Privacy Policy

  1. General Provisions
    1.1. This privacy policy governs the principles for collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller PARGIPROFF OÜ.
    1.2. A data subject under this privacy policy refers to a client or any other natural person whose personal data is processed by the data processor.
    1.3. A client under this privacy policy refers to anyone who purchases goods or services from the data processor’s website.
    1.4. The data processor adheres to the principles of data processing established in legal acts, including processing personal data lawfully, fairly, and securely. The data processor can confirm that personal data has been processed according to the requirements set forth in legal acts.

  2. Collection, Processing, and Storage of Personal Data
    2.1. Personal data collected, processed, and stored by the data processor is collected electronically, mainly through the website and email.
    2.2. By sharing personal data, the data subject grants the data processor the right to collect, organize, use, and manage the personal data for the purposes defined in this privacy policy, which the data subject directly or indirectly provides when purchasing goods or services on the website.
    2.3. The data subject is responsible for ensuring that the data they provide is accurate, correct, and complete. Knowingly providing false information is considered a breach of this privacy policy. The data subject is obliged to notify the data processor immediately of any changes to the data provided.
    2.4. The data processor is not liable for any damage caused to the data subject or third parties due to the submission of false data by the data subject.

  3. Processing of Clients' Personal Data
    3.1. The data processor may process the following personal data of the data subject:

  • 3.1.1. First and last name
  • 3.1.2. Date of birth
  • 3.1.3. Phone number
  • 3.1.4. Email address
  • 3.1.5. Delivery address
  • 3.1.6. Bank account number
  • 3.1.7. Payment card details
    3.2. In addition to the above, the data processor has the right to collect data about the client from public registers.
    3.3. The legal basis for processing personal data is Article 6 (1) (a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
  • a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
  • b) The processing of personal data is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
  • c) The processing of personal data is necessary for compliance with a legal obligation to which the data controller is subject;
  • f) The processing of personal data is necessary for the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, especially if the data subject is a child.
    3.4. Processing of personal data according to the purpose of processing:
  • 3.4.1. Purpose – Security and safety
    Personal data retention period – according to legal deadlines
  • 3.4.2. Purpose – Order processing
    Personal data retention period – 3 months
  • 3.4.3. Purpose – Ensuring the functioning of the e-shop
    Personal data retention period – 3 months
  • 3.4.4. Purpose – Customer management
    Personal data retention period – 3 months
  • 3.4.5. Purpose – Financial activities, accounting
    Personal data retention period – according to legal deadlines
  • 3.4.6. Purpose – Marketing
    Personal data retention period – 3 months
    3.5. The data processor has the right to share clients' personal data with third parties, such as authorized data processors, accountants, transport and courier companies, and payment service providers. The data processor is the data controller. The data processor will transmit the personal data necessary for payment transactions to the authorized processor Maksekeskus AS.
    3.6. When processing and storing personal data, the data processor applies organizational and technical measures that ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
    3.7. The data processor retains the data of the data subjects depending on the purpose of processing, but not for longer than 1 year.

  1. Rights of the Data Subject
    4.1. The data subject has the right to access their personal data and review it.
    4.2. The data subject has the right to receive information about the processing of their personal data.
    4.3. The data subject has the right to supplement or correct inaccurate data.
    4.4. If the data processor processes the data subject's personal data based on the data subject's consent, the data subject has the right to withdraw that consent at any time.
    4.5. The data subject can exercise their rights by contacting the e-shop customer support at Info@babysnuggle.eu.
    4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate to protect their rights.

  2. Final Provisions
    5.1. These data protection terms are drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Estonian Personal Data Protection Act, and other Estonian and European Union legislation.
    5.2. The data processor has the right to partially or fully amend the data protection terms by notifying the data subjects through the website Info@babysnuggle.eu.