The controller of the personal data is Sannale OÜ, (reg code: 14249418) (hereinafter also referred to as Our).
Privacy notice:
- explains what personal data we collect about you;
- explains the bases and purposes for which we process your personal data;
- helps you understand what your rights are in relation to your personal data.
- explains which cookies the Sannale.ee website uses and for how long, will be placed in your browser.
I Our role in ensuring your privacy
When processing personal data, we comply with the laws of Estonia and the European Union. We use the data for the purpose for which we collected it and to the extent necessary to fulfill this purpose. When the purpose is fulfilled, we delete or anonymize personal data.
This Privacy Notice provides information and instructions when you use and visit the Sannale website. This Privacy Notice does not cover the processing of data by other companies’ websites or the services they provide.
You can always contact us by writing to sannale@sannale.ee.
II When and how do we receive or collect your personal data?
Personal data (hereinafter also referred to as data) is data that can be associated with you as an individual, either directly or indirectly. The type of personal data we process depends on the specific services you use or, for example, the consents you give us to process your data. When collecting data, we respect the principle of minimalism, i.e. we only collect the data necessary to achieve the objective.
We receive the processed personal data either directly from you or it is collected automatically and mainly in the following ways:
- When you browse our website;
- If you become our customer, order a product or service from us, use our service;
- If you subscribe to the newsletter;
- When we communicate by email, telephone or otherwise;
- If you consent to receive marketing offers;
- If you submit an information request or claim;
- Sometimes we may also receive personal data from other sources (e.g. from other companies or public registers such as the population register, business register, etc.) if it is necessary to conclude a contract, perform it or fulfill a legal obligation. In addition, such data processing may also be based on your consent.
III What data do we collect and process about you?
We collect and process the following data about you (main examples presented, the list is not exhaustive):
- Contact details: name, address, telephone number, e-mail address ….
- Details of contracts and similar documents concluded with you …
- Data that identifies you: IP address, browser type and version, time zone setting, operating system and version …
- Data about your use of the website: URL click-through rates (the path you take through our site), products/services viewed, page response times, how long you stay on our site….
But what about really sensitive data?
We do not collect sensitive or special types of personal data unless you disclose them to us yourself or you give specific consent for this purpose. Special types of personal data are racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data used to uniquely identify a natural person, health data, or data about a natural person’s sex life and sexual orientation.
IV On what basis and for what purposes do we process your personal data?
Any processing of personal data must be justified and legal. Personal data may be processed on various legal grounds: fulfillment of a legal obligation, performance of a contract, legitimate interest of the company, your consent. Personal data may also be processed for different purposes.
In the following, we outline the legal bases and purposes for which we process your data (main examples presented, the list is not exhaustive):
- Marketing activities (subject to consent): sending newsletters, sending marketing offers.
Legal basis: your consent
- Product/service/website improvement: testing features, asking for feedback, managing landing pages, optimising website traffic, analysing data, statistics, creating customer profiles, etc.
Legal basis: legitimate interest
- For the provision of your own product/service: activities related to the conclusion of the contract and the provision of the product/service.
Legal basis: performance of the contract
- Customer support/customer relations: informing about possible changes; answering questions, queries or complaints; communicating by phone or e-mail.
Legal basis: performance of the contract
- To comply with a legal obligation:
These legal bases mean that:
Consent
You have given us your express consent to process your personal data for a specific purpose. You can always change your mind about this and withdraw your consent at any time. If you have given your consent to data processing and wish to withdraw it, you can do so by sending an e-mail to sannale@sannale.ee. The application or withdrawal of consent is not retroactive.
When sending marketing letters or newsletters, there is usually a link in the footer of the e-mail, which allows you to conveniently remove yourself from the list of recipients.
If you withdraw your consent and if we have no other legal basis for processing your personal data, we will stop processing your personal data. If we have another legal basis for data processing, we may continue to do so for the relevant purpose.
Legitimate interest
The processing of your data is necessary for our legitimate interests or the legitimate interests of a third party, provided that your rights and interests do not outweigh these interests. The following can be considered as such our legitimate interest:
- receive information about customer behavior on our website or app;
- developing and improving our services;
- determining the effectiveness of marketing campaigns;
- marketing activity as consent is not mandatory (by telephone);
- ensuring data security;
- problem solving (including proactive).
You can always contact us and ask for clarifications or object to opting out of data processing for any of the above purposes. It is always possible to object to processing for marketing purposes on the basis of legitimate interest. In other cases, the processing can be contested if your interests clearly outweigh the interests of our company.
Performance of the contract
The processing of personal data for the fulfillment of the contract is necessary in order to be able to fulfill the contract concluded with you or to perform the necessary actions before concluding the contract.
Statutory obligation
Fulfilling the obligations arising from the law includes the kind of data processing that we are obliged to do because we are required to do so by law. If data processing is necessary to fulfill a legal obligation, we cannot decide on the processing of such personal data and neither can you.
A How long do we keep records of your data?
We retain your personal data for the period necessary to fulfill the purposes necessary for the processing or until the law prescribes it. It should be taken into account that in certain cases exceptions to the normal erasure deadlines also apply, for example if there are debts or if there is an ongoing legal dispute. The storage of anonymous data is also not subject to these rules, as in this case it is no longer personal data.
