1.1. A data subject is a natural person about whom Miriada OÜ has information, or the information that can be used to identify a natural person. Data subjects are, for example, customers, collaborators, and employees as natural persons whose personal data Miriada OÜ has received.
1.3. Personal data is any information related to an identified or identifiable natural person.
1.4. The processing of personal data covers any act performed with a data subject’s personal data, including collection, recording, organisation, storage, alteration, disclosure, providing access to them, conducting queries and retrievals, usage, transferring, cross-usage, merging, closure, deleting, or destroying personal data, or several of the above mentioned operations, regardless of the manner in which the operations are performed and the means used.
1.5. A customer is any natural or legal person who uses or has expressed an interest in using Miriada OÜ services.
1.6. A contract is an agreement concluded between Miriada OÜ and a customer to provide services, or some other agreement.
1.7. Website – www.estonkids.com is Miriada OÜ website.
1.8. A visitor is a person who uses Miriada OÜ website.
1.9. A child is, in the context of personal data processing, a person under the age of 13 in the Republic of Estonia.
1.10. Services – all kinds of services and products provided by Miriada OÜ.
1.11. Cookies are data files that are sometimes saved on the device of a website visitor.
1.12. Miriada OÜ data protection specialist is a person who follows the implementation of the principles for the processing of personal data, and with whom any data subject can contact in case of complaint.
1.13. Sales channels are Miriada OÜ ways to communicate with data subjects, tools created for selling goods and services, including e-mail, telephone, public and social media, various chat lines, individualised and interactive adverts, and other similar tools on websites and in other places.
1.14. Product portfolio includes Miriada OÜ various products and services, the list of which is available on the company’s website www.estonkids.com.
2. GENERAL TERMS
2.1. ESTONKIDS is a legal person Miriada OÜ, with the registry code 14190412, located at Pune tee 5-14, 12015 Tallinn, Estonia.
2.2. At Miriada OÜ, personal data can be processed:
2.2.1. by a responsible processor, when the purposes and means of processing have been specified;
2.2.2. by an authorised processor according to the instructions of the person responsible;
2.2.3. by a receiver to whom personal data are transferred.
3.1. Miriada OÜ always favours the interests, rights and freedoms of data subjects when processing their personal data.
3.2. Miriada OÜ goal is to provide responsible processing of personal data, which is based on best practice, bearing in mind that the company is always ready to demonstrate the compliance of the processing of personal data with the purposes set.
3.3. Miriada OÜ all processes, instructions, operations and activities related to processing personal data are based on the following principles:
3.3.1. Legality. In case of processing personal data, there is a legal basis for this, for example a consent.
3.3.2. Fairness. The processing of personal data is fair, requiring, first of all, that the data subject has sufficient information on how their personal data are processed.
3.3.3. Transparency. The processing of personal data is transparent to the data subject.
3.3.4. Purposefulness. Personal data is collected for precisely and clearly defined and legitimate purposes and will not be processed later in a way that does not conform to these purposes.
3.3.5. Correctness. The personal data are correct and, if necessary, updated, and all reasonable steps will be taken to delete or correct the personal data which are incorrect from the point of view of the purpose for processing personal data.
3.3.6. Principle of restricted storage – personal data shall be stored in a form that allows data subjects to be identified only for as long as it is necessary to fulfil the purpose for which the personal data is processed. This means that, if Miriada OÜ wishes to keep personal data longer than it is necessary for the purpose, the company will anonymize the data so that the data subject is no longer identifiable. As for the data received by Miriada OÜ through customer relationship or similar relations, the company will keep them in accordance with best practices and will retain the data processed on the basis of consent until the consent is withdrawn.
3.3.7. Reliability and confidentiality. Processing of personal data is carried out in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using reasonable technical or organizational measures. Miriada OÜ has both internal instructions and rules for employees and separate contracts with each authorized data processor, providing best practices, ongoing risk assessment and relevant technical and organizational measures for processing personal data.
