Privacy Policy
Kirna Mõis OÜ (hereinafter Kirna) has set itself the goal of being a trustworthy partner in the processing of personal data, respecting your rights. Based on this, we have prepared the principles of our privacy policy, which cover the collection, use, disclosure, transfer, and storage of customer data.
1. DEFINITIONS
1.1. Data Subject is a natural person about whom Kirna has information, or information by which a natural person can be identified. Data subjects include, for example, Customers who are natural persons, partners, and employees about whom Kirna has Personal Data.
1.2. Privacy Policy is this text, which sets out the principles for Kirna’s Processing of Personal Data.
1.3. Personal Data is any information relating to an identified or identifiable natural person.
1.4. Processing of Personal Data is any operation performed with the Data Subject’s Personal Data. For example: collection, recording, organization, storage, alteration, and disclosure of Personal Data; enabling access; making inquiries and extracting data; use, transmission, cross-use, combining, restricting, erasing or destroying; or several of the aforementioned operations, regardless of the method and means used to carry out the operations.
1.5. Customer is any natural or legal person who uses or has expressed a wish to use the services offered in Kirna’s online store.
1.6. Contract is a service provision or other contract concluded between Kirna and the Customer.
1.7. Website www.kirnapark.ee is Kirna’s online store.
1.8. Visitor is a person who uses Kirna’s online store.
1.9. Child in the context of Processing Personal Data is a person under 13 years of age in the Republic of Estonia.
1.10. Services are any services and products offered by Kirna.
1.11. Cookies are data files that are sometimes stored on the Visitor’s device.
1.12. Kirna Data Protection Specialist is a person who monitors the application of the principles for Processing Personal Data in Kirna’s online store and whom the Data Subject can contact in the event of a complaint.
1.13. Sales Channels are the means used by Kirna to communicate with the Data Subject, and tools created for selling goods and providing services. Including email, phone, public and social media, various chat channels, personalized and interactive advertisements, and other similar tools on the Website and elsewhere.
1.14. Product Portfolio is Kirna’s various products and services, the list of which is available on the website www.kirnapark.ee
In the Privacy Policy, the Contract, the General Terms, and communication between the parties, the terms are used in the meanings indicated above.
2. GENERAL PROVISIONS
2.1. Kirna is the legal entity Kirna Mõis OÜ, registry code 10938478, located at Mõisa tee 5, Kirna village, Türi municipality, Järva County 72231.
2.2. Personal Data may be processed at Kirna:
2.2.1. as a controller, determining the purposes and means of processing;
2.2.2. as a processor, according to the controller’s instructions;
2.2.3. as a recipient, to the extent to which Personal Data is transferred to the recipient.
2.3. The Privacy Policy applies to Data Subjects, and all Kirna employees and partners who come into contact with Personal Data held by Kirna act based on the rights and obligations set out in the Privacy Policy.
2.3.1. The Privacy Policy may be supplemented by privacy notices published on the Website or on devices, and the Privacy Policy may also be amended and supplemented by them.
3. PRINCIPLES
3.1. In Processing Personal Data, Kirna always proceeds from the interests, rights, and freedoms of the Data Subjects.
3.2. Kirna’s goal is responsible Processing of Personal Data based on best practice, keeping in mind that Kirna is always ready to demonstrate compliance of the Processing of Personal Data with the set purposes.
3.3. All processes, guidelines, operations, and activities related to Kirna’s Processing of Personal Data proceed from the following principles:
3.3.1. Lawfulness. There is a legal basis for Processing Personal Data, for example consent;
3.3.2. Fairness. Processing of Personal Data is fair, requiring above all that the Data Subject has sufficient information about how Personal Data is processed.
3.3.3. Transparency. Processing of Personal Data is transparent to the Data Subject.
3.3.4. Purpose limitation. Personal Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes.
3.3.5. Accuracy. Personal Data is accurate and, where necessary, kept up to date, and all reasonable measures have been taken to ensure that inaccurate Personal Data, with regard to the purposes of Processing, is erased or rectified.
3.3.6. Storage limitation. Personal Data is kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed. This means that if Kirna wishes to keep Personal Data longer than necessary for the purposes of collection, Kirna will anonymize the data so that the Data Subject is no longer identifiable. For data received by Kirna through a customer or similar relationship, Kirna retains data in accordance with best practice, and data processed on the basis of consent until the consent is withdrawn.
3.3.7. Integrity and confidentiality. Processing of Personal Data is carried out in a manner that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using reasonable technical or organizational measures. Kirna has internal guidelines and rules for employees as well as separate contracts with each authorized processor, which provide for best practices, continuous risk assessment, and appropriate technical and organizational measures when Processing Personal Data.
