Tarmeko's privacy policy: what and how is done.

Tarmeko's privacy policy

1. Privacy policy purpose
1.1 The purpose of this privacy policy is to ensure the privacy of the customers’ personal data in accordance with the laws of the Republic of Estonia and European Union legislation.
1.2 Tarmeko Group is guided by principles of legality, accuracy, fairness, minimality, reliability and transparency in the processing of personal data of a customer.
1.3 Tarmeko Group confirms that it will make every effort to ensure the security and confidentiality of personal data and to take all measures to ensure that this data is properly maintained.
1.4 The terms and conditions of the privacy policy apply to the relationship between the specific company in the Tarmeko Group and the groups' customers. Also, to the official website (www.tarmeko.ee) of the Tarmeko Group and other websites related to Tarmeko.

2. Definitions and explanations
2.1 Data subject is a physical person (client) who uses or has used or has requested to use Tarmeko Group’s services or is some other way involved with the provided services.
2.2 Personal data is information which is directly or indirectly connected with the physical person’s (client) and is all kinds of information on an identified or identifiable physical person. An identifiable physical person is a person, who can be identified, in particular on the basis of its identification.
2.3 The processing of personal data is an automated or non-automates operation or set of operations (includes collecting, storing, saving, documenting, modifying, deleting, trimming, structuring, accessing; making inquiries, transmissions etc) carried out with personal data or data collections.

2.4 The Recipient is the physical or legal person to whom the personal data will be disclosed.

2.5 The controller is a person or company that implements appropriate technical and organizational measures to ensure that only personal data necessary for the specific purpose of processing is processed by default.
2.6 An authorized processor is a person or company that processes data under a mutually binding agreement, which is between the authorized processor and controller, or under a binding legal act of the Union’s or national law. The agreement is binding for the processor and specifies the content and duration of the processing, the nature and purpose of the processing, the type of personal data and data subject categories, responsibilities and right of the controller.
2.7 The General Data Protection Regulation is a Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on Personal Data Protection).
2.8 The principle of transparency means that the information and messages relating to the processing of personal data are easily accessible, comprehensible and clearly and simply worded. This principle relates, in particular, to inform data subjects about the identity of the controller and the purpose of processing and additional information in order to ensure fair and transparent processing of the natural persons concerned and their right to receive confirmation and messages regarding the processing of personal data relating to them.
2.9 Website cookies are session identifiers that are small data blocks made out of a text. The web server then sends the cookie to the web page user's web browser and is stored on the

3. The responsible controller
3.1 The controller is a legal person belonging to the Tarmeko Group, where a private client (physical person) applies for or has requested various services.
3.2 Tarmeko Group includes the following responsible data controllers:
3.2.1 Tarmeko KV OÜ;
3.2.2 Tarmeko LPD OÜ;
3.2.3 Tarmeko Pehmemööbel OÜ;
3.2.4 Tarmeko Metall OÜ;
3.2.5 Tarmeko Spoon AS.

4. Authorized Data Processor
4.1 The authorized data processor is Voog.
4.2 Voog servers are located in the Zone Media Data Center in Amsterdam.
4.3 However, data from Voog's customers and their customers are also kept.
4.4 In addition, Voog data (images and files served on the web page and feed backups) are stored on Amazon's Irish-based services.

5. Objectives for the processing of personal data
5.1 Tarmeko Group collects data only to the extent necessary to complete the signed contracts and to provide the best possible service to the customers.
5.2 Selling transaction or provision of services (incl. orders).
5.3 Contact with the client.
5.4 Managing customer relationships.
5.5 Delivery of goods.
5.6 Improving service.
5.7 Transmission of offers with the explicit consent of the Client.
5.8 Website development.
5.9 Analyzing feedback.
5.10 Making statistics.

