Privacy policy

Privacy policy

1. General Provisions

1.1. This privacy policy regulates the principles regarding the collection, processing, and storage of personal data. Personal data is collected, processed, and stored by the data controller Ampride OÜ (hereinafter referred to as the data controller).

1.2. In the context of this privacy policy, the data subject is a customer or any other natural person whose personal data is processed by the data controller.

1.3. In the context of this privacy policy, a customer is anyone who purchases goods or services from the data controller’s website.

1.4. The data controller follows the principles of data processing established in legal acts and ensures that personal data is processed lawfully, fairly, and securely. The data controller can confirm that personal data is processed in accordance with applicable legal requirements.

2. Collection, Processing, and Storage of Personal Data

2.1. The personal data collected, processed, and stored by the data controller is primarily gathered electronically, mainly via the website and email communication.

2.2. By providing personal data, the data subject grants the data controller the right to collect, organize, use, and manage personal data for the purposes defined in this privacy policy, either directly or indirectly when purchasing goods or services on the website.

2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject is obliged to inform the data controller immediately of any changes to the provided data.

2.4. The data controller is not liable for any damages caused by the submission of incorrect data by the data subject.

3. Processing of Customer Personal Data

3.1. The data controller may process the following personal data:

  • 3.1.1. First and last name;
  • 3.1.2. Date of birth;
  • 3.1.3. Phone number;
  • 3.1.4. Email address;
  • 3.1.5. Delivery address;
  • 3.1.6. Bank account number;
  • 3.1.7. Payment card details;

3.2. In addition to the above, the data controller has the right to collect data about the customer from public registers.

3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):

  • a) The data subject has given consent to process their personal data for one or more specific purposes;
  • b) Processing is necessary for the performance of a contract with the data subject or for taking steps prior to entering into a contract at the data subject’s request;
  • c) Processing is necessary for compliance with a legal obligation imposed on the data controller;
  • f) Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, especially when the data subject is a child.

3.4. Personal data is processed according to the purpose:

  • 3.4.1. Purpose – Security and Safety
    Maximum retention period – according to legally specified deadlines
  • 3.4.2. Purpose – Order Processing
    Maximum retention period – 10 years
  • 3.4.3. Purpose – Ensuring the Functionality of E-commerce Services
    Maximum retention period – 10 years
  • 3.4.4. Purpose – Customer Management
    Maximum retention period – 10 years
  • 3.4.5. Purpose – Financial Activities and Accounting
    Maximum retention period – according to legally specified deadlines
  • 3.4.6. Purpose – Marketing
    Maximum retention period – 10 years

3.5. The data controller has the right to share customer personal data with third parties, such as authorized data processors, accountants, transport and courier companies, and payment service providers. The data controller is the primary data controller. The data controller transmits the necessary personal data for payment processing to the authorized processor Paysera LT, UAB.

3.6. When processing and storing personal data, the data controller applies organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.

3.7. The data controller retains data for the data subjects depending on the purpose of processing, but no longer than 10 years.

4. Rights of the Data Subject

4.1. The data subject has the right to access their personal data and review it.

4.2. The data subject has the right to obtain information regarding the processing of their personal data.

4.3. The data subject has the right to correct or supplement inaccurate data.

4.4. If the data controller processes personal data based on the data subject's consent, the data subject has the right to withdraw that consent at any time.

4.5. To exercise their rights, the data subject may contact customer support via email at info@ampride.ee.

4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate.

5. Final Provisions

5.1. This privacy policy is prepared in accordance with the European Parliament and Council Regulation (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR), the Estonian Personal Data Protection Act, and other applicable Estonian and EU legal acts.

5.2. The data controller reserves the right to modify these data protection terms in whole or in part, notifying data subjects of the changes via the website ampride.ee.