4. COMPOSITION OF PERSONAL DATA
4.1. Miriada OÜ shall collect, inter alia, the following types of personal data:
4.1.1. personal data given to Miriada OÜ by the data subject (name, e-mail address, postal address, phone number);
4.1.2. personal data resulting from normal communication between the data subject and Miriada OÜ;
4.1.3. personal data made clearly public by the data subject (e.g. in social media);
4.1.4. personal data generated when using services (e.g. when buying in Miriada OÜ online shop);
4.1.5. personal data resulting from the visit and use of the website (e.g. the time spent on the website);
4.1.6. personal data received from third persons;
4.1.7. personal data created and combined by Miriada OÜ (correspondence or the list of the order history in the context of customer relationships).
5. COMPOSITION OF PERSONAL DATA. PURPOSES AND GROUNDS FOR THEIR PROCESSING
5.1. Miriada OÜ processes personal data only by consent of the data subject or by law.
5.2. By consent, Miriada OÜ processes personal data exactly within the limits, scope and purposes specified by the data subject. As regards consents, Miriada OÜ acts are based on the principle that each consent must be clearly distinguishable from other questions, in an understandable and easily accessible form, in a plain and simple language. The consent may be given in writing, electronically or orally. The data subject gives consent voluntarily, specifically, deliberately and unequivocally, for example by ticking the box on the website.
5.3. A legitimate interest is Miriada OÜ interest in managing and running its own business, to offer the best possible services on the market. Under law, Miriada OÜ will process personal data only after careful evaluation, to determine that the company has a legitimate interest, the processing of personal data is necessary and in accordance with the interests and rights of the data subject. In particular, the processing of personal data on the basis of legitimate interest may take place for the following purposes:
5.3.1. to ensure trustworthy customer relationships, for example the processing of personal data, which is strictly necessary to identify actual beneficiaries or prevent fraud;
5.3.2. to manage and analyse the customer base to improve the availability, range and quality of the services and products, and to provide the best and most personalized offerings with the customer’s consent;
5.3.3. to collect identifiers and personal data when using webpages, mobile applications and other services. Miriada OÜ uses the data collected to conduct web analysis, analysis of mobile phone services and information society services, to ensure and improve activities, do statistics, analyse visitor behaviour and user experience, and to provide better and more personalised services;
5.3.4. to do customer and visitor satisfaction surveys and measure the effectiveness of marketing activities;
5.3.5. to analyse customer and visitor behaviour on different sales channels and webpages;
5.3.6. to monitor services – Miriada OÜ can save notices and orders made both in its premises or by means of telecommunication (e-mail, telephone, etc.), as well as information and other activities performed by Miriada OÜ and, if necessary, use them to prove orders or other operations;
5.3.7. when considering network, information and cyber-security, for example to fight against piracy, to secure the websites, to make and maintain backup copies;
5.3.8. to compile, submit or defend legal claims.
5.4. To fulfil obligations arising from law, Miriada OÜ shall process personal data for the purpose of fulfilling obligations provided by law or applying the ways of usage permitted by law. For example, the law imposes obligations to process payments or follow the money laundering rules.
5.5. If the processing of personal data is for a purpose other than that for which the personal data was originally collected or is not based on the consent of the data subject, Miriada OÜ will carefully evaluate the admissibility of such new processing.
6. DISCLOSURE OF AND / OR TRANSFER OF PERSONAL DATA TO THIRD PERSONS
6.1. Miriada OÜ cooperates with persons to whom the company may transfer data relating to data subjects, including personal data, in the framework and for the purpose of cooperation.
6.2. These third persons may be, for example:
persons mediating or providing postal services, IT partners, service providers for debt collection, payment failure registries, institutions and organizations, provided that:
6.2.1. their purpose and the processing are legal;
6.2.2. personal data processing is carried out in accordance with Miriada OÜ instructions and under a valid contract.
7. SECURITY MEASURES FOR PROCESSING PERSONAL DATA
7.1. Miriada OÜ shall store personal data only for the strict minimum necessary time. Personal data, the expiry date of which has passed, will be destroyed, using best practices and in accordance with the procedures established by Miriada OÜ.
7.2. Miriada OÜ has established instructions and procedures on how to ensure the security of personal data through using both organisational and technical measures.
7.3. In the event of any incident involving personal data, Miriada OÜ will take all necessary measures to mitigate the consequences and avoid all relevant risks in the future. Among other things, Miriada OÜ shall register all incidents and inform the Data Protection Inspectorate and the data subject directly.
8. PROCESSING CHILDREN’S PERSONAL DATA
8.1. Miriada OÜ shall not knowingly collect information about persons under the age of 13, or children, and if we do so knowingly, we will consider the wishes of the parent or guardian.