4. CATEGORIES OF PERSONAL DATA
4.1. Kirna collects, among other things, the following types of Personal Data:
4.1.1. Personal Data disclosed to Kirna by the Data Subject (name, email address, postal address, phone number);
4.1.2. Personal Data arising from the usual communication between the Data Subject and Kirna;
4.1.3. Personal Data that the Data Subject has clearly made public (e.g., on social media);
4.1.4. Personal Data generated when using Services (e.g., purchasing from Kirna’s online store);
4.1.5. Personal Data generated as a result of visiting and using the Website (e.g., time spent on the Website);
4.1.6. Personal Data received from third parties;
4.1.7. Personal Data created and combined by Kirna (correspondence within the customer relationship or a list of order history).
5. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LEGAL BASES FOR PROCESSING
5.1. Kirna processes personal data exclusively on the basis of consent or law.
5.2. On the basis of consent, Kirna processes personal data precisely within the limits, scope, and purposes determined by the Data Subject. Regarding consents, Kirna follows the principle that each consent must be clearly distinguishable from other matters and presented in an understandable and easily accessible form, in clear and simple language. Consent may be given in writing, electronically, or as an oral statement. The Data Subject gives consent voluntarily, specifically, informedly, and unambiguously, for example by ticking a box on the Website.
5.3. Legitimate interest means Kirna’s interest in running and managing its business in order to offer the best possible Services on the market. On a legal basis, Kirna processes Personal Data only after careful assessment to determine that Kirna has a legitimate interest for which Processing Personal Data is necessary and in line with the Data Subject’s interests and rights.
In particular, Processing of Personal Data on the basis of legitimate interest may take place for the following purposes:
5.3.1. Ensuring a trustworthy customer relationship, for example Processing Personal Data that is strictly necessary to identify beneficial owners or to prevent fraud;
5.3.2. Managing and analyzing the customer base to improve the availability, selection, and quality of Services and products, and to make the best and more personalized offers to the Customer where consent has been given;
5.3.3. Identifiers and Personal Data collected when using Websites, mobile applications, and other Services. Kirna uses collected data for web analytics or analysis of mobile and information society services, ensuring operation, improvement, compiling statistics, analyzing Visitor behavior and user experience, and providing a better and more personalized Service;
5.3.4. Organizing campaigns, including personalized and targeted campaigns, conducting Customer and Visitor satisfaction surveys, and measuring the effectiveness of marketing activities carried out;
5.3.5. Analyzing the behavior of the Customer and Visitor in various Sales Channels and on Websites;
5.3.6. Service monitoring – Kirna may record notices and instructions given in its premises and via communication tools (email, phone, etc.), as well as information and other actions taken by Kirna, and if necessary uses these recordings to prove instructions or other actions;
5.3.7. Network, information, and cybersecurity considerations, for example combating piracy and ensuring the security of Websites, and measures taken for backups and storage;
5.3.8. Preparing, submitting, or defending legal claims.
5.4. To fulfill a legal obligation, Kirna processes Personal Data to comply with obligations established by law or to implement permitted uses provided by law. For example, legal obligations may arise from payment processing or compliance with anti-money laundering rules.
5.5. If Processing of Personal Data takes place for a new purpose other than that for which the Personal Data was originally collected, or is not based on the Data Subject’s consent, Kirna carefully assesses the permissibility of such new Processing.
6. DISCLOSURE AND/OR TRANSFER OF CUSTOMER DATA TO THIRD PARTIES
6.1. Kirna cooperates with persons to whom Kirna may transfer data related to Data Subjects, including Personal Data, in the course of cooperation and for the purpose of such cooperation.
6.2. Such third parties may include, for example:
persons mediating or providing postal services, IT partners, debt collection service providers, payment default registers, institutions and organizations, provided that:
6.2.1. the respective purpose and Processing are lawful;
6.2.2. Processing of Personal Data is carried out according to Kirna’s instructions and on the basis of a valid contract.
7. SECURITY OF PERSONAL DATA PROCESSING
7.1. Kirna retains Personal Data only for the strictly minimum necessary period. Personal Data whose retention period has expired is destroyed using best practices and in accordance with the procedure established by Kirna.
7.2. Kirna has established guidelines and procedural rules on how to ensure the security of Personal Data through organizational and technical measures.
7.3. If any incident related to Personal Data occurs, Kirna takes all necessary measures to mitigate consequences and reduce relevant risks in the future. Among other things, Kirna registers all incidents and informs the Data Protection Inspectorate and the Data Subject directly in the prescribed manner.
8. PROCESSING OF CHILDREN’S PERSONAL DATA
8.1. Kirna does not knowingly collect information about persons under 13 years of age (Children), and in the event of knowing actions in this regard, we follow the wishes of the parent or guardian.
8.2. If Kirna becomes aware that it has nevertheless collected Personal Data from a Child or about a Child, Kirna will do its best to stop Processing such Personal Data.
9. RIGHTS OF THE DATA SUBJECT
9.1. Rights related to consent:
9.1.1. The Data Subject has the right at any time to notify Kirna of their wish to withdraw consent for the Processing of Personal Data.
