioning of the website, we rely on your explicit consent. You have the right to withdraw your consent at any time, and withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

·           Legitimate Interests: We process some of your data under the legal basis of legitimate interests, which include improving our services, preventing fraud and securing our tools, provided that such processing does not outweigh your rights and freedoms. For instance, we may analyze purchase history and website usage to offer you personalized product recommendations.

·           Legal Obligations: We may be required to process your personal data to comply with legal obligations, such as tax laws, consumer protection laws, and other regulatory requirements affecting our business.

·           Vital Interests: In rare cases, we may use your personal data to protect a vital interest of yours or of another person, such as in the case of emergencies that pose a threat to health or safety.

5. DATA RECIPIENTS

5.1.       We share your personal data with selected third parties who play a crucial role in ensuring that we can provide our products to you. The categories of recipients with whom your data may be shared include:

·           Payment Processors: To handle transactions and process payments securely, we share necessary payment data with our trusted payment processing partners. This ensures that your purchases are processed efficiently and securely.

·           Delivery Services: Your contact details and delivery address are shared with courier and shipping companies to facilitate the delivery of products you have purchased from our online store.

·           Marketing Partners: With your consent, we may share your contact information with marketing partners who help us manage our advertising and promotional campaigns or conduct marketing on our behalf.

·           Service Providers: We engage various service providers who assist with our business operations, such as website hosting, data analysis, IT services, customer service, email delivery services, and other similar services.

·           Legal and Regulatory Authorities: When required by law or as necessary to protect our rights or the rights of others, we may disclose your data to regulatory authorities, law enforcement officials, government agencies, or authorized third-parties.

5.2.       The sharing of your personal data is conducted in a manner consistent with the legal obligations and protections outlined in our privacy policy. We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5.3.       The personal data we collect may be processed and stored in countries outside the European Union (EU), particularly if our service providers or partners are located in such jurisdictions. We recognize that countries outside the EU may not offer the same level of data protection as those within the EU. Therefore, we have implemented robust safeguards to ensure that your personal data remains protected according to the standards set by the General Data Protection Regulation (GDPR).

6. DATA RETENTION

6.1.       We are committed to ensuring that your personal data is not kept for longer than necessary for the purposes for which it was collected. Our data retention periods are based on several criteria:

·           Purpose of the Data: We retain your personal data as long as necessary to fulfill the specific purposes outlined in this Privacy Policy, such as completing transactions, managing our ongoing business relationship, and complying with legal obligations.

·           Legal Requirements: We consider any legal obligations that require us to retain data for a certain period of time, such as tax laws and regulations requiring data to be kept for specific durations.

·           Statute of Limitations: Data may be retained based on the statute of limitations of claims that might arise from our business relationships.

·           Business Needs: Data is sometimes kept for periods that align with our business needs and practices, such as account management, customer service, and dispute resolution.

·           Consent: Where we process data based on your consent, such as for marketing purposes, we will retain the data for the duration of your consent and delete it if you withdraw consent.

6.2.       Upon expiration of the retention period, your data will be deleted or anonymized so it can no longer be linked to you. We regularly review our data retention practices to ensure they comply with applicable laws and regulations and reflect best practices.

7. RIGHTS OF DATA SUBJECTS

7.1.       We recognize and prioritize the protection of your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. As a data subject, you are entitled to several rights regarding the processing of your personal data:

·           Right of Access: You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data along with details regarding its processing.

·           Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete personal data completed.

·           Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent and no other legal basis for processing exists.

·           Right to Restriction of Processing: You have the right to request the limitation of the processing of your personal data, which allows us to store your data but not further process it under certain conditions.

·           Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transferred to another controller without any hindrance from us.

·           Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests, including profiling. Additionally, you can object to processing for direct marketing purposes.

·           Right to Withdraw Consent: If the processing of your personal data is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7.2.       How to Exercise Your Rights: To exercise any of these rights, please contact us at the contacts outlined in Section 1. When making a request, we may require you to provide specific information to verify your identity and ensure your right to access the data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1.       Use of Cookies and Tracking Technologies: We use cookies and other tracking technologies to enhance your browsing experience and improve our website. These technologies are used for various purposes, such as:

·           Analytics and Performance: To understand how our visitors use the website and to measure the effectiveness of our content and advertising. This helps us learn what parts of our website are most appealing and what kind of offers our users like to see.

·           Personalization: To provide a personalized experience on our website, including targeted advertising and tailored content that we believe would be of most interest to you.

·           Functionality: To enable certain functions of the website, such as shopping carts and other essential features that improve usability and experience.

8.2.       Control Over Cookies: You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

·           Browser Settings: You can adjust the settings in your browser to delete cookies or prevent automatic acceptance if you prefer. Information on adjusting these settings is typically found in the “options” or “preferences” menu of your browser.

·           Third-Party Tools: Various third-party tools are available online that can help you manage and restrict the use of cookies or track online behavioral advertising.

Please be aware that disabling cookies may affect the functionality of our website and many other websites that you visit. Therefore, we recommend that you do not disable cookies when using our website unless you are sure that you do not require functionality that uses them.

9. SECURITY MEASURES

9.1.       Commitment to Data Security: We prioritize the security of your personal data. We implement a range of technical and organizational measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction. Some of the key security measures we employ include:

·           Encryption: We use SSL/TLS encryption for data transmitted to and from our website, ensuring that your personal information, including payment details, is securely encrypted during online transactions.

·           Access Controls: Strict access controls are in place to limit who can access your personal data. Only personnel who need access to your data to perform their job functions are granted access.

·           Data Backup: Regular backups are performed to ensure that personal data is not lost in the event of a hardware failure or other disaster. These backups are stored securely and are accessible only by authorized personnel.

9.2.       Reporting Security Breaches: Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. However, should any breach of personal data occur, we will follow all applicable laws regarding the notification of individuals and authorities as required.

10. LINKS TO OTHER WEBSITES

10.1.   We may provide links to other websites for your convenience and information. These websites may have their own privacy policies and practices that differ from ours. We do not endorse or make any representations about third-party websites. We encourage you to review the privacy policies of any third-party websites before providing them with any personal information.

11. CHANGES TO PRIVACY POLICY

11.1.   We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon posting on the website.