PRIVACY POLICY of the Bugimine OÜ Online Store

Bugimine OÜ (hereinafter “Bugimine”) has committed itself to being a trustworthy and right-respecting partner for the Buyer in the processing of personal data. Accordingly, we have formulated privacy policy principles concerning the collection, use, disclosure, transmission, and storage of customer data.

1. DEFINITIONS

1.1. Data Subject means a natural person about whom Bugimine holds information, or information that can be used to identify a natural person. Data Subjects are, for instance, Customers, cooperation partners, and employees who are natural persons and whose personal data Bugimine holds.
1.2. Privacy Policy means this text that sets outs Bugimine’s principles of Personal Data Processing.
1.3. Personal Data means any information relating to an identified or identifiable natural person.
1.4. Personal Data Processing means any operation or set of operations performed on the Personal Data of the Data Subject, regardless of the method and means used, such as collection, recording, organisation, storage, alteration and disclosure, provision of access to, consultation and retrieval, use, transmission, alignment, combination, blocking, erasure, or destruction of Personal Data.
1.5. Customer means any natural or legal person who is using or has expressed a wish to use Bugimine’s services.
1.6. Contract means a contract on the sale or provision of a Service or another contract formed between Bugimine and the Customer.
1.7. Website www.bugimine.com means the website of Bugimine.
1.8. Visitor means a person who is using the website of Bugimine.
1.9. Child means a person under 13 years of age in the context of Personal Data Processing in the Republic of Estonia.
1.10. Services mean any services and products provided by Bugimine.
1.11. Cookies mean data files that are from time to time stored in the Website Visitor’s device.
1.12. Bugimine’s Data Protection Officer means a person who monitors the application of Bugimine’s principles of Personal Data Processing, and whom the Data Subject can contact in case of a complaint.
1.13. Sales Channels mean ways of communication used by Bugimine to communicate with the Data Subject, a means designed for the sale of goods and provision of services, including e-mail, telephone, public and social media, various messengers, individualised and interactive advertisements, and other similar tools on the Websites and elsewhere.
1.14. Product Portfolio means the various products and Services of Bugimine, a list of which is available on the website at www.bugimine.com.
In the Privacy Policy, Contract, and communication between the parties, terms shall have the meanings set out afore.

2. GENERAL PROVISIONS

2.1. Bugimine is the legal person Bugimine OÜ, registry code 14286327, located at Retke tee 28-6, Tallinn, 13419.
2.2. Bugimine may process personal data:
2.2.1. as a controller, determining the purposes and means of processing;
2.2.2. as a processor, following the controller’s instructions;
2.2.3. as a recipient to the extent of being transmitted Personal Data.
2.3. This Privacy Policy applies to the Data Subjects, and the rights and obligations set out in the Privacy Policy are followed by all employees and cooperation partners of Bugimine who have access to the Personal Data held by Bugimine.
2.3.1. This Privacy Policy may be supplemented by privacy statements published on the Website or in devices, these may also be used to alter and modify the Privacy Policy.

3. PRINCIPLES

3.1. When Processing Personal Data, Bugimine always has regard to the interests, rights, and freedoms of Data Subjects.
3.2. Bugimine aims at responsible Personal Data Processing that is based on best practices, keeping in mind constant readiness to demonstrate conformity of Personal Data Processing to the aims set.
3.3. All the processes, instructions, operations, and activities of Bugimine related to Personal Data Processing adhere to the following principles:
3.3.1. Lawfulness. There is a legal basis, such as consent, for Personal Data Processing.
3.3.2. Fairness. Personal Data Processing is fair, above all requiring that the Data Subject has adequate information about the manner of Personal Data Processing.
3.3.3. Transparency. Personal Data Processing is transparent to the Data Subject.
3.3.4. Purposefulness. Personal Data are collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes.
3.3.5. Accuracy. Personal Data are accurate and, where necessary, kept up to date; every reasonable step has been taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are Processed, are erased or rectified.
3.3.6. Storage limitation. Personal Data are kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed. This means that if Bugimine wishes to retain Personal Data longer than is necessary for the purpose of collection, Bugimine shall anonymise the data in such way that the Data Subject is no longer identifiable. Data which Bugimine has received by means of a customer relationship or another similar relationship shall be retained by Bugimine according to best practices, and data processed based on consent shall be retained until withdrawal of such consent.
3.3.7. Integrity and confidentiality. Personal Data shall be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful Processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

4. COMPOSITION OF PERSONAL DATA

4.1. Bugimine collects, inter alia, the following types of Personal Data:
4.1.1. Personal Data disclosed to Bugimine by the Data Subject (name, e-mail address, postal address, telephone number);
4.1.2. Personal Data generated as a result of the usual communication between the Data Subject and Bugimine;
4.1.3. Personal Data which are manifestly made public by the Data Subject (e.g. in social media);
4.1.4. Personal Data generated when Services are being used (e.g. when making a purchase at the online store);
4.1.5. Personal Data generated as a result of visiting and using the Website (e.g. time spent on the Website);
4.1.6. Personal Data received from third parties;
4.1.7. Personal Data created and combined by Bugimine (correspondence within the context of a customer relationship or an order history list).

