1. General provisions

1.1. This privacy policy regulates the principles regarding the collection, processing and storage of personal data. Terviseturism OÜ, (brand name: BodyMed) is committed to protecting the privacy of its customers. We respect your trust.

Personal data is collected, processed and stored by the personal data controller Terviseturism OÜ.

Address: Harju county, Tallinn, Kesklinna district, Pärnu mnt 139c, 11317 Republic of Estonia.
Register code: 16549708

1.2. For the purposes of the Privacy Policy, a data subject is a customer or other natural person whose personal data is processed by a data controller.

1.3. A customer within the meaning of the privacy policy is anyone who registers at Terviseturism OÜ, becomes a consumer of mediated services or buys goods or services from the website of the data processor.

1.4. The data processor follows the principles of data processing provided by legislation, among other things, the data processor processes personal data legally, fairly and securely. The data processor is able to confirm that personal data has been processed in accordance with the legislation.

2. Collection, processing and storage of personal data

2.1. Personal data collected, processed and stored by the data controller are collected electronically, mainly via the website and e-mail. We process Terviseturism OÜ, personal data of customers.

2.2. By sharing their personal data, the data subject grants the data processor the right to collect, organise, use and manage personal data for the purpose defined in the privacy policy, which the data subject directly or indirectly shares with the data processor.

2.3. We use personal data for communication, customer service and service delivery, as well as for authorised marketing and targeted marketing.

2.4. The data subject is responsible for ensuring that the data provided by him or her is accurate, correct and complete. Knowingly submitting false information is considered a violation of our privacy policy. The data subject is obliged to immediately notify the data processor of any changes in the submitted data.

2.5. The data controller shall not be liable for any damage caused to the data subject or to third parties caused by the submission of false data by the data subject.

2.6. It is our policy that personal data is not disclosed to a party outside the organisation. Data may only be disclosed if necessary by Terviseturism OÜ, with authorised data processors based on the data processing agreement.

3. Processing of customers’ personal data

3.1. The data processor may process the following personal data of the data subject:

3.1.1. First and last name;

3.1.2. Phone number;

3.2.3. e-mail address.

3.2. In addition to the above, the data controller has the right to collect data about the customer that is available in public registers.

3.3. The legal basis for the processing of personal data is § 6 (1) (a), (b), (c) and (f) of the General Data Protection Regulation:

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(b) the processing of personal data is necessary for the performance of a contract concluded with the participation of the data subject or in order to take pre-contractual measures at the request of the data subject;

c) the processing of personal data is necessary to fulfill the obligation related to the provision of the service of the responsible processor;

f) the processing of personal data is necessary in case of a legitimate interest of the controller or a third party, unless such interest is outweighed by the interests of the data subject or the fundamental rights and freedoms for which personal data must be protected, especially if the data subject is a minor.

3.4. Processing of personal data according to the purpose of the processing:

3.4.1. Purpose of processing – safety and security
Maximum period of storage of personal data – according to the terms specified by law

3.4.2. Purpose of processing – order processing (products, services)
The maximum period of storage of personal data – 7 years

3.4.4. Purpose of processing – customer management
The maximum period of storage of personal data – 7 years

3.4.5. Purpose of processing – financial activity, accounting
Maximum period of storage of personal data – according to the terms specified by law

3.4.6. Purpose of processing – marketing
The maximum period of storage of personal data – 2 years

3.5. The data processor has the right to share customers’ personal data with third parties, such as authorised data processors, accountants, transport and courier companies, companies providing banking services. The data processor is the controller of personal data. The data processor transmits the personal data necessary for making payments, for example, to the authorised processor Maksekeskus AS, Smart ID, banks, the Tax Office.

3.6. When processing and storing personal data of the data subject, the processor shall implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

3.7. Depending on the purpose of the processing, the data controller shall retain the data of the data subjects for no longer than 10 years.

3.8. We only collect and process necessary data and delete outdated data as soon as possible.

4. Cookies on the website

4.1. Terviseturism OÜ, the website may use cookies, mobile device identifiers and web beacons, among others, without compromising privacy. Cookies and other similar technologies are used to collect data about how and when the services are used: from which website the user has entered the service, which websites the user has browsed, what content the user has seen and clicked on, and what screen resolution the user has, which device version.

4.2. Cookies can be used to improve products and services and display content of interest to the user. The most important aspect is to ensure the safety of services. Our services make the most use of cookies, web beacons, local data storage techniques, mobile device identifiers and server logs.

An individual user cannot be identified by cookies alone, and the Service cannot find things like a user’s name or email address unless the user has provided them. When a user is logged in to a digital service, such as their app, we can combine the data we have observed about the user with the data the user has provided that identifies them.

5. Privacy on the Website

5.1. Before using our website, we recommend that you read the Terms of Service. The content of the website, such as text, graphics, names, images, graphics, drawings, logos, icons, audio recordings and software, belongs to Terviseturism OÜ. All rights to this material are reserved. Copying, transmission, modification, storage, publication and distribution of the material is prohibited without Terviseturism OÜ, without written permission. Viewing the website on a computer or similar device and printing for personal use is permitted. The use of public documents in public communication is permitted, but the source of the information must always be mentioned.

5.2. The material published on the website cannot be considered Terviseturism OÜ, entering into a legally binding offer or commitment. Terviseturism OÜ, reserves the right to make changes to the material and terms of use of the website, access to it or other features of the site, and does not guarantee that you will be able to access the website without errors or interruptions.

5.3. Terviseturism OÜ, shall not be liable for any direct or indirect costs or damages arising from the use or discontinuance of the use of the website or its content. In addition, Terviseturism OÜ, is not responsible for information system or telecommunications interruptions or errors or damages or damages caused by malicious software.

5.4. Terviseturism OÜ, is not responsible for any third party website or material on which Terviseturism OÜ, website has a link or reference.

6. Rights of the data subject

6.1. The data subject has the right to access and examine his or her personal data.

6.2. The data subject has the right to receive information about the processing of his or her personal data.

6.3. The data subject has the right to supplement or correct inaccurate data.

6.4. If the data processor processes the personal data of the data subject on the basis of the data subject’s consent, the data subject has the right to withdraw the consent at any time.

6.5. The data subject can apply to exercise these rights towards Terviseturism OÜ, by emailing the address of the person responsible for personal data processing mailto: info@bodymed.ee

6.6. In order to protect his or her rights, a data subject may submit a complaint to the Data Protection Inspectorate.

7. Final provisions

7.1. These data protection conditions have been drawn up in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC and the legislation of the Republic of Estonia and the European Union.

7.2. The data controller has the right to change the data protection conditions in part or in full by notifying the data subjects of the changes to the website. https://bodymed.ee/ through.