Privacy Policy
1. General Provisions
​
1.1. This privacy policy regulates the principles regarding the collection, processing, and storage of personal data. Personal data is collected, processed, and stored by the data controller (Thunor Solutions OÜ) (hereinafter referred to as the "data processor").
1.2. A data subject, in the sense of this privacy policy, is a client or any other individual whose personal data is processed by the data processor.
1.3. A client, in the sense of this privacy policy, is anyone who purchases goods or services from the data processor's website.
1.4. The data processor follows the principles of data processing as set out in legislation, including processing personal data lawfully, fairly, and securely. The data processor can confirm that personal data has been processed in accordance with the requirements of the law.
2. Collection, Processing, and Storage of Personal Data
​
2.1. Personal data collected, processed, and stored by the data processor is gathered electronically, primarily through the website and email.
2.2. By sharing their personal data, the data subject grants the data processor the right to collect, organize, use, and manage the personal data shared by the data subject directly or indirectly when purchasing goods or services from the data processor on the terms defined in this privacy policy.
3. Processing of Client Personal Data
​
3.1. The data processor may process the following personal data of the data subject:
3.1.1. First and last name;
3.1.2. Date of birth;
3.1.3. Phone number;
3.1.4. Email address;
3.1.5. Delivery address;
3.2. In addition to the above, the data processor has the right to collect data about the client that is available in public registers.
3.3. The legal basis for processing personal data is outlined in Article 6, paragraph 1, points a), b), c), and f) of the General Data Protection Regulation:
a) The data subject has given consent to process their personal data for one or more specific purposes;
b) The processing of personal data is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract;
c) The processing of personal data is necessary for compliance with a legal obligation to which the data processor is subject;
f) The processing of personal data is necessary for the purposes of legitimate interests pursued by the data processor or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, particularly where the data subject is a child.
3.4. The processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing – security and safety. Maximum retention period of personal data – in accordance with the deadlines specified in law.
3.4.2. Purpose of processing – order processing. Maximum retention period of personal data – up to 90 days.
3.4.3. Purpose of processing – customer management. Maximum retention period of personal data – up to 5 years.
3.4.4. Purpose of processing – financial activities, accounting. Maximum retention period of personal data – in accordance with the deadlines specified in law.
3.4.5. Purpose of processing – marketing. Maximum retention period of personal data – up to 5 years.
3.5. The data processor has the right to share client personal data with third parties, such as authorized data processors, accountants, transportation and courier companies, and companies providing payment services. The data processor is the responsible entity for personal data processing.
3.6. When processing and storing the personal data of the data subject, the data processor implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
3.7. The data processor will retain the data of data subjects depending on the purpose of processing, but not longer than 5 years.
​
4. Rights of the Data Subject
​
4.1. The data subject has the right to access their personal data and to review it.
4.2. The data subject has the right to receive information regarding the processing of their personal data.
4.3. The data subject has the right to rectify or correct inaccurate data.
4.4. If the data processor processes the personal data of the data subject based on the consent of the data subject, the data subject has the right to withdraw their consent at any time.
4.5. The data subject can contact the customer support of the online store at info@thunor.eu to exercise their rights.
4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate to protect their rights.
​
5. Final Provisions
​
5.1. These data protection conditions have been drafted in accordance with the European Parliament and Council Regulation (EU) No. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation), the Estonian Personal Data Protection Act, and the laws of the Republic of Estonia and the European Union.
5.2. The data processor reserves the right to amend these data protection conditions partially or in full by informing the data subjects of the changes through the website www.thunor.eu.