Privacy Policy

Lavii Marketing OÜ’s privacy policy

The controller of personal data is Lavii Marketing OÜ, (address Telliskivi 60a/3, Tallinn, Harju County, reg. code: 11689683) (hereinafter also We, Us, Our).

Privacy notice:

explains what personal data We collect about you;
explains on what basis and for what purposes We process your personal data;
helps you understand what your rights are when it comes to your personal data.

I Our role in ensuring your privacy

We process personal data in accordance with the laws of Estonia and the European Union. We use the data for the purposes for which We collected it and to the extent necessary to fulfil those purposes. If the purpose is fulfilled, We will delete or anonymise the personal data.

This privacy notice provides information and guidance on using the Lavii website. This privacy notice does not cover the processing of data on other companies’ websites or services.

You can always contact Us by writing to henri@lavii.ee.

II When and how do We receive or collect your personal data?

Personal data (also referred to as data) is data that is specifically or implicitly associated with you as a private person.The type of personal data We process depends on the specific services you use or, for example, the consents you give Us to process your data. When collecting data, We respect the principle of minimalism, i.e. We only collect data that is necessary to achieve the objective.

The personal data We process is either obtained directly from you or collected automatically, mainly in the following ways:

When you browse Our website;
When you become Our customer, order goods or services from Us, use Our service;
When you subscribe to Our newsletter;
When We communicate by email, phone or other means;
When you consent to receive marketing offers;
When you make a request for information or a complaint;
Sometimes We may also obtain personal data from other sources (e.g. from other companies or from public registers such as the population register, the business register, etc.) if this is necessary for the conclusion of a contract, for performance of a legal obligation or for compliance with a legal obligation. In addition, such processing may also be based on your consent.

III. What data do We collect and process about you?

We collect and process the following data about you (the following are primary examples; the list is not exhaustive):

Contact details: name, address, telephone number, email address …
Details of contracts and similar documents concluded with you …
Data that identifies you: IP address, browser type and version, time zone setting, operating system and version…
Data on website usage: URL click-through rates (the path you take through Our site), products/services viewed, page response times, how long you stay on Our site …
But what about really sensitive data?

We do not collect sensitive, or special categories of personal data unless you disclose it to Us or give Us your specific and separate consent. Special categories of personal data are racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data, biometric data used to uniquely identify a natural person, health data or data concerning the sexual life and sexual orientation of a private person.

IV On what grounds and for what purposes do We process your personal data?

Any processing of personal data must be justified and lawful. Personal data may be processed on various legal grounds: performance of a legal obligation, performance of a contract, legitimate interest of the company, your consent. Personal data may also be processed for different purposes.

The following are some of the legal grounds and purposes for which We process your data (the following are primary examples; the list is not exhaustive):

Marketing activities (with consent): sending newsletter, sending marketing offers.

Legal basis: consent given by you

Improving the product/service/website: Testing features, asking for feedback, managing landing pages, optimising website traffic, analysing data, statistics, creating customer profiles, etc.

Legal basis: legitimate interest

For the provision of a product/service: activities related to the conclusion of the contract and provision of the product/service.

Legal basis: performance of the contract

For customer support/communication: Informing about possible changes; answering questions, inquiries or complaints; communicating by phone or email.

Legal basis: performance of the contract

To comply with a legal obligation: accounting.

These legal bases mean:

Consent

You have given Us your explicit consent to process your personal data for a specific purpose. You can always change your mind and withdraw your consent at any time. If you have given your consent to the processing of your data and wish to withdraw it, you can do so by sending an email to henri@lavii.ee. Neither the request nor the withdrawal of consent shall have retroactive effect.

When sending marketing emails or newsletters, there is usually a link at the bottom of the email to conveniently unsubscribe.

If you withdraw your consent and We have no other legal basis for processing your personal data, We will stop processing your personal data. If We have any other legal basis for processing the data, We may continue to do so for the relevant purpose.

Legitimate interest

The processing of your data is necessary for Our legitimate interests or the legitimate interests of a third party, provided that your rights and interests do not override those interests. Such legitimate interests may include:

getting information about customers’ behaviour on Our website or app;
developing and improving Our services;
identifying the effectiveness of marketing campaigns;
marketing activities if consent is not mandatory (by telephone);
ensuring the security of the data;
problem-solving (including proactive).