6. Personal data
6.1 General information.
6.1.1. First and last name.
6.1.2 Telephone number.
6.1.3 E-mail address.
6.1.4 Postal address (if needed).
6.2 Demographic data.
6.2.1 Date of birth.
6.2.2 Identity Code.
6.2.3 Sex.
6.3 Financial data.
6.3.1 Bank account.
6.3.2 Credit Card Information.
6.3.3 Credit assessment.
6.4 Feedback.
6.4.1 Requests and feedback from data subjects.
6.5 Tracking data.
6.5.1 IP address (to determine the location from the GeoIP base to the maximum accuracy of the city).
6.5.2 Unique User Information (login ID and password and security issues).
6.5.3 Web Browser.
6.5.4 Display resolution.
6.5.5 Language settings.
6.5.6 Visited subpage.
6.5.7 Reference from the previous page (referrer from where the visitor reached the page).
6.5.8 Page Name.
6.6 Details of the employment relationship.
6.6.1 Data from previous work experience and education.
6.6.2 Interests in the professional context.
6.6.3 Data released by the data subject and made available voluntarily to third parties (social networking sites).
6.7 Health data.
6.7.1 The state of health of the worker on the incapacity allowance.
6.7.2 In the event of an accident in the territory of the Tarmeko group, the health status of the data subject.
6.7.3. The health information of the data subject in the situation where the data subject health problems are due to the products of Tarmeko Group.
6.8 The Tarmeko Group does not process specific types of personal data (for example, racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.).7. Website cookies
7.1 Tarmeko Group uses cookies to collect home page data, which allows mapping and storing various activities and preferences related to the website's visitor's or person's behaviour on the website. Above all, cookies are used to collect statistical data based on the preference of visiting the website. You can disable cookies and delete them by changing the web browser's privacy settings.
7.2 Session cookie (edicy_session) is an encrypted session cookie that, when visiting a webpage, contains client data only if the visitor of the page is logged in with a password-protected page. The cookie expires in 14 days.
7.3 The last visited page language code (site_lang) is the cookie last used to remember the language so that during the new visit it will be on the same language on the page. The cookie expires in 2 years.
7.4 Stream statistics service.
7.4.1 Unique Visitor Cookie (ewsa), expiring in 2 years.
7.4.2 Visitor cookie (ewsb), which expires in 30 minutes.
7.5 In addition to the Stream Statistic Service, services will also be used, from which the information provided will enable us to see the general model of the use of the website and help to save any difficulties associated with the use of the page.
7.6 Google Analytics. Learn about Google Trends at www.google.com/policies/privacy/partners/. To opt out of these, you can download the Google Analytics Browser opt-out plugin available at https://tools.google.com/dlpage/gaoptout.
7.7 Mouseflow. Mouseflow collects information related to mouse clicks, mouse movements, browsing behaviour, but does not collect personal information and does not track user browsing habits on other websites. Mouseflow practice is available at http://mouseflow.com/privacy. Mouseflow information can be discarded. For more information, see https://mouseflow.com/opt-out/.

8. The legal basis for data processing.
8.1 Regulation (EU) No 2016/679 of the European Parliament and of the Council.
8.2 Personal Data Protection Act.

9. Rights of the data subject
9.1 The right to request access to personal data held by Tarmeko Grupp.
9.2 The right to request the termination of the processing of personal data.
9.3 The right to request the deletion of personal data.
9.4 The right to request the correction of their personal data.
9.5 The right to request the restriction of your personal data.
9.6 The right to request the transfer of personal data.
9.7 The right to waive the consent for the processing of personal data.
9.8 The right to object to the processing of personal data.
9.9. The right to receive a response to queries and requests within a reasonable time, but not later than within 30 days upon receipt of an application or request.
9.10 The right to request information for the exercise of these rights in advance.
9.11 The right to file complaints regarding the processing of personal data by the Estonian Data Protection Inspectorate (info@aki.ee).

10. Security
10.1 Tarmeko Group shall take all precautionary measures (including administrative, technical and physical and other measures) to protect the customer's personal data. Access to data editing and processing is restricted to authorized persons.
10.2 Tarmeko Group confirms that it does not transfer personal information to third parties without the prior consent of the client unless the obligation to provide information arises from the need for the customer to complete the sale (for example, the address for the courier service) or as provided for in the legislation.
10.3 Tarmeko Group and Stream will use appropriate technical and organizational measures to store personal data. Both companies keep personal information under their responsibility.
11. Contact details for the processing of personal data
11.1 If you have any questions regarding privacy policy or data processing, please contact Tarmeko Group customer service or contact Tarmeko Group representative if there is a suspicion that the data subject's rights have been violated. Contacts are:
11.1.1 Tarmeko KV OÜ - tarmeko@tarmeko.ee;
11.1.2 Tarmeko LPD OÜ - sales@tarmeko.ee;
11.1.3 Tarmeko Pehmemööbel OÜ - pm@tarmeko.ee;
11.1.4 Tarmeko Metall OÜ - olev.allik@tarmeko.ee;
11.1.5 Tarmeko Spoon AS - veneer@tarmeko.ee.

11.2 With regard to the processing of personal data, we also ask you to consult the Data Protection Inspectorate's website (www.aki.ee).