Privacy Policy
As a trustworthy partner, Sutu OÜ (hereinafter Sutu), has committed to treating the company’s customers’ personal data, respecting all their rights. Based on this, the company has developed the main principles of privacy policy regarding the collection, use, disclosure, transfer and storage of customer data.
- NOTIONS
- A data subject is a natural person about whom Sutu has information, or the information that can be used to identify a natural person. Data subjects are, for example, customers, collaborators, and employees as natural persons whose personal data Sutu has received.
- Privacy policy is this text, which sets out the principles for the processing of personal data at Sutu.
- Personal data is any information related to an identified or identifiable natural person.
- The processing of personal data covers any act performed with a data subject’s personal data, including collection, recording, organisation, storage, alteration, disclosure, providing access to them, conducting queries and retrievals, usage, transferring, cross-usage, merging, closure, deleting, or destroying personal data, or several of the above mentioned operations, regardless of the manner in which the operations are performed and the means used.
- A customer is any natural or legal person who uses or has expressed an interest in using Sutu’s products.
- A contract is an agreement concluded between Sutu and a customer to provide services, or some other agreement.
- Website – www.sutustraws.com is Sutu’s website.
- A visitor is a person who uses Sutu’s website.
- Products – all kinds of items sold by Sutu.
- Cookies are data files that are sometimes saved on the device of a website visitor.
- Sutu’s data protection specialist is a person who follows the implementation of the principles for the processing of personal data, and with whom any data subject can contact in case of complaint.
- Sales channels are Sutu’s ways to communicate with data subjects, tools created for selling goods and services, incl e-mail, telephone, public and social media, various chat lines, adverts and other similar tools on websites and in other places.
- GENERAL TERMS
- Sutu is a legal person Sutu OÜ, with the registry code 14562730, located at Estonia, Saaremaa Rural Municipality, Suure-Rootsi Village, Veski.
- At Sutu, personal data can be processed by a responsible processor, when the purposes and means of processing have been specified; by an authorised processor according to the instructions of the person responsible; by a receiver to whom personal data are transferred.
- The responsible processor of the personal data is Sutu OÜ. In order to deliver the goods and transfer the payment the relevant personal data is forwarded to transport service providers and payment processors, including Maksekeskus AS.
- The privacy policy applies to the data subjects; the rights and obligations specified in the privacy policy are in force for all Sutu’s employees and partners to whom the personal data collected by Sutu are available.
- The privacy policy may be supplemented by privacy notices published on the website or on the devices, and they may amend or supplement the privacy policy.
- PRINCIPLES
- Sutu always favours the interests, rights and freedoms of data subjects when processing their personal data.
- Sutu’s goal is to provide responsible processing of personal data, which is based on best practice, bearing in mind that the company is always ready to demonstrate the compliance of the processing of personal data with the purposes set.
- Sutu’s all processes, instructions, operations and activities related to processing personal data are based on the following principles:
- In case of processing personal data, there is a legal basis for this, for example a consent.
- The processing of personal data is transparent and understandable to the data subject.
- Personal data is collected for precisely and clearly defined and legitimate purposes and will not be processed later in a way that does not conform to these purposes.
- The personal data are correct and, if necessary, updated, and all reasonable steps will be taken to delete or correct the personal data which are incorrect from the point of view of the purpose for processing personal data.
- Reliability and confidentiality. Processing of personal data is carried out in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using reasonable technical or organizational measures.
- COMPOSITION OF PERSONAL DATA
- Sutu shall collect, inter alia, the following types of personal data:
- personal data given to Sutu by the data subject (e.g. name, e-mail address, postal address, phone number);
- personal data resulting from normal communication between the data subject and Sutu;
- personal data made clearly public by the data subject (e.g. in social media);
- personal data generated when using services (e.g. when buying in Sutu’s online shop);
- personal data resulting from the visit and use of the website (e.g. the time spent on the website);
- personal data received from third persons;
- personal data created and combined by Sutu (correspondence or the list of the order history in the context of customer relationships).
- COMPOSITION OF PERSONAL DATA. PURPOSES AND GROUNDS FOR THEIR PROCESSING
- Sutu processes personal data only by consent of the data subject or by law.
- By consent, Sutu processes personal data exactly within the limits, scope and purposes specified by the data subject. As regards consents, Sutu’s acts are based on the principle that each consent must be clearly distinguishable from other questions, in an understandable and easily accessible form, in a plain and simple language. The consent may be given in writing, electronically or orally. The data subject gives consent voluntarily, specifically, deliberately and unequivocally, for example by ticking the box on the website.
- A legitimate interest is Sutu’s interest in managing and running its own business, to offer the best possible services on the market. Under law, Sutu will process personal data only after careful evaluation, to determine that the company has a legitimate interest, the processing of personal data is necessary and in accordance with the interests and rights of the data subject.
- In particular, the processing of personal data on the basis of legitimate interest may take place for the following purposes:
- to ensure trustworthy customer relationships, for example the processing of personal data, which is strictly necessary to identify actual beneficiaries or prevent fraud;
- to manage and analyse the customer base to improve the availability, range and quality of the services and products, and to provide the best and most personalized offerings with the customer’s consent;
- to collect identifiers and personal data when using webpages, mobile applications and other services. Sutu uses the data collected to conduct web analysis, analysis of mobile phone services and information society services, to ensure and improve activities, do statistics, analyse visitor behaviour and user experience, and to provide better and more personalised services;
- to do customer and visitor satisfaction surveys and measure the effectiveness of marketing activities;
- to analyse customer and visitor behaviour on different sales channels and webpages;
- to monitor services – Sutu can save notices and orders made both in its premises or by means of telecommunication (e-mail, telephone, etc.), as well as information and other activities performed by Sutu, and, if necessary, use them to prove orders or other operations;
- when considering network, information and cyber-security, for example to secure the websites, to make and maintain backup copies;
- to compile, submit or defend legal claims.