You can contact Us at any time to ask for clarification or to object to the processing for any of the above purposes. Processing for marketing purposes on the basis of legitimate interest can always be challenged on request. In other cases, you can object to processing where your interests clearly outweigh the interests of Our business.

Performance of the contract

The processing of personal data for the performance of a contract is necessary to enable the performance of the contract concluded with you or to carry out operations necessary before the conclusion of the contract.

Legal obligation

Legal obligations include data processing that We are obliged to carry out because We are required to do so by law. If the processing is necessary for compliance with a legal obligation, We cannot decide on the processing of such personal data and neither can you.

V How long do We keep your personal data?

We will retain your personal data for the period necessary for the fulfilment of the required purposes or for as long as required by law. It should be noted that in certain cases there are exceptions to the normal deletion deadlines, for example if there are debts or if there is an ongoing legal dispute. The retention of anonymous data is also not subject to these rules, as it is no longer personal data.

The retention period after which the personal data in Our possession will be deleted or anonymised, unless there are circumstances that preclude this (this is not an exhaustive list and you can get more information by contacting Us):

Customer data (customer-related activities/information) – Throughout the period of being a customer and for two years after termination of the customer relationship or as agreed in the contract;
Accounting data (including contracts as of their expiration) – 7 years

VI Where is personal data processed and how is its security ensured?

We process and store your personal data in Estonia, the European Union or the European Economic Area. In certain cases, your data may also be processed outside Estonia, the EU or the EU Economic Area.

Remember:

Before disclosing your personal data to anyone or entering it anywhere, always consider whether you know who the recipient is and how securely it is stored.
The transmission of personal data is everyone’s responsibility: unfortunately, there is no guarantee that any transmission will be 100% secure.
Always keep your username, PINs, passwords and other sensitive information to yourself.
If you suspect that your personal data has been compromised or there is a risk that your data has been leaked to unauthorised persons, make sure you report it as soon as possible.

VII Third parties who may process your personal data

Nowadays, it is common for third parties to be used to help a company simplify its operations and/or provide a better service (e.g. host an application, communicate with customers, collect statistics, etc.). For this reason, cooperation is established with third parties with whom it is sometimes necessary to share personal data.

Below is information about the main third parties We use:

Statistics/analytics – Google Analytics (Privacy notice)
Marketing activities – Facebook (Privacy notice)
Newsletters – ConvertKit (Privacy notice)

VIII What are your rights regarding your personal data and how can you exercise your rights?

Right to access your data

You have the right to access your personal data that We have stored at any time. You also have the right to receive information about the purposes and retention periods of the data processing. To do this, you need to submit a request to Us. We have the right to respond to such requests within 30 days.

Right to have your personal data amended or deleted (right to be forgotten)

If you have accessed your personal data and have discovered incorrect information or your personal data has changed, you can always ask Us to change it by contacting Us.

In certain cases, you have the right to have your personal data deleted. This is in particular the case for data processing based on consent and legitimate interest. This includes, for example, marketing profiles and the like. However, complete deletion of personal data is often not possible because We also use the data for other purposes for which early deletion is not permitted by contract or law.

Right to object to or restrict data processing concerning you

You have the right to object, at any time, to the processing of personal data concerning you that We carry out on the basis of legitimate interest. In the case of an objection, We will consider the legal interests and, where possible, stop the respective processing.

In certain cases, you have the possibility to restrict the processing of personal data by informing Us in writing. This right can only be exercised in cases provided for by law.

Right to transfer data

The right to transfer data gives you additional control over your personal data. This means, for certain data, the right to receive it in machine-readable form or to have it transferred directly to another company/individual (provided that the recipient is able to receive it in that form). Please note that We cannot guarantee and are not responsible for the recipient’s ability to receive such personal data. This right can be exercised in the cases provided for by law.

Right to contact Us or a supervisory authority or the court

If you would like further information about the use of your personal data, wish to lodge a complaint or exercise your rights, you can always contact Us by writing to henri@lavii.ee.

You always have the right to turn to the Data Protection Inspectorate or the court to protect your privacy rights and data. The Data Protection Inspectorate (DPI) is the national authority you can turn to for advice or assistance on personal data protection.