Privacy Policy

1. General Provisions

1.1. This privacy policy governs the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller Smartfish OÜ (registry code 14364154, address: Audova, Muri village, Luunja municipality, Tartu County, 62208), hereinafter referred to as the data controller.

1.2. A data subject, within the meaning of this privacy policy, is a customer or any other natural person whose personal data is processed by the data controller.

1.3. A customer, within the meaning of this privacy policy, is anyone who purchases goods or services from the data controller’s website.

1.4. The data controller adheres to the principles of data processing established by law, including processing personal data lawfully, fairly, and securely. The data controller can confirm that personal data is processed in accordance with applicable legislation.

2. Collection of Personal Data

2.1. Personal data collected and processed by the data controller is gathered electronically, primarily through the website, email, and Facebook.

2.2. By sharing their personal data, the data subject grants the data controller the right to collect, organize, use, and manage personal data for the purposes defined in this privacy policy, which the data subject provides directly or indirectly when purchasing goods or services on the website.

2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject is obligated to notify the data controller immediately of any changes to the submitted data.

2.4. The data controller is not liable for any damage caused to the data subject or third parties due to the submission of incorrect data by the data subject.

3. Use of Personal Data

3.1. Legal basis for processing personal data.

3.3.1. Personal data is processed for the purpose of fulfilling a contract concluded with the customer.

3.3.2. Personal data is processed to fulfill legal obligations (e.g., accounting and consumer dispute resolution).

3.2. The data controller may process the following personal data of the data subject:

3.2.1. Personal data: first and last name, phone number, email address, delivery address, bank account number, and payment-related data (purchase history).

3.2.2. Website traffic statistics – e.g., via Google Analytics, Facebook Pixel.

3.2.3. In addition, the data controller may collect data about the customer that is available in public registers.

3.3. The data controller uses personal data for the following purposes:

3.3.1. To manage customer orders and deliver goods.

3.3.2. Purchase history data (purchase date, quantity, product, customer details) is used to compile purchase summaries and analyze customer preferences.

3.3.3. Bank account numbers are used to issue refunds.

3.3.4. Personal data such as phone number, email address, and full name is used to resolve issues related to the purchase of goods and services (customer support).

3.4. Recipients of personal data:

3.4.1. Personal data is shared with the online store’s customer support for managing purchases and resolving issues.

3.4.2. The customer’s name, phone number, and email address are shared with the selected delivery service provider. If delivery is by courier, the customer’s address is also provided.

3.4.3. If the accounting of tiigikalad.ee is handled by a service provider, personal data is shared with the provider for accounting purposes.

4. Security, Access, and Review of Personal Data

4.1. Personal data is stored on servers hosted by Veebimajutus, located within the territory of EU member states or countries in the European Economic Area.

4.2. Access to personal data is granted to employees of the online store who need the data to resolve technical issues and provide customer support.

4.3. The online store has implemented appropriate security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.

4.4. Personal data is shared with authorized processors (e.g., delivery service providers) under contracts that ensure appropriate safeguards.

4.5. Personal data can be reviewed through customer support.

5. Retention

5.1. Purchase history is retained for three years from the date of transaction.

5.2. In case of consumer or payment disputes, personal data is retained until the end of the limitation period or until the claim is fulfilled.

6. Withdrawal of Consent

6.1. The customer has the right to withdraw consent for data processing if the processing is based on consent. The customer must notify customer support by emailing info@tiigikalad.ee.

7. Deletion

7.1. To request deletion of personal data, contact customer support at info@tiigikalad.ee.

7.2. Deletion requests will be reviewed within one month.

8. Dispute Resolution

8.1. To resolve disputes related to personal data processing, contact customer support at info@tiigikalad.ee or call +372 5806 5035.

9. Final Provisions

9.1. This privacy policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and other applicable EU and Estonian legislation.

9.2. The data controller reserves the right to amend the privacy policy in part or in full by notifying data subjects via the website (https://www.tiigikalad.ee/).