Privacy Policy
1. General Provisions
1.1. This Privacy Policy regulates the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller Lifte OÜ (hereinafter the Data Controller).
1.2. A data subject for the purposes of this Privacy Policy is a customer or any other natural person whose personal data is processed by the Data Controller.
1.3. A customer for the purposes of this Privacy Policy is anyone who purchases goods or services from the Data Controller’s website.
1.4. The Data Controller adheres to the data processing principles established by legislation and processes personal data lawfully, fairly, and securely. The Data Controller is able to confirm that personal data has been processed in accordance with applicable legal requirements.
2. Collection, Processing and Storage of Personal Data
2.1. Personal data that the Data Controller collects, processes, and stores is gathered electronically, primarily through the website and email.
2.2. By sharing their personal data, the data subject grants the Data Controller the right to collect, organise, use, and manage the personal data for the purposes outlined in this Privacy Policy, whether the data is provided directly or indirectly when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. Knowingly providing false information is considered a violation of this Privacy Policy. The data subject must promptly notify the Data Controller of any changes to the submitted data.
2.4. The Data Controller is not liable for any damage caused to the data subject or third parties as a result of the data subject providing incorrect information.
3. Processing of Customer Personal Data
3.1. The Data Controller may process the following personal data of the data subject:
3.1.1. First and last name
3.1.2. Date of birth
3.1.3. Phone number
3.1.4. Email address
3.1.5. Delivery address
3.1.6. Bank account number
3.1.7. Payment card details
3.2. In addition to the above, the Data Controller has the right to collect data about the customer that is available in public registers.
3.3. Legal basis for personal data processing according to Article 6(1)(a), (b), (c), and (f) of the GDPR:
a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract with the data subject or for taking steps prior to entering into a contract at the request of the data subject;
c) processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
f) processing is necessary for the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the rights and freedoms of the data subject, especially if the data subject is a child.
3.4. Processing of personal data according to purpose:
3.4.1. Purpose: security and safety
Retention period: as required by law
3.4.2. Purpose: order processing
Retention period: 3 years
3.4.3. Purpose: ensuring the functioning of e-commerce services
Retention period: 3 years
3.4.4. Purpose: customer management
Retention period: 3 years
3.4.5. Purpose: financial activities, accounting
Retention period: as required by law
3.4.6. Purpose: marketing
Retention period: 3 years
3.5. The Data Controller has the right to share customers’ personal data with third parties such as authorised processors, accountants, transport and courier service providers, and payment service providers.
The Data Controller is the main controller of personal data. For payment processing, the Data Controller forwards the necessary personal data to the authorised processor Montonio Finance UAB.
3.6. In processing and storing personal data, the Data Controller applies organisational and technical measures that protect personal data from accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
3.7. The Data Controller stores personal data depending on the purpose of processing, but not longer than 3 years unless otherwise required by law.
4. Rights of the Data Subject
4.1. The data subject has the right to access their personal data and review it.
4.2. The data subject has the right to receive information about the processing of their personal data.
4.3. The data subject has the right to correct or supplement inaccurate data.
4.4. If the Data Controller processes personal data based on the data subject’s consent, the data subject has the right to withdraw their consent at any time.
4.5. To exercise their rights, the data subject may contact customer support at info@lifte.ee.
4.6. The data subject has the right to submit a complaint to the Estonian Data Protection Inspectorate.
5. Final Provisions
5.1. This Privacy Policy has been prepared in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR), the Personal Data Protection Act of the Republic of Estonia, and other applicable EU and Estonian legislation.
5.2. The Data Controller has the right to amend the Privacy Policy in part or in full by notifying data subjects via the website or by email at info@lifte.ee.