5. COMPOSITION OF PERSONAL DATA, PURPOSES AND BASIS OF PERSONAL DATA PROCESSING

5.1. Bugimine Processes Personal Data solely based on consent or law.
5.2. Bugimine processes Personal Data based on consent precisely within the limits, to the extent, and for the purposes determined by the Data Subject. In the case of consent, Bugimine applies the principle that any consent must be clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Consent may be granted in writing, by electronic means, or as an oral statement. The Data Subject shall grant his or her consent as a freely given, specific, informed and unambiguous indication, for instance by ticking a box on the Website.
5.3. Legitimate interests mean the interests of Bugimine in running and managing its business so as to offer the best possible Services on the market. On a legal basis, Bugimine processes Personal Data only after careful assessment to ascertain that Bugimine has legitimate interests based on which Personal Data Processing is necessary and conforms to the interests and rights of the Data Subject. In particular, Personal Data Processing based on legitimate interests can be done for the following purposes:
5.3.1. To ensure a confidential customer relationship; for example, Personal Data Processing that is strictly necessary to ascertain the actual beneficiaries or to prevent fraud;
5.3.2. Administration and analysis of the customer base to improve the availability, selection, and quality of Services, and to make the best and more personal offers to the Customer by consent;
5.3.3. Identifiers and Personal Data collected when websites, mobile apps, and other Services are used. Bugimine uses the collected data for web analysis or for analysing, ensuring the functionality of, improving, and keeping statistics on mobile and information society services, and for analysing the Visitor behaviour and user experience, and for providing a better and more personal Service;
5.3.4. Organisation of campaigns, including the organisation of personalised and directed campaigns, conducting of Customer and Visitor satisfaction surveys, and measurement of the effectiveness of performed marketing activities;
5.3.5. Analysis of Customer and Visitor behaviour in various Sales Channels, Websites;
5.3.6. On the considerations of network, information and cyber security; for instance, for combating piracy and for ensuring security of Websites, and measures taken for making and storing backup copies;
5.3.7. For the establishment, exercise, or defence of legal claims.
5.4. To fulfil a legal obligation, Bugimine Processes Personal Data in order to fulfil an obligation provided in law, or to employ lawfully permitted uses. For example, there are legal requirements for the processing of payments, or for following the rules of money laundering.
5.5. If Personal Data are processed for a purpose other than that for which the Personal Data were originally collected, or if such processing is not based on consent granted by the Data Subject, Bugimine shall carefully assess the acceptability of such processing.

6. DISCLOSURE AND/OR TRANSMISSION OF CUSTOMER DATA TO THIRD PARTIES

6.1. Bugimine cooperates with parties to whom Bugimine may transmit data relating to Data Subjects, Personal Data included, in the context and for the purpose of cooperation.
6.2. Such third parties may include advertising and marketing partners, companies conducting customer satisfaction surveys, debt collection service providers, payment default registers, IT partners, parties, establishments, and organisations intermediating or providing a postal service provided that:
6.2.1. the relevant purpose and Personal Data Processing is lawful;
6.2.2. Personal Data Processing is done following Bugimine’s instructions and based on a valid contract.
6.3 Bugimine forwards the Personal Data necessary for making payments to the authorized processor Maksekeskus AS.

7. SECURITY OF PERSONAL DATA PROCESSING

7.1. Bugimine retains Personal Data only for a strict minimum of time necessary. Personal Data with an expired period of retention shall be destroyed, using best practices and following the relevant procedures established by Bugimine.
7.2. In the case of an incident of any kind relating to Personal Data, Bugimine shall take any measures necessary for mitigating the consequences and managing any relevant future risks. Inter alia, Bugimine shall register all such incidents, and in the prescribed cases, notify the Data Protection Inspectorate and the Data Subject directly.

8. PROCESSING OF THE PERSONAL DATA OF CHILDREN

8.1. Bugimine’s Services, information society services included, are not aimed at children.
8.2. Bugimine does not consciously collect information about persons under 13 years of age, i.e. Children, and in the case of conscious relevant activity, we shall comply with the parent’s or guardian’s wishes.
8.3. If Bugimine finds out that it has nevertheless collected Personal Information from or concerning a Child, Bugimine shall do its utmost to stop such Personal Data Processing.

