Privacy policy

Privacy Policy

1. General Provisions

1.1. This Privacy Policy governs the collection, processing, and retention of personal data. The data controller responsible for the collection, processing, and storage of personal data is Sinu Maailm OÜ (brands Loovvoog and LoveArtFlow), hereinafter referred to as the “Data Controller.” 1.2. A “Data Subject” within the meaning of this Privacy Policy is a customer or any other natural person whose personal data is processed by the Data Controller. 1.3. A “Customer” is anyone who purchases goods or services from the Data Controller’s website. 1.4. The Data Controller complies with all relevant legislation regarding data processing and follows principles ensuring that personal data is processed lawfully, fairly, and securely. The Data Controller confirms that all personal information is processed in accordance with applicable laws.

2. Collection, Processing, and Storage of Personal Data

2.1. Personal data collected, processed, and stored by the Data Controller is gathered electronically, primarily via the website and e-mail. 2.2. By sharing their personal data, the Data Subject grants the Data Controller the right to collect, organize, use, and manage the personal data for the purposes defined in this Privacy Policy. This applies to data shared directly or indirectly when purchasing goods or services. 2.3. The Data Subject is responsible for ensuring that the submitted data is accurate, correct, and complete. Knowingly providing false information is considered a breach of this Privacy Policy. The Data Subject is obliged to inform the Data Controller immediately of any changes to the submitted data. 2.4. The Data Controller is not liable for any damages caused to the Data Subject or third parties resulting from the submission of false information by the Data Subject.

3. Processing of Customer Personal Data

3.1. The Data Controller may process the following personal data:

  • 3.1.1. First name and surname;
  • 3.1.2. Date of birth;
  • 3.1.3. Telephone number;
  • 3.1.4. E-mail address;
  • 3.1.5. Delivery address;
  • 3.1.6. Bank account number;
  • 3.1.7. Payment card details;
  • 3.1.8. Customer account credentials (e.g., username, password). 3.2. In addition to the above, the Data Controller has the right to collect customer data available in public registers. 3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
  • (a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • (c) processing is necessary for compliance with a legal obligation to which the controller is subject;
  • (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. 3.4. Purposes and retention periods for personal data processing:
  • 3.4.1. Security and Safety: Data is stored in accordance with statutory deadlines provided by law.
  • 3.4.2. Order Processing: Data is stored for a maximum of one (1) year.
  • 3.4.3. E-commerce Services: Data is stored for a maximum of one (1) year.
  • 3.4.4. Customer Relationship Management: Data is stored for a maximum of one (1) year.
  • 3.4.5. Financial Activity and Accounting: Data is stored in accordance with statutory deadlines (typically 7 years in Estonia).
  • 3.4.6. Marketing: Data is stored for a maximum of one (1) year.
  • 3.4.7. Customer Account Management and Digital Content Access: Data is stored until the account is deleted (or 1 year after the last transaction). 3.5. The Data Controller has the right to share personal data with third parties, such as authorized data processors, accountants, transport and courier companies, and payment service providers. The Data Controller transmits the personal data necessary for making payments to the authorized processor Maksekeskus AS. 3.6. The Data Controller implements appropriate organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, or any other unauthorized processing. 3.7. The Data Controller retains data depending on the purpose of processing, but generally for no longer than one (1) year, unless legal obligations require otherwise.

4. Rights of the Data Subject

4.1. The Data Subject has the right to access and review their personal data. 4.2. The Data Subject has the right to receive information regarding the processing of their personal data. 4.3. The Data Subject has the right to supplement or rectify inaccurate data. 4.4. Where processing is based on consent, the Data Subject has the right to withdraw that consent at any time. 4.5. To exercise these rights, the Data Subject may contact customer support at info@loovvoog.ee or info@loveartflow.com. 4.6. To protect their rights, the Data Subject has the right to lodge a complaint with the Data Protection Inspectorate (Andmekaitse Inspektsioon).

5. Final Provisions

5.1. These data protection conditions have been prepared in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation), the Estonian Personal Data Protection Act, and other relevant legislation of the Republic of Estonia and the European Union. 5.2. The Data Controller reserves the right to partially or entirely amend this Privacy Policy. Data Subjects will be informed of changes via the websites www.loovvoog.ee and loveartflow.com.