Retention period, after which the personal data in our possession will be deleted or anonymized, and provided that there are no circumstances that preclude this (this is not a complete list, and you can get more detailed information by contacting us):
- Customer data (activities/information related to the customer) – For the entire time of being a customer and two years after the termination of the customer relationship or as agreed in the contract;
- Accounting data (including contracts on their termination) – after 7 years
VI Where is personal data processed and how is its security ensured?
We process and store your personal data in Estonia, the European Union or the Economic Area of the European Union. In certain cases, your data may also be processed outside Estonia, the European Union or the EU Economic Area.
Remember:
- Always think before revealing your personal data to someone or entering it somewhere, whether you are aware of who the recipient of this data is and how securely it is kept.
- Transmission of personal data is the responsibility of each individual: unfortunately, no data transmission is guaranteed to be 100% secure.
- Always keep your username, PIN codes, passwords, etc. sensitive information to yourself.
- If you suspect that your personal data has been breached or there is a risk that your data has been leaked to strangers, be sure to report it as soon as possible.
VII Third parties who may process your personal data
Nowadays, it is common to use third parties to help the company simplify its operations and/or provide a better service (for example, to host the application, communicate with customers, collect statistics, etc.). Therefore, cooperation is carried out with third parties, with whom it is sometimes necessary to share personal data.
Below is the main third party information we use:
- Statistics/Analytics – Google Analytics (Privacy Notice)
- Marketing – Facebook (Privacy Notice)
- Newsletters – Smaily (Privacy Notice)
VIII What are your rights regarding your personal data and how can you exercise your rights?
- Right to access your data
You have the right to consult your personal data that we use at any time. You also have the right to receive information about the purposes of data processing and retention periods. For this, it is necessary to submit a corresponding application to us. We reserve the right to respond to such requests within 30 days.
- The right to have your personal data rectified or erased (the right to be forgotten).
If you have discovered incorrect data while looking at your data or your personal data has changed, you can always ask to change it by contacting us.
In certain cases, you have the right to have your personal data deleted. This is primarily with regard to data processing based on consent and legitimate interest. This includes, for example, marketing profiles and the like. However, it is often not possible to completely delete personal data, because we also use the data for other purposes, in connection with which the deletion of data is not permitted ahead of time either due to the contract or the law.
- The right to object to or restrict processing concerning you
You have the right to object at any time to the processing of personal data concerning you, which we carry out on the basis of legitimate interest. When submitting an objection, we consider the legal interests and, if possible, stop the data processing in question.
In certain cases, you have the possibility to restrict the processing of personal data by notifying us in writing. Such a right can be used only in cases provided by law.
- Right to data portability
The right to data portability gives you additional control over your personal data. This means, with respect to certain data, the right to receive them in a machine-readable form or to have them directly transmitted to another company/person (provided that the recipient has the opportunity to receive the data in this form as well). Please note that we cannot guarantee and are not responsible for whether the recipient is able to receive this personal data. This right can be used in cases provided by law.
- The right to apply to Our or a supervisory authority or a court of law
If you want additional information about the use of your personal data, you want to file a claim or exercise your rights, you always have the opportunity to contact us by writing to sannale@sannale.ee
You always have the right to seek redress from the Data Protection Inspectorate or the courts to protect your privacy rights and data. The Data Protection Inspectorate is the national authority that can be contacted for advice or assistance on personal data protection.
IX Which cookies are used by the Sannale.ee website?
Necessary – Necessary cookies are essential for the basic functionality of the website and without them the website will not function as intended. These cookies do not store any personal data.
| ID | Installer domain | Valid period |
|---|---|---|
| woocommerce_cart_hash | sannale.ee | session |
| cookieyes-consent woocommerce_items_in_cart | sannale.ee sannale.ee | 1 year Session |
Functional – Functional cookies help to perform certain functions, such as sharing website content on social media platforms, collecting feedback and other third-party functions.
| ID | Installer domain | Valid period |
|---|---|---|
| wp_woocommerce_session_* | sannale.ee | 2 days |
Analytical – Analytical cookies are used to understand how visitors interact with a website. These cookies help to provide information about the number of visitors, source of traffic, etc.
| ID | Installer domain | Valid period |
|---|---|---|
| _ga_* | .sannale.ee | 1 year, 1 month, 4 days |
| _ga tk_or tk_r3d tk_lr tk_ai tk_qs CONSENT k_tc | .sannale.ee .sannale.ee .sannale.ee .sannale.ee .sannale.ee .sannale.ee .youtube.com sannale.ee | 1 year, 1 month, 4 days 1 year 1 month 4 days 3 days 1 year 1 year 1 month 4 days 1 hour 2 years Session |
Performance/Performance – Performance cookies are used to understand and analyse key performance indicators of the website, which helps to provide a better user experience.
- There are no cookies in use
Marketing – Marketing cookies are used to deliver tailored advertising to visitors based on the pages they have previously visited and to analyse the effectiveness of an advertising campaign.
| ID | Installer domain | Valid period |
|---|---|---|
| YSC | .sa.youtube.co.youtube.com | session |
| _VISITOR_INFO1_LIVE tk_oryt-remote-device-id tk_yt-remote-connected-devices yt.innertube::requests yt.innertube::nextId | .youtube.com .youtube.com youtube.com youtube.com youtube.com | 6 months never never never never |
Unclassified – Other unclassified cookies are those that are being analysed and have not yet been categorised.
| ID | Installer domain | Valid period |
|---|---|---|
| VISITOR_PRIVACY_METADATA | .youtube.com | 6 months |