9.1.2. The recipient of a newsletter sent by Kirna can withdraw consent via the link at the bottom of the newsletter.
9.2. In the Processing of Personal Data, the Data Subject also has the following rights:
9.2.1. The right to be informed, i.e., the Data Subject’s right to receive information about Personal Data collected about them.
9.2.2. The right of access, which includes the Data Subject’s right to a copy of the Personal Data being processed.
9.2.3. The right to rectification of inaccurate Personal Data.
9.2.4. The right to erasure, i.e., in certain cases the Data Subject has the right to request that Personal Data be erased, for example if Processing is based solely on consent.
9.2.4.1. In such a case, the possibility to participate in Kirna’s loyalty program will also disappear, as the customer is no longer identifiable.
9.2.5. The right to request restriction of Processing of Personal Data. This right arises, among other things, if Processing of Personal Data is not permitted by law or if the Data Subject disputes the accuracy of Personal Data. The Data Subject has the right to request restriction of Processing of Personal Data for a period enabling the controller to verify the accuracy of Personal Data, or if Processing of Personal Data is unlawful but the Data Subject does not request erasure of Personal Data.
9.2.6. The right to obtain an assessment from the supervisory authority as to whether the Processing of the Data Subject’s Personal Data is lawful.
10. EXERCISING RIGHTS AND SUBMITTING COMPLAINTS
10.1. Exercising rights:
10.1.1. The Data Subject has the right, in the event of a question, request, or complaint related to Processing of Personal Data, to contact Kirna by email at pood@kirna.ee.
10.2. Submitting complaints:
10.2.1. The Data Subject has the right to submit a complaint to Kirna, the Data Protection Inspectorate, or a court if the Data Subject believes that their rights have been violated in the Processing of Personal Data.
10.2.2. The contact details of the Data Protection Inspectorate (AKI) can be found on the AKI website at: http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.1. Kirna may collect data about Visitors of Websites and other information society services using Cookies (i.e., small pieces of information stored by the Visitor’s browser on the hard drive of the Visitor’s computer or other device) or other similar technologies (e.g., IP address, device information, location information) and process such data.
11.2. Kirna uses the collected data to: enable provision of the Service according to the habits of the Visitor or Customer; ensure the best Service quality; make the website user experience more convenient for the Customer; inform the Visitor and Customer about content and make recommendations; make advertisements more relevant and improve marketing efforts; analyze customer behavior and thereby improve the web experience; facilitate login and protect data. The collected data is also used for counting Visitors and recording their usage habits.
11.3. We use cookies in our online store environment to identify users as unique but anonymous individuals.
11.4. Kirna uses session, persistent, and advertising cookies. A session cookie is automatically deleted after each visit; persistent cookies remain for repeated use of the Website; advertising cookies are used to deliver materials suitable for the Visitor or to limit the number of times the same advertisement is shown on the Website. Third-party Cookies are used by the Websites of Kirna’s partners. Kirna does not control the creation of these Cookies, so you can obtain information about these Cookies from third parties.
11.5. Regarding Cookies, Visitors consent to their use on the Website, in the settings of the information society service, or in the web browser. If the Visitor does not wish to allow the use of Cookies on the Website, they may block them in their browser settings, use private browsing, or delete them entirely, using the instructions provided by the browser service provider.
More information about managing cookies can be found on the following pages:
Chrome Safari iOS Firefox Internet Explorer
11.6. Most web browsers allow Cookies by default. Without fully allowing Cookies, the Website’s functions are not available to the Visitor to their full extent, and unforeseen problems may occur with functionality and user experience. Allowing, disabling, or deleting Cookies and other similar technologies is under the Visitor’s control through their web browser settings, information society service settings, and privacy enhancement platforms.
12. IMPORTANT DOCUMENTS, GUIDELINES, PROCEDURES
12.1. In applying Kirna’s Privacy Policy, the following documents, procedures, and guidelines are followed:
12.1.1. The register of processing activities, which sets out all purposes and methods of Processing Personal Data, the types and categories of Personal Data processed, and the corresponding legal bases for Processing;
12.1.2. The user’s online store account, through which the Data Subject can access the Personal Data Kirna holds about them; can correct and change it; and can exercise other rights granted by law and by this Privacy Policy;
12.1.3. Kirna’s principles for using organizational and technical measures, which set out various measures Kirna applies to keep personal data always confidential and secure;
12.1.4. All About Cookies (in English): descriptions of Cookies and other web technologies that Kirna uses.
13. CONTACT DETAILS AND INFORMATION
13.1. Contact details important for the Data Subject:
13.1.1. You can contact Kirna regarding Personal Data matters by email at pood@kirna.ee.
14. OTHER TERMS
14.1. Kirna has the right to unilaterally amend this Privacy Policy. Kirna will notify Data Subjects of changes on the website www.kirna.ee. We assume that if you start using the Kirna website www.kirna.ee, you have read and agreed to the Privacy Policy.