SCOPE OF POLICY
1. Replace OÜ (we or us) is committed to protecting and respecting your privacy. Please read the following carefully to understand our rules and practices regarding processing your personal data.
2. This policy applies where we process personal data of natural persons.
3. This policy is an inseparable part of the terms and conditions which apply if you purchase products from us. You can read the terms and conditions here.
4. For the purpose of clarity, the data controller is Replace OÜ of Vabriku tn 2, Vahi alevik, Tartu vald, Tartu maakond, 60534, Estonia (registry code: 12703942).
WHY AND WHAT CATEGORIES OF PERSONAL DATA DO WE PROCESS
5. We collect your personal data for the following purposes:
5.1. selling products to you via our business-to-business online market (B2B Market) or otherwise (e.g. if products are purchased by e-mail);
5.2. communicating and providing customer support to you in relation to the sale of products;
5.3. sending marketing notices and newsletters to you.
6. We may collect and process the following personal data:
6.1. your e-mail address, first and last name, password, Skype username, organization’s name, your position in the organization and photo of passport or any other identity document (for the purposes stated in sections 5.1, 5.2 and 5.3);
6.2. your organization’s billing information such as billing contact’s first and last name and billing e-mail (for the purpose stated in section 5.1).
LEGAL BASIS FOR PROCESSING PERSONAL DATA
7. We process your personal data because it is necessary for the performance of a contract which is concluded between you and us (see sections 5.1 and 5.2) or for taking steps at your request prior to entering into a contract (see section 5.2). In such a case the legal basis for processing data is the contract concluded between you and us or your request prior to entering into a contract.
8. We process your personal data for sending you marketing notices and newsletters only in the case you have given your consent for it (see section 5.3). In this case the legal basis for processing data is the consent given by you.
WHERE WE STORE YOUR PERSONAL DATA
9. All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access the B2B Market, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
10. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the B2B Market or other means; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
TRANSFERRING YOUR PERSONAL DATA
11. We will not transfer your personal data to third parties except for the following cases:
11.1. to companies which provide us a customer relationship management service (Salesforce Inc., USA) - managing all our relationships and interactions with our customers and potential customers.
11.2. to companies which provide us accounting services (e.g. AS Merit Tarkvara) - process accounting documents and the personal data contained therein;
11.3. any member of our group, which means our subsidiaries and our ultimate holding company and its subsidiaries where it is necessary for the sale of products to you.
12. All processors pointed out in section 11 will ensure the same level of protection of personal data as we do.
13. We also have the right to disclose your personal data in the following cases:
13.1. in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
13.2. if Replace OÜ or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
13.3. if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
13.4. in order to:
13.4.1. investigate potential ICT breaches; or
13.4.2. protect the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
HOW LONG DO WE STORE YOUR PERSONAL DATA
14. We only process and store your personal data for as long as it is necessary to fulfil the purpose for which it is collected – once the purpose has ceased, your personal data will be erased or anonymised.
15. Your personal data will be stored:
15.1. until your account on the B2B Market is active (not deleted by you), where we process your personal data in regard to creating, operating and preserving your account;
15.2. up to 3 years after your last order has been fulfilled, where we store the history of your orders and information about the content of the orders (see section 5.1);
15.3. up to 3 years after last contact with you, where we process your personal data regarding communicating and providing customer support to you in relation to sale of products (see section 5.2);
15.4. until withdrawal of consent by you, where we process your personal data regarding marketing notices and newsletters (see section 5.3);
16. Personal data contained in any accounting documents (e.g. invoices) shall be stored for 7 years pursuant to the Accounting Act § 12 of the Republic of Estonia (or any equivalent section of its successive regulation).
17. You have the right to contact us at firstname.lastname@example.org to exercise your rights concerning processing of personal data. Such rights include the:
17.1. right to request access of personal data;
17.2. right to request rectification of personal data;
17.3. right to request erasure of personal data;
17.4. right to request restriction of processing of personal data;
17.5. right to object to processing of personal data;
17.6. right to request portability of personal data;
17.7. right that decisions are not taken concerning you which are based on automated decision-making;
17.8. right to withdraw a consent;
17.9. right to lodge a complaint with a supervisory authority (in Estonia the Estonian Data Protection Inspectorate).
18. If you have given consent for receiving marketing notices and newsletters from us, you have the right to withdraw such consent at any time by clicking on the link presented with any notice or newsletter (opt-out link); or by sending us a corresponding e-mail at email@example.com.
19. Our B2B Market may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which our B2B Market is advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.