PRIVACY POLICY

1.     General Provisions

1.1. This Privacy Policy regulates the principles of collection, processing, and storage of personal data. The controller of personal data is Marimo Fashion OÜ (hereinafter the Controller).

1.2. In the meaning of this Privacy Policy, a data subject is a customer or any other natural person whose personal data the Controller processes.

1.3. In the meaning of this Privacy Policy, a customer is anyone who purchases goods or services from the Controller’s online store.

1.4. The Controller follows the principles of data processing set out in applicable legislation and processes personal data lawfully, fairly, and securely. The Controller is able to confirm that personal data is processed in accordance with legislation.

2.     Collection, Processing, and Storage of Personal Data

2.1. Personal data collected, processed, and stored by the Controller is primarily obtained electronically through the website and by email.

2.2. By sharing their personal data, the data subject grants the Controller the right to collect, organize, use, and manage the personal data for the purposes defined in this Privacy Policy, either directly or indirectly in connection with the purchase of goods or services from the online store.

2.3. The data subject is responsible for ensuring that the personal data provided is accurate, correct, and complete. Providing knowingly false information is considered a violation of this Privacy Policy. The data subject must immediately notify the Controller of any changes to the submitted data.

2.4. The Controller is not liable for any damage caused to the data subject or third parties due to the provision of incorrect data by the data subject.

3.     Processing of Customers’ Personal Data

3.1. The Controller may process the following personal data of the data subject:

·       First and last name

·       Telephone number

·       E-mail address

·       Delivery address

·       Billing address

·       Payment details (payment account number, credit/debit card details processed securely via Maksekeskus)

3.2. In addition, the Controller has the right to collect data about the customer that is available from public registers.

3.3. The legal basis for processing personal data is Article 6 (1) (a), (b), (c), and (f) of the General Data Protection Regulation (GDPR).

3.4. Processing of personal data by purpose:

·       Security and safety – retained in accordance with statutory deadlines

·       Order processing – data is retained until the order has been delivered.

·       Ensuring operation of the online store – data is retained as long as necessary for the functioning of the store.

·       Customer management – data is retained until the data subject withdraws consent.

·       Financial activities and accounting – retained in accordance with statutory deadlines (7 years under Estonian law)

·       Marketing (e.g. newsletters) – retained until the data subject withdraws consent

3.5. The Controller may share personal data with third parties such as authorized processors, accountants, transport and courier companies (e.g. Omniva, Itella, UPS), and payment service providers. The Controller is the responsible data controller. The Controller transfers personal data necessary for executing payments to the authorized processor Maksekeskus AS.

3.6. The Controller applies organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

3.7. The Controller retains personal data depending on the purpose of processing, but not longer than 7 years.

4.     Rights of the Data Subject

4.1. The data subject has the right to access their personal data and review it.

4.2. The data subject has the right to receive information on the processing of their personal data.

4.3. The data subject has the right to correct or supplement inaccurate data.

4.4. If personal data is processed based on consent, the data subject has the right to withdraw consent at any time.

4.5. To exercise these rights, the data subject may contact customer support by email at info@marimofashion.com.

4.6. For protection of rights, the data subject has the right to lodge a complaint with the Estonian Data Protection Inspectorate.

5.     Final Provisions

5.1. This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Estonian Personal Data Protection Act, and other applicable legislation.

5.2. The Controller has the right to partially or completely change the Privacy Policy by notifying data subjects through the website www.marimofashion.com.