8.2. If Miriada OÜ becomes aware that the company has collected some personal data from a child or about a child, the company will do its best to terminate the processing their personal data.
9. RIGHTS OF THE DATA SUBJECT
9.1. Rights related to the consent:
9.1.1. The consent to allow the processing of personal data may be withdrawn by the data subject at any time.
9.1.2. The consent to receive Miriada OÜ newsletter can be withdrawn through the link below the newsletter.
9.2. As regards the processing of personal data, the data subject also has the following rights:
9.2.1. The right to receive information, or the right of the data subject to obtain information about personal data collected on them.
9.2.2. The right to access data that inter alia includes the data subject’s right to a copy of their personal data processed.
9.2.3. The right to demand the correction of inaccurate data.
9.2.4. The right to delete data, that is, in a certain case, the data subject has the right to require that personal data be deleted, for example, if processing is done only on the basis of their consent.
220.127.116.11. In this case, the opportunity to participate in Miriada OÜ loyalty program will also end, as the client is no longer identifiable.
9.2.5. The right to demand limitation of processing personal data. This right arises, inter alia, if the processing is not authorized by law or if the data subject disputes the accuracy of their personal data. The data subject has the right to demand that the processing of personal data be restricted for a period that allows the responsible person to check the accuracy of personal data, or when the processing of personal data is unlawful, but the data subject does not request the deletion of their personal data.
9.2.6. The right to a supervisory authority’s assessment of whether the processing of personal data of the data subject is lawful.
10. EXERCISING RIGHTS AND SUBMITTING COMPLAINTS
10.1. Exercising rights:
10.1.1. The data subject has the right to contact Miriada OÜ by e-mail firstname.lastname@example.org in the event of a question, application or complaint concerning the processing of personal data.
10.2. Submitting complaints:
10.2.1. The data subject has the right to appeal to Miriada OÜ, the Data Protection Inspectorate or a court when the data subject thinks that their rights have been violated during the processing of their personal data.
10.2.2. The contacts of the Data Protection Inspectorate are available on its website http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.1. Miriada OÜ may collect data about the visitors of the webpages and other information society services by using cookies (i.e. small pieces of information that are stored by the visitor’s browser on the hard disk of their computer or other device) or other similar technologies (such as IP address, device information, location information), and process these data.
11.2. Miriada OÜ uses the data collected to: enable the provision of the service in accordance with the visitor or customer’s habits; ensure the best service quality; make website experience more convenient for the customers; inform the visitor and the customer about the content and make recommendations; make ads more relevant and improve marketing efforts, analyse customer behaviour and thereby improve online experience, facilitate logging in and data protection. The collected data is also used to count visitors and identify their user habits.
11.3. We use the cookies of our online store environment to identify users as unique but anonymous persons.
11.4. Miriada OÜ uses session, permanent and advertising cookies. Session cookies will be deleted automatically after each visit; permanent cookies are extant when the website is visited frequently; advertising cookies are used to present materials suitable for the visitor or limit the number of times the same ad is seen on the website. Cookies of third parties are used by websites of Miriada OÜ partners. Miriada OÜ does not control the appearance of these cookies, so you can get information about these cookies from third parties.
For more information on managing cookies, see the following pages:
11.6. Most web browsers allow default cookies. Without the full permission of cookies, the features of the website are not fully available to the visitor, and unforeseen problems with functionality and user experience may occur. Allowing, blocking, or deleting cookies and other similar technologies is controlled by the visitor through the browser settings, information society service settings, and privacy enhancement platforms.
12. RELEVANT DOCUMENTS, INSTRUCTIONS, PROCEDURES
12.1.1. The Processing Operations Register, which lists all purposes, ways, processes, types and categories of personal data and the corresponding basics for the processing;
12.1.3. Miriada OÜ Principles of Using Organisational and Technical Measures, which contain different measures that Miriada OÜ applies to have personal data confidential and secure;
12.1.4. All About Cookies: descriptions of cookies and other web technologies that Miriada OÜ uses.
13. CONTACTS AND INFORMATION
13.1. Important contacts for Miriada OÜ data subject:
13.1.1. If you have any questions about personal data, you can contact Miriada OÜ via e-mail: email@example.com