PRIVACY POLICY
Dated 7th July 2024.
Itherapy OÜ (Estonian registry code 1480894, legal address Harju county, Tallinn, Kesklinn district, Narva mnt 19-33, 10120) is hereby the Data Controller and responsible for the processing of your data. The Data Controller collects your personal data and determines the purposes and methods of processing said data (Privacy Policy). Questions regarding the processing of your personal data and Privacy Policy should be sent to info@ilonasibold.com.
The Privacy Policy provides an overview of the data processing principles at Itherapy OÜ. The Privacy Policy describes how we collect, store, use, and process your data when you decide to use our services. Our Privacy Policy applies in all cases where we process your personal data. Personal data is mainly processed when we provide our services when you contact us directly or via our website https://ilonasibold.com/. Your personal data is also processed on various platforms that we use to provide our service, e.g. social media platforms and platforms that provide payment solutions. By using the website, using our services, placing orders with us or concluding contracts with us, you agree to our Privacy Policy. Detailed purposes and legal grounds for processing your personal data are described below. The Privacy Policy does not govern data about companies or any other legal entities.
Itherapy OÜ reserves the right to make changes to the Privacy Policy. The changes are published on the website https://ilonasibold.com/.
We process your personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and Council, dated April 27, 2016, on the protection of natural persons regarding the processing of personal data and the free circulation of these data (hereinafter, the “GDPR”) and other current regulations on the protection of personal data.
1. When and What Personal Data Do We Collect? What Is the Purpose and Lawful Basis for Processing Your Personal Data?
| 1.1 When providing services – names, phone numbers, email addresses, mailing addresses, billing addresses, birthdates. | |
| Purpose: | Identification of the client, the conclusion of the contract, fulfillment of contractual obligations, and communication with the client. In addition, we may collect data during pre-contractual negotiations for the purpose of making offers. |
| Legal base: | Contract or consent. |
| 1. 2 When making a purchase on the website https://ilonasibold.com/ – names, email addresses, debit/credit card numbers, and billing addresses. | |
| Purpose: | Identification of the client, the conclusion of the contract, fulfillment of contractual obligations, and communication with the client. |
| Legal base: | Contract. |
| 1.3 Marketing data, for example, data collected when subscribing to our newsletter – names, email addresses. | |
| Purpose: | For marketing purposes, we may process your personal and contact data in order to send you interesting personalized offers and organize sales campaigns. |
| Legal base: | Consent or legitimate interest. |
| 1.4 Transaction data collected when providing services – transaction time, purchased service and price, payment data. | |
| Purpose: | Fulfillment of accounting and tax requirements arising from the law, and fulfillment of the contract. |
| Legal base: | Contract or legitimate interest. |
| 1.5 Data about customer preferences and satisfaction, as well as other communication data – names, email addresses, data about used services, order history, feedback, customer inquiries, and complaints (customer support data). | |
| Purpose: | Maintain and improve customer relations and solve problems, evaluate and improve the quality of services provided and customer service, and organize customer satisfaction surveys. We have the right to publish your feedback on our website for the purpose of increasing credibility and advertising. |
| Legal base: | Contract or legitimate interest. Consent when publishing your feedback on our website. |
| 1.6 Non-personalized user data when visiting and using our website https://ilonasibold.com/ – device type, device identifier, IP address, location, web browser, language settings, and other data collected through cookies when using the website. | |
| Purpose: | Ensuring the website’s content is relevant and functioning. More detailed information can be found in the Cookie Policy. |
| Legal base: | Consent or legitimate interest. |
| 1.7 Contact details of our cooperation partners – names, phone numbers, email addresses. | |
| Purpose: | Conducting pre-contractual negotiations, and fulfilment of contracts. |
| Legal base: | Contract or consent. |
| 1.8 User accounts of existing or potential customers on social media platforms (for example, Instagram, Facebook, Youtube) – information on your profile, such as name, gender, marital status, occupation, interests, and city, whether you like our profile, other associations with our profile, such as comments on our profile, your direct messages to us. | |
| Purpose: | Communication with existing or potential customers, directing advertising campaigns. Data is processed when you visit or interact with our social media profiles. |
| Legal base: | Consent or legitimate interest. |
| 1.9 Data of job applicants and employees, data of internship applicants and interns – names, social security numbers, addresses, phone numbers, email addresses, professions, workplaces or internships, fields of activity, education, level of education, previous work experience, other published personal data during the application process, other employment-related data, payroll, bank account number, tax data. | |
| Purpose: | Conclusion of an employment contract or internship contract with a suitable candidate, fulfillment of contracts. |
| Legal base: | Contract or consent. |
2. How Do We Protect Your Personal Data?
2.1 We ensure the confidentiality, availability, and integrity of your personal data.
2.2 As a general rule, personal data is not transferred outside the European Economic Area. When transferring personal data outside the European Economic Area, we undertake to ensure that appropriate security measures are implemented.
2.3 When possible, encryption is used, both in transit and storage.
2.4 All payment transactions are encrypted.
2.5 We store personal data mainly in digital form.
2.6 Our IT systems are configured by default to store and process data in a safe and secure manner.
2.7 Your personal data is not kept for longer than necessary. If the data is no longer necessary, it is deleted or archived.
2.8 Only a minimal number of people need access to your personal data to perform their duties.
2.9 Our employees are trained in data security.
2.10 If we use other external service providers, we require them to implement and apply security measures to ensure the security of your personal data.
3. How Long Do We Keep Your Personal Data?
3.1 Contracts and related data are retained for 3 years after the expiration of the contract.
3.2 In the event of disputes arising from the contract, we will retain personal data until the dispute is resolved.
3.3 Data collected during pre-contractual negotiations is retained for up to 12 months.
3.4 We retain the data of persons who applied for work and internships but were not selected, for up to 12 months.
3.5 Employee records are retained for 10 years from the time an employee leaves the organization.
3.6 Marketing data is retained for up to 10 years.
3.7 If consent is withdrawn we can no longer process your personal data and we are obliged to delete your personal data.
3.8 The retention period for original accounting documents is at least 7 years unless a longer term is set by law.
3.9 The retention period for cookies can be found in the Cookie Policy.
4. Who Do We Share Your Personal Data With?
4.1 Within the company, we only share your personal data with employees who need it for their work.
4.2 We may use external service providers who act as third-party data processors. These data processors may include website service or hosting providers, marketing service providers, accounting service providers, payment service providers, debt collection service providers and IT support service providers. We conscientiously select and review authorized third parties when possible and review their privacy and security policies. These third parties may have access to your personal data.
4.3 If you have given your explicit consent to transfer personal data to a specific recipient.
4.4 Personal data may be transferred without the consent of the data subject to an institution or a person who has a direct legal right to the data.
5. What Are Your Rights Regarding Your Personal Data?
5.1 You have the right to:
5.1.1 information about the processing of your personal data;
5.1.2 obtain access to the personal data held about you;
5.1.3 ask for incorrect, inaccurate, or incomplete personal data to be corrected;
5.1.4 request that personal data be erased when it’s no longer needed or if processing it is unlawful;
5.1.5 object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
5.1.6 request the restriction of the processing of your personal data in specific cases;
5.1.7 receive your personal data in a machine-readable format and send it to another controller (data portability);
5.1.8 request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
5.2 You may be asked to provide information to confirm your identity in order to exercise your rights.
5.3 If we have received a request from you regarding your personal data, we will respond as soon as possible, but not later than within 30 days.
5.4 If you would like your data not to be processed through the use of cookies during your visit to our website, we recommend that you enable private browsing.