- To fulfil obligations arising from law, Sutu shall process personal data for the purpose of fulfilling obligations provided by law or applying the ways of usage permitted by law. For example, the law imposes obligations to process payments or follow the money laundering rules.
- If the processing of personal data is for a purpose other than that for which the personal data was originally collected or is not based on the consent of the data subject, Sutu will carefully evaluate the admissibility of such new processing.
- DISCLOSURE OF AND / OR TRANSFER OF PERSONAL DATA TO THIRD PERSONS
- Sutu cooperates with persons to whom the company may transfer data relating to data subjects, including personal data, in the framework and for the purpose of cooperation.
- These third persons may be, for example persons mediating or providing postal services, IT partners, service providers for debt collection, payment failure registries, institutions and organizations, provided that:
- their purpose and the processing are legal;
- personal data processing is carried out in accordance with Sutu’s instructions and under a valid contract.
- SECURITY MEASURES FOR PROCESSING PERSONAL DATA
- Sutu shall store personal data minimum necessary time.
- Sutu has established instructions on how to ensure the security of personal data through using both organisational and technical measures.
- In the event of any incident involving personal data, Sutu will take all necessary measures to mitigate the consequences and avoid all relevant risks in the future. Among other things, Sutu shall register all incidents and inform the Data Protection Inspectorate and the data subject directly.
- RIGHTS OF THE DATA SUBJECT
- The consent to allow the processing of personal data may be withdrawn by the data subject at any time.
- The consent to receive Sutu’s newsletter can be withdrawn through the link below the newsletter.
- As regards the processing of personal data, the data subject also has the following rights:
- The right to receive information, or the right of the data subject to obtain information about personal data collected on them.
- The right to access data that inter alia includes the data subject’s right to a copy of their personal data processed.
- The right to demand the correction of inaccurate data.
- The right to delete data, that is, in a certain case, the data subject has the right to require that personal data be deleted, for example, if processing is done only on the basis of their consent.
- The right to demand limitation of processing personal data. This right arises, inter alia, if the processing is not authorized by law or if the data subject disputes the accuracy of their personal data. The data subject has the right to demand that the processing of personal data be restricted for a period that allows the responsible person to check the accuracy of personal data, or when the processing of personal data is unlawful, but the data subject does not request the deletion of their personal data.
- The right to a supervisory authority’s assessment of whether the processing of personal data of the data subject is lawful.
- EXERCISING RIGHTS AND SUBMITTING COMPLAINTS
- Exercising rights. The data subject has the right to contact Sutu by e-mail info@sutu.ee in the event of a question, application or complaint concerning the processing of personal data.
- Submitting complaints. The data subject has the right to appeal to Sutu, the Data Protection Inspectorate or a court when the data subject thinks that their rights have been violated during the processing of their personal data. The contacts of the Data Protection Inspectorate are available on its website http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon.
- COOKIES AND OTHER WEB TECHNOLOGIES
- Sutu may collect data about the visitors of the webpages and other information society services by using cookies (i.e. small pieces of information that are stored by the visitor’s browser on the hard disk of their computer or other device) or other similar technologies (such as IP address, device information, location information), and process these data.
- Sutu uses the data collected to: enable the provision of the service in accordance with the visitor or customer’s habits; ensure the best service quality; make website experience more convenient for the customers; inform the visitor and the customer about the content and make recommendations; make ads more relevant and improve marketing efforts, analyse customer behaviour and thereby improve online experience, facilitate logging in and data protection. The collected data is also used to count visitors and identify their user habits.
- We use the cookies of our online store environment to identify users as unique but anonymous persons.
- Sutu uses session, permanent and advertising cookies. Session cookies will be deleted automatically after each visit; permanent cookies are extant when the website is visited frequently; advertising cookies are used to present materials suitable for the visitor or limit the number of times the same ad is seen on the website. Cookies of third parties are used by websites of Sutu’s partners. Sutu does not control the appearance of these cookies, so you can get information about these cookies from third parties.
- As regards cookies, the visitors agree to use them on the website, in the settings of information society services, or the web browser. If the visitor does not want to allow the use of cookies on the website, they may block them in their web browser settings, use the option of private browsing, or delete them completely using the instructions given by the service provider of the web browser.
- Most web browsers allow default cookies. Without the full permission of cookies, the features of the website are not fully available to the visitor, and unforeseen problems with functionality and user experience may occur. Allowing, blocking, or deleting cookies and other similar technologies is controlled by the visitor through the browser settings, information society service settings, and privacy enhancement platforms.
- CONTACTS AND INFORMATION
- Important contacts for Sutu’s data subject:
- If you have any questions about personal data, you can contact Sutu via e-mail: info@sutu.ee
- OTHER
- Sutu has the right to unilaterally change this privacy policy. Sutu will inform the data subjects on the changes on the website www.sutustraws.com. We assume that if you start using Sutu’s website www.sutustraws.com, you have seen the privacy policy and agreed to its terms and conditions.