Privacy Policy

Privacy Policy


1. General Provisions
1.1. This privacy policy regulates the principles of collecting, processing, and storing personal data. The responsible data controller for collecting, processing, and storing personal data is MRT Tech OÜ.
1.2. The data subject, in the context of the privacy policy, is a customer or other natural person whose personal data the data controller processes.
1.3. A customer, in the context of the privacy policy, is anyone who purchases goods or services from the data controller's website.
1.4. The data controller adheres to the principles of data processing established in the legislation, including processing personal data lawfully, fairly, and securely. The data controller is able to confirm that personal data has been processed in accordance with the legislation.
 
2. Collection of Personal Data
2.1. Personal data is data that MRT Tech OÜ collects for the purpose of identifying individuals or contacting them. The collection of personal data may occur with the customer's consent in the following ways:
- by providing contact details (including your name, postal address, phone number, email address, personal identification code) when shopping at MRT Tech's online store
- through the use of cookies when using the website or customer account information
- when making a purchase or order in our online store (the online store may request the voluntary submission of personal data and personal information on certain areas of the website).
2.2. By sharing their personal data, the customer gives data processors the right to collect, organize, use, and manage personal data for the purposes defined in the privacy policy, which the customer shares directly or indirectly with the data processor by purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the data provided by them is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject is obliged to promptly inform the data controller of any changes to the provided data.
2.4. The data controller is not liable for any damages caused to the data subject or third parties due to the provision of false information by the data subject.
2.5. Required personal data may include:
•    name, email address, phone number, residential address
•    delivery address for goods, postal code
•    bank account number
•    cost of goods and services and payment-related data (purchase history)
•    customer support data
2.6. In addition to the above, the data controller has the right to collect data about the customer available in public registers.
2.7. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation:
a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the data controller is subject;
f) Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly if the data subject is a child.
2.8. Personal data is used for managing customer orders and delivering goods. The bank account number is used to refund customers. Purchase history data (purchase date, product, quantity, customer data) is processed for compiling overviews of purchased goods and services and analyzing customer preferences. The IP address or other network identifiers of website users are processed for providing the website as an information society service and for making website usage statistics.
With the collected personal data, we can inform customers about news, promotions, and future events of MRT Tech OÜ. A customer who does not wish to be in our mailing list can remove themselves at any time.
 
3. Processing and Storage of Personal Data
3.1. Personal data is transferred to the online store's customer support for the management of purchases and purchase history and for resolving customer issues.
•    Name, phone number, and email address are provided to the transport service provider chosen by the customer.
•    If it is a product delivered by courier, the customer's address is also provided in addition to the contact details.
•    If the online store's accounting is carried out by a service provider, personal data is provided to the service provider for accounting operations.
•    Personal data may be provided to information technology service providers if necessary for the functionality of the online store or for data hosting.
•    The merchant is the responsible data controller for personal data. The merchant provides the necessary personal data for processing payments to the authorized processor Montonio Finance AS.
3.2. When processing and storing customer personal data, the data controller implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
Encrypted data communication channel (Montonio Finance AS or similar) with banks ensures the security of the purchaser's personal data and bank details.
3.3. Upon closure of the online store customer account, personal data is deleted, unless such data needs to be retained for accounting or for the resolution of consumer disputes. If a purchase is made in the online store without a customer account, the purchase history is retained for three years. In the case of payment disputes and consumer disputes, personal data is retained until the claim is fulfilled or until the expiry of the limitation period. Personal data necessary for accounting purposes is retained for seven years.
 
4. Customer Rights
4.1. The customer has the right to access and review their personal data. If a purchase is made without a user account, the customer can review the personal data through customer support.
4.2. The customer has the right to receive information about the processing of their personal data.
4.3. The customer has the right to supplement or correct inaccurate data.
4.4. If the data controller processes the customer's personal data based on the customer's consent, the customer has the right to withdraw their consent at any time.
4.5. To exercise their rights, the customer can contact the online store's customer support at info@mrttech.ee.
4.6. The customer has the right to lodge a complaint with the Data Protection Inspectorate to protect their rights.
 
5. Final Provisions
5.1. We reserve the right to amend the privacy terms as necessary. By using the MRT Tech online store website, it is assumed that you have read and agree to these terms. All changes made will be notified through the Website. For any questions or concerns regarding privacy policy and data processing, please contact info@mrttech.ee.
5.2. These data protection terms have been compiled in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and the laws of the Republic of Estonia and the European Union.