Last updated: March 19, 2020
We respect your privacy and are committed to providing full transparency regarding how we process your personal data, with whom we share this personal data and what rights you have as a data subject.
Unless expressly specified otherwise, any reference to the following words shall have the meaning as defined in Article 4 of the General Data Protection Regulation 2016/679 (English Version):
“Controller” – “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.”
“Personal Data” – “Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
“Processing” – “Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.
“Processor” a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3. Laava OÜ as the Data Controller
4. Personal data we collect
We collect the following personal data from you:
● User Account data. Your user account data includes your email address, username and password as well as all transaction data, shipping data, payment data associated with your User Account;
● Contact data. Your contact data includes your full name, email address, company name (optional) and address;
● Customer Support data. When you send us customer support requests we collect your name, email address and the content of your support request;
● Transaction data. When you place an order, we process your transaction data which includes information about the products you purchased, date and time of purchase, and the total invoice amount of your order;
● Shipping data. When you place an order you also provide us with the shipping address where you would like the order to be delivered;
● Payment data. When you place an order, we may be required to collect some billing-related information such as your billing address. Please note, we do not process any sensitive credit/debit card data;
● Product Review. When you leave any product reviews on our website, we will store your name and the content of your review on our database.
● User Comment. When you leave any public comments on our website, we receive the content of your comment and your IP address.
5. How do we use the personal data we collect?
● User Account Data
We use this data to create a user account for you and to enable you to securely log into your user account, view your past transactions and store your billing and shipping information for future purchases. The legal basis for processing this data is the performance of our contract with you.
We will retain your personal data on our record for as long as your account is active. We will remove your personal data from our records three years after the termination of your user account unless we are required to retain this data for our compliance with any legal obligations.
● Contact Data
We use your contact data to contact you regarding your order/support requests as and when needed. The legal basis for processing this data is the performance of our contract with you.
We will not retain your contact data longer than required for our business purposes. For any orders placed through our website, we will retain your contact data for a period of three years from the date of your purchase.
● Customer Support Data
We use your support request data to respond to your support requests. Our legal basis for processing this personal data is our legitimate interest.
We will only keep support messages and enquiries on our record for a maximum period of two years from the date of last communication with you.
● Transaction Data
We will keep a record of your purchase to deliver our product to you, to address any disputes or issues arising with the purchase and for our own accounting purposes. Our legal basis for processing this personal data is the performance of our contract with you.
We will not keep your transaction data on our record for longer than three years from the date of purchase.
● Shipping Data
We provide your shipping data to our shipping service provider to enable them to deliver your order to the specified shipping address. Our legal basis for the processing of this data is the performance of our contract.
We will not keep the shipping address on our record for longer than three years from the date of delivery of the product ordered.
● Payment Data
We use the payment data to bill you for your ordered product. Our legal basis for the processing of this data is the performance of our contract.
We will not keep the billing address on our record for longer than three years from the date of purchase.
● Product Review Data
We may use the content of your product review on our website and other social media pages. Please note that your name will be displayed with your review. Please do not share any personal data in public reviews that you do not wish to be publicly visible to others. Our legal basis for processing this data is our legitimate interest.
We will keep your product reviews on our website or other social media pages for as long as we deem fit unless you specifically request us to remove your review from our website in which case we may continue to use the content of the review by anonymising your personal data.
We use this data to understand how our users use our website, to improve our user experience, for web performance analytics and to serve relevant advertising to you. Our legal basis for this processing is your consent which you grant us when you continue to use our service by accepting our cookies.
In addition to the abovementioned legal basis, we may also retain any personal data that we collect for our compliance with our legal obligations, a court order, or to assert our legal rights or defend any claims. Where we request your consent to the processing of your personal data for marketing purposes, you may withdraw your consent at any time. Please visit ‘Your Rights’ section to learn more about your data rights.
● Google Analytics
You can stop these cookies from being stored on your computer by installing the browser plug-in available here.
● Facebook Pixel
We may use Facebook Pixel to track user behaviour when they visit our website after clicking on our Facebook ad and for retargeting ads to such users after they leave our website.
If you do not wish for Facebook to use your data for the Facebook ads display, please contact Facebook at the link provided here.
You can decline cookies from our website by clicking the decline button in the cookie banner on our website or by changing your browser settings to decline all third-party cookies.
7. Sharing your personal data
We do not sell or rent your personal data to any third party. We may disclose your personal data as described hereunder:
● We may share your personal data with service providers that we engage to perform services on our behalf. Please note the service providers we engage are not authorised to disclose your personal data to any third party unless required by law or during the course of performance of services on our behalf.
● When you order a product your payment information is collected and processed by our Payment Service Provider: Paypal, Inc and Stripe, Inc;
● We reserve the right to disclose your personal data when required to do so for our compliance with any applicable laws and upon reasonable requests of any government bodies or regulatory authorities.
● We may share your personal data to enforce our contractual or other legal rights arising out of our Agreement with you.
8. Your Rights
The General Data Protection Regulation grants users who are in the European Economic Area certain data rights. If you are in the EEA, you may exercise the following rights:
● Your right to access and/or edit your personal data
If you wish to access and/or edit your personal data that we process, please contact us at firstname.lastname@example.org, and we will respond to your request within 30 days.
● Your right to be forgotten
If we do not have any valid legal basis for processing your personal data, you may request deletion of your personal data by contacting us at email@example.com.
● Your right to withdraw consent
Where we use consent as the legal basis for processing your personal data for direct marketing purposes, you have the right to withdraw your consent anytime by giving written notice of your withdrawal at firstname.lastname@example.org.
● Your right to file a complaint with a supervisory authority
If you believe that our processing of your personal data is infringing your rights as a data subject, you have the right to file a complaint with the Data Protection Inspectorate at:
Data Protection Inspectorate
9. Transfer of data
10. Security of data
We protect and store your personal data using all industry best practices, including encryption to reduce the risk of any data breach by complying with the principles of data minimisation. Please note that despite our best efforts, there may be security vulnerabilities that we are not yet aware of, which is why we are unable to offer any guarantees of security.
11. Third-party website links
12. Protection of children’s privacy
We do not target our website or Services to anyone under the age of thirteen (13) years (“Children”). If you are the parent or legal guardian of a child who you believe has provided us with his/her personally identifiable information, please contact us at email@example.com.
14. Contact Us