1. General Provisions
1.1. This Privacy Policy regulates the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by Fizzisenses OÜ (hereinafter referred to as the Data Controller).
1.2. A Data Subject within the meaning of this Privacy Policy is a client or any other natural person whose personal data is processed by the Data Controller.
1.3. A Client within the meaning of this Privacy Policy is anyone who purchases goods or services via the Data Controller’s website.
1.4. The Data Controller complies with the principles of data processing as set out in applicable legislation, ensuring that personal data is processed lawfully, fairly, and securely. The Data Controller is able to confirm that personal data has been processed in accordance with the legal requirements.
2. Collection, Processing, and Storage of Personal Data
2.1. Personal data collected, processed, and stored by the Data Controller is primarily obtained electronically, mainly through the website and via email.
2.2. By sharing their personal data, the Data Subject grants the Data Controller the right to collect, manage, use, and process that data for the purposes defined in this Privacy Policy. This applies to any data provided directly or indirectly while purchasing goods or services through the website.
2.3. The Data Subject is responsible for ensuring that the data they provide is accurate, correct, and complete. Knowingly providing false information constitutes a breach of this Privacy Policy. The Data Subject must promptly notify the Data Controller of any changes to their provided data.
2.4. The Data Controller is not responsible for damages resulting from the submission of inaccurate data by the Data Subject, whether such damages are incurred by the Data Subject or third parties.
3. Processing of Client Personal Data
3.1. The Data Controller may process the following personal data of the Data Subject:
3.1.1. First and last name;
3..1.2. Phone number;
3.1.3. Email address;
3.1.4. Delivery address;
3.1.5. Bank account number;
3.1.6. Payment card details;
3.2. In addition, the Data Controller has the right to collect information about the Client that is publicly available in official registers.
3.3. The legal basis for processing personal data is Article 6 (1) (a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a) the Data Subject has given consent to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract with the Data Subject or for taking steps prior to entering into a contract at the Data Subject’s request;
c) processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
f) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the Data Subject’s rights and freedoms, particularly where the Data Subject is a child.
3.4. Processing of personal data according to purpose:
3.4.1. Security and safety
stored for the period specified by law
3.4.2. Order processing
stored for up to 1 year
3.4.3. Ensuring the operation of e-commerce services
stored for up to 1 year
3.4.4. Customer management
stored for up to 1 year
3.4.5. Financial activities and accounting
stored for the period specified by law
3.4.6. Marketing
stored for up to 1 year
3.5. The Data Controller has the right to share personal data with third parties, such as authorized processors, accountants, transport and courier companies, and payment service providers. The Data Controller remains responsible for the processing of personal data. For payment transactions, the Data Controller transmits necessary data to the authorized processor Montonio Finance UAB.
3.6. The Data Controller applies organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
3.7. The Data Controller retains personal data depending on the processing purpose but no longer than 7 years.
4. Rights of the Data Subject
4.1. The Data Subject has the right to access and review their personal data.
4.2. The Data Subject has the right to obtain information regarding the processing of their personal data.
4.3. The Data Subject has the right to supplement or correct inaccurate data.
4.4. If personal data is processed on the basis of the Data Subject’s consent, the Data Subject has the right to withdraw consent at any time.
4.5. To exercise their rights, the Data Subject may contact customer support at: info@fizzi.ee.
4.6. The Data Subject has the right to file a complaint with the Data Protection Inspectorate for the protection of their rights.
5. Final Provisions
5.1. These data protection terms are drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR), the Estonian Personal Data Protection Act, and other applicable legislation of the Republic of Estonia and the European Union.
5.2. The Data Controller reserves the right to amend these data protection terms in part or in full, notifying Data Subjects of any changes via the website www.fizzi.ee.
English 
Eesti