9. RIGHTS OF THE DATA SUBJECT

9.1. Rights related to consent:
9.1.1. The Data Subject may, at any time, notify Bugimine of his or her wish to withdraw his or her consent for Personal Data Processing.
9.1.2. You can withdraw your consent to receive newsletters, granted to Bugimine, using the link below the newsletter.
9.2. In Personal Data Processing, the Data Subject also has the following rights:
9.2.1. The right to obtain information, i.e. the Data Subject’s right to obtain information about the Personal Data collected about him or her.
9.2.2. The right to access the data, which, inter alia, includes the Data Subject’s right to a copy of the Processed Personal Data.
9.2.3. The right to rectify inaccurate Personal Data.
9.2.4. The right to erasure of data, i.e. in certain cases, the Data Subject has the right to have Personal Data erased, for instance, when such Processing is done only based on consent.
9.2.5. The right to have Personal Data Processing restricted. This right arises, inter alia, if Personal Data Processing is not prohibited by law, or if the accuracy of the Personal Data is contested by the Data Subject. The Data Subject has the right to have Personal Data Processing restricted for a period enabling the controller to verify the accuracy of the Personal Data, or if Personal Data Processing is unlawful, but the Data Subject opposes the erasure of the personal data.
9.2.6. The right to the supervisory authority’s assessment on whether or not the Processing of the Data Subject’s Personal Data is lawful.

10. EXERCISE OF RIGHTS AND LODGING OF COMPLAINTS

10.1. Exercise of rights:
10.1.1. In the case of any questions, requests, or complaints relating to Personal Data Processing, the Data Subject has the right to address these to Bugimine by e-mail at info@bugimine.com.
10.2. Lodging of complaints:
10.2.1. The Data Subject has the right to address his or her complaints to Bugimine, the Data Protection Inspectorate, or the court if the Data Subject considers that his or her rights have been infringed in Personal Data Processing.
10.2.2. The contact details of the Data Protection Inspectorate (AKI) are available on its website at www.aki.ee.

11. COOKIES AND OTHER WEB TECHNOLOGIES

11.1. Bugimine may collect data about the Visitors of Websites and other information society services, using Cookies (i.e. small pieces of information that are stored by the Visitor’s browser on the hard drive of the Visitor’s computer or other device), or other similar technologies (e.g. IP address, device information, location information), and to process such data.
11.2. Bugimine uses the collected data to enable provision of the Service according to the Visitor or Customer’s habits; to ensure the best Service quality; to inform the Visitor and Customer about the content and make recommendations; to make advertisements more relevant and enhance marketing efforts; to facilitate logins and data protection. Collected data are also used to count Visitors and record their use habits.
11.3. Bugimine uses session, persistent, and advertising cookies. A session cookie is automatically deleted after each visit; persistent cookies remain when the Website is used repeatedly. Third party Cookies may be used by the Websites of Bugimine’s partners. The generation of such Cookies is beyond Bugimine’s control, thus information about such Cookies can be obtained from the third parties.
11.4. With regard to Cookies, the Visitors consent to their use on the Website, in the configuration of the information society service, or in the web browser.
11.5. Cookies are enabled in most web browsers. Without completely enabling Cookies, the functions of the Website are not available to the Visitor. Enabling or disabling Cookies and other similar technologies is under the Visitor’s control by means of his or her web browser settings, configuration of the information society service, and similar privacy enhancement platforms.

12. IMPORTANT DOCUMENTS, INSTRUCTIONS, PROCEDURES

12.1. Application of the Privacy Policy of Bugimine is based on the following documents, procedures, instructions:
12.1.1. A register of processing operations that includes all the purposes and manners of Personal Data Processing, the Personal Data types and categories that are processed, and the relevant basis of Processing;
12.1.2. The person’s online store account through which the Data Subject can access the Personal Data concerning him or her that Bugimine holds; rectify and alter these as well as exercise his or her other rights granted under the law and this Privacy policy;
12.1.3. Bugimine’s principles for the use of organisational and technical measures, providing for various measures which Bugimine takes to always maintain the confidentiality and security of personal data.
12.1.4. All About Cookies: Descriptions of cookies and other web technologies which Bugimine uses.

13. CONTACT DETAILS AND INFORMATION

13.1. Bugimine’s contact details which are relevant to the Data Subject:
13.1.1. Bugimine can be contacted in matters of Personal Data by e-mail at info@bugimine.com.

14. OTHER TERMS AND CONDITIONS

14.1. Bugimine has the right to unilaterally change this Privacy Policy. Bugimine shall notify Data Subjects of any changes on the website at www.bugimine.com. We assume that if you start using the website of Bugimine at www.bugimine.com, you have read and agreed to the Privacy Policy.