Roi OÜ (hereinafter “we”) is a pioneer in the Estonian corporate gifts market and has a long history. Our long-term experience and in-depth knowledge, combined with constant innovation, make us stand out in the field. A customer-centered approach and respect for customer privacy are important to us.
These data protection conditions provide a more detailed overview of which types of personal data we process and which principles we follow.
Our contact details are as follows:
Roi OÜ, registry code 10060150
Madara 14, Tallinn 10162
I Our customers and obtaining their personal data
Our customers are mainly legal persons and to a lesser extent also natural persons who wish to purchase our products and/or order services related to the products.
We process the personal data of our customers and customer representatives (“you”) on a daily basis in order to sell products and provide product-related services.
II Our role in the processing of personal data
We process personal data as a controller and processor. As the controller, we determine the purposes and means of processing the personal data. If we are not the ones determining these aspects, we act as processors who process personal data on the basis of written instructions from the controller.
We are the controllers of personal data when we process the personal data of customers who are private persons, i.e. when we receive personal data directly from you when you visit our website or contact us or submit an inquiry to purchase our products or order services.
We process the personal data of the representatives of customers who are the legal person as a processor; we receive the personal data from our contractual partner who provides us with written instructions on how to process your personal data.
If you navigate to a social media channel by clicking on an icon on our website, we will process your personal data (cookies) as a joint controller with the relevant social media channel.
III Processed personal data
Among others, we process the following personal data:
1. personal data e.g., first name, surname;
2. contact details e.g., phone number, e-mail address;
3. name of the contact person of a customer who is a legal person;
4. information relating to the purchase of our products and the use of our services, such as information related to the products or services purchased;
5. feedback provided to us, such as your satisfaction information and comments about our products and services;
6. payment and financial data, such as account number, payment card information, data on the chosen payment method and payment behaviour (including payment delays);
7. consent/refusal to receive our newsletters;
8. information on participation in campaigns, such as participation information and prizes won;
9. communication information, such as information collected via e-mail, information collected via social media, information transmitted via messages, etc.
10. data related to cookies.
IV Purpose for the processing of personal data
We process personal data for the following purposes:
(1) Sale of products, provision of services;
(2) Pre-contractual negotiations;
(3) To exercise a right arising from legislation and perform an obligation, including to perform an accounting obligation;
(4) To process your inquiry and application;
(5) To forward a message to you;
(6) To advertise a product or service we sell.
V Legal basis for the processing of personal data
We process personal data in accordance with the requirements of the legislation in force in Estonia.
The main legal basis for the processing of personal data is the performance of an agreement concluded with you (clauses IV (1), (2) and (4) of the data protection conditions), but we also process personal data to fulfill our legal obligation (clause IV (3) of the data protection conditions), on the basis of consent provided by you (clause IV (4) of the data protection conditions) and on the basis of legitimate interest (clauses IV (5) and (6) of the data protection conditions).
Essential cookies – these allow you to access different parts of our website and are stored on your device while you visit the website. These cookies are essential for the functioning of the website and cannot be switched off. Essential cookies are installed as a result of your activities on the website, such as filling out forms. We use essential cookies to process your personal data on the basis of our legitimate interest.
Analytical cookies – these allow us to count website visits and the origin of traffic, and analyse how you navigate the website so that we can measure and improve the performance of the website. If you refuse these cookies, your visit will not be reflected in the statistics of our website.
Targeted marketing cookies – these provide information on your preferred content on the website, enabling us to provide you with the most relevant information about our products and services, enhance the quality of our targeted marketing, and improve the user experience on the website. In certain cases, we will transfer these cookies to a social media channel as per your instructions.
You can also visit our website without accepting all the cookies by changing the privacy settings of your personal browser. You can also delete all cookies that have been stored on your device up to now. However, with disabled or restricted cookies, not all the functions of the website may work.
VII Our values and principles in the processing of personal data
We treat your personal data with care and respect your right to the protection of your personal data.
We set clear objectives for the processing of personal data and process personal data only according to those objectives.
We process personal data legally and to the minimum extent necessary.
We implement various measures (physical, technical, organisational, etc.) to protect personal data and mitigate risks.
We constantly analyse the risks associated with the processing of personal data and keep these risks under control to a reasonable extent.
We transfer personal data to our contractual partners only when necessary. We use contractual partners who diligently protect personal data.
We retain personal data only for as long as retention is required by law or a contract or is necessary for our business. Upon termination of retention, we permanently delete the personal data.
We consider it important and make sure that our employees are aware of and comply with the data protection terms and conditions applicable to us, as the protection of personal data is ensured through our employees.
VIII Rights relating to personal data
Pursuant to the General Data Protection Regulation, you have the following rights with regard to your personal data:
(1) Right of access to personal data – you have the right to know what personal data we store about you and how we process it.
(2) Right to rectify personal data – you have the right to request the rectification of insufficient, incomplete and incorrect personal data.
(3) Right to withdraw consent to the processing of personal data – if your personal data is processed on the basis of consent, you have the right to withdraw your consent.
(4) Right to erase personal data (“right to be forgotten”) – you have the right to request that we erase your personal data. We have the right to refuse this in certain cases.
(5) Right to restrict processing – in certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (e.g., if you have objected to the processing of personal data).
(6) Right to object – you have the right to object to the processing of your personal data by us and we respond immediately to objections to the processing of personal data for direct marketing purposes.
(7) Right to transfer data – if the processing of your personal data is based on your consent and the personal data is processed automatically, you have the right to receive the personal data concerning you, which you have provided to us as controller in a structured, commonly used and machine-readable format.
(8) Automated decision-making (including profile analysis) – if we have notified you that we are conducting automated decision-making (including profile analysis) that will produce legal effects concerning you or that will significantly affect you, you may request that the automated decision would not be made solely on the basis of automated processing.
(9) Filing a complaint. You have the right to file a complaint regarding the processing of personal data by us with the Data Protection Inspectorate (www.aki.ee).
If you have any questions or requests regarding the processing of personal data by us, please contact us directly at: email@example.com. We will take your request seriously.
IX Terms of disclosure of your personal data
As a rule, your personal data is confidential and we will only disclose it if an obligation arises directly from a legal act.
We disclose personal data to our processor, with whom we have previously entered into a data processing agreement to ensure the purposeful use of personal data.
We generally process personal data within the European Economic Area (Norway, Iceland and Lichtenstein in addition to the EU countries). If we need to transfer personal data outside the European Economic Area, the transfer will be in accordance with the requirements of the General Data Protection Regulation.
X Code of conduct for breaches of personal data processing
If you are aware of any breach regarding the processing of personal data or a risk thereof, please notify us immediately by sending an e-mail to firstname.lastname@example.org. We take the issue of secure personal data processing seriously and react promptly to a possible breach.
XI Retention of personal data
We retain your personal data for as long as it is required or permitted by law or necessary for the interests of our business, but generally no longer than for 7 years from the receipt of the personal data. We delete personal data automatically after five years have passed of the expiry of a contract entered into with a customer and of last activity.
We will permanently delete the personal data after the expiration of the personal data retention period.