Privacy Policy
General provisions
1.1. This privacy policy regulates the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the personal data controller SUMAR OÜ (hereinafter referred to as the data processor).
1.2. For the purposes of this privacy policy, a data subject is a customer or other natural person whose personal data is processed by the data processor.
1.3. For the purposes of this privacy policy, a customer is anyone who purchases goods or services from the data processor’s website.
1.4. The data processor complies with the principles of data processing set out in legislation, including processing personal data lawfully, fairly and securely. The data processor is able to confirm that personal data has been processed in accordance with the provisions of legislation.
2. Collection, processing and storage of personal data
2.1. The personal data collected, processed and stored by the data processor is collected electronically, mainly via the website and e-mail.
2.2. By sharing their personal data, the data subject grants the data processor the right to collect, organize, use, and manage personal data for the purposes specified in the privacy policy, which the data subject shares with the data processor directly or indirectly when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the data they provide is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject is obliged to immediately notify the data processor of any changes to the data provided.
2.4. The data processor is not liable for any damage caused to the data subject or third parties by the submission of false data by the data subject.
3. Processing of customers’ personal data
3.1. The data processor may process the following personal data of the data subject:
3.1.1. First name and surname;
3.1.2. Telephone number;
3.1.3. E-mail address;
3.1.4. Delivery address;
3.1.5. Bank account number;
3.2. In addition to the above, the data processor has the right to collect data about the customer that is available in public registers.
3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c) and (f) of the General Data Protection Regulation:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
f) processing of personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
g) processing of personal data for direct marketing purposes
3.4. Processing of personal data in accordance with the purpose of processing:
3.4.1. Purpose of processing – security and safety
Maximum period of storage of personal data – in accordance with the periods specified by law
3.4.2. Purpose of processing – order processing
Maximum period for storing personal data – in accordance with the terms specified by law
3.4.3. Purpose of processing – ensuring the functioning of e-store services
Maximum period for storing personal data – in accordance with the terms specified by law
3.4.4. Purpose of processing – customer management
Maximum period for storing personal data – in accordance with the terms specified by law
3.4.5. Purpose of processing – financial activities, accounting
Maximum period for storing personal data – in accordance with the terms specified by law
3.4.6. Purpose of processing – marketing
Maximum period for storing personal data – in accordance with the terms specified by law
3.5. The data processor has the right to share customers’ personal data with third parties, such as authorized data processors, accountants, transport and courier companies, and companies providing transfer services. The data processor is the controller of personal data. The data processor forwards the personal data necessary for making payments to the authorized processor Montonio AS.
3.6. When processing and storing the personal data of data subjects, the data processor implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
3.7. The data processor shall store the data subjects’ data depending on the purpose of processing, but for no longer than 15 years.
4. Use of cookies on the sumar.ee website
Sumar.ee uses cookies to operate the website and provide a better user experience for visitors. Cookies are small text files that are stored on your computer or mobile device when you visit websites. Cookies help us analyze visitor behavior on the website, provide personalized content and advertisements, and improve the overall web experience.
4.1 Consent to the use of cookies
By visiting the sumar.ee website, you consent to the use of cookies in accordance with this privacy policy.
4.2 Types of cookies on the sumar.ee website
4.2.1 Necessary cookies: These cookies are essential for the basic functionality of the website and enable you to navigate the site and use its features. These cookies do not collect personal information.
4.2.2 Functional cookies: These cookies allow us to remember your preferences and improve the functionality of the website.
4.2.3 Analytical cookies: These cookies help us collect information about how visitors use the website so that we can improve and customize our website.
If you have any questions about the use of cookies on the sumar.ee website, please contact us at info@sumar.ee.
5. Rights of the data subject
5.1. The data subject has the right to access and review their personal data.
5.2. The data subject has the right to receive information about the processing of their personal data.
5.3. The data subject has the right to supplement or correct inaccurate data.
5.4. If the data processor processes the data subject’s personal data on the basis of the data subject’s consent, the data subject has the right to withdraw their consent at any time.
5.5. The data subject can exercise their rights by contacting the e-store’s customer support at info@sumar.ee.
5.6. The data subject may also lodge a complaint with the Data Protection Inspectorate to protect their rights.
6. Final provisions
6.1. These data protection conditions have been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Directive 95/46/EC EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and the legislation of the Republic of Estonia and the European Union.
6.2. The data processor has the right to change the data protection conditions in part or in full, informing the data subjects of the changes via the website www.sumar.ee.