Data Protection Policy
While registering in "Ballwool" or "Sell on Ballwool" application (hereinafter - Application) you (hereinafter - User) confirm that you have read this Data Protection Policy and agree for your personal data processing in accordance with Policy. Policy sets methods of work with personal data which were collected by Ballwool OÜ (hereinafter - Company) while providing the access to Application and while providing other services. While using the Application and other Company Services User agrees for his personal data processing in accordance with Policy and affirms that. In case when the User does not agree with the Policy partially or fully, he must stop using the Application and other Company Services. All data collected before above-mentioned refusal will be processed in accordance with Policy until the direct User prohibition is received.
1. Definition

1.1. Application owner is Company which contact data is:

1.1.1. Company name: Ballwool OÜ;

1.1.2. Registration country: Estonia;

1.1.3. Registration number: 14842151;

1.1.4. Address: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152;

1.1.5. E-mail: ballwool.com@gmail.com;

1.2. Personal data - means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.3. User - natural or legal entity using the Application or other Company services.

1.4. User Agreement - agreement between User and Company which regulates User Application using and Company services providing. The agreement specified in this clause also means any other agreements concluded between the User and the Company.

1.5. Service- every service and functional which became able for the User through the Application and by the Company.

1.6. Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Personal data and processing methods

2.1. Company collects personal data in next cases:

2.1.1. User registering in Application;

2.1.2. service providing for the User by Company through the Application and any other method;

2.1.3. while using the Application by User;

2.2. Company processes inter alia next personal data:

2.2.1. identification data (name, surname, personal code, sex, birth date, etc.)

2.2.2. contact details (phone number, e-mail, address and delivery address);

2.2.3. information about payments (information about payer’s bank account, name of the bank and other bank details)

2.2.4. IP address and cookies;

3. Targets and legal basis for personal data processing

3.1. Company processes data in accordance with next targets and legal grounds:

3.1.1. For User Agreement concluding and executing, for example:

3.1.1.1. for User technical support;

3.1.1.2. for transferring information which relates to Application and Company services using to the User;

3.1.1.3. for access providing to Application and Company services for the User;

3.1.2. With User permission:

3.1.2.1. to send to User and display relevant (in the view of Company) advertisement;

3.1.2.2. to send Commercial offers from Company and Company partners;

3.1.2.3. to participate in contests and campaigns conducted by the Company.

3.1.3. In the justified interests of the Company, for example:

3.1. for the proper User Agreement execution including establishing existence of User Agreement or legal acts violations and proving their existence. In this case Company has a justified interest to protect its Rights.

3.1.3.2. to collect statistical or technical non-personified information on Application and Company Services using.

3.1.4. for legal requirements fulfillment, for example:

3.1.4.1. obligation to save accounting documents;

3.1.4.2. obligation to provide information by the request of public authorities;

3.1.4.3. obligation to reply to the User requests and execute its orders.

3.1.5. Company can also process data in certain case of necessity to protect interests of the Company and Third Parties only if above-mentioned interests do not outweigh User interests in protecting his/her fundamental rights and freedoms.

3.1.6. If personal data processing is carrying out in accordance with justified Company interests, User has a right to submit objections to such processes.

5. Personal data transfer to the third parties

5.1. Company transfers User's personal data to the third parties only in certain cases like:

5.1.1. its necessity follows from the Law;

5.1.2. it is necessary to execute the agreements between Company and User;

5.1.3. Company has a justified interest;

5.1.4. User gave a permission for data transfer.

5.2. Company transfers User’s personal data to the next persons/parties:

5.2.1. to other Application Users when transactions are carried out between them;

5.2.2. to public authorities on the grounds provided by law;

5.2.3. to auditors, lawyers and other similar persons if it is necessary to perform User’s obligations for Company or third parties

6. Personal data transfer to the third Countries

6.1. Company transfers personal data to the third countries (countries not included in EEC) only in cases when it is provided on the grounds of law. In case when recipient country can’t provide required personal data protection measures, Company provide personal data on the condition that required personal data protection measures will be applied for data in accordance with Estonian and EU legal acts.

7. Personal data storage

7.1. Company stores User’s personal data while it is necessary to process data, to protect Company interests or on the grounds provided by legal acts requirements;

7.2. Depending on the type of personal data, the Company store data for the following time:

7.2.1. for accounting documents: 7 years from the end of the fiscal year in accordance with the law;

7.2.2. in other cases: 10 years after agreements term

8. Security

8.1. Company takes organizing, physical and measures IT solutions to provide personal data security.

8.2. Creating an account in Application User confirms that he/she is obligated to keep access data in secret from the third persons not including cases when the User let third persons use Application on his/her own behalf.

8.3. User must inform Company about unauthorised transfer of access data for Application to the third persons so Company can take measures to provide User personal data protection.

8.4. Company is not responsible for the User personal data protection measures violations if such violations caused by actions performed by User or third persons.

9. User’s rights and obligations

9.1. In accordance with relevant legal acts (primarily - GDPR) user has a right to perform next rights for personal data processing:

9.1.1. request an access to his/her own personal data;

9.1.2. request changes in his/her own personal data;

9.1.3. request removing his/her own personal data;

9.1.4. submit objections to his/her own personal data processing on any grounds.

9.2. To perform his/her rights User must contact Company using contact details specified in c. 1.1. of the Policy.

9.3. Company has a right to request additional information for User’s identification.

9.4. Company reply on User’s requests and requirements in 1 month period and notify about measures took to perform provided requests and requirements. If User’s request or requirement is too complicated or has a large volume Company has a right to prolong the period for reply up to 2 months. If Company did not take any measures to perform User’s request or requirement User is notified about this and he still has a right to ask Data Protection Inspectorate or court to protect his/her rights.

9.5. If the requests or requirements of the User are obviously not justified or excessive, primarily due to their repetitive nature, the Company has the right:

9.5.1. require a reasonable fee for performing requests or requirements;

9.5.2. refuse performing requests or requirements.

9.6. User has a right to request personal data removal only if one of the following reasons is present:

9.6.1. personal data is not useful anymore for the purpose for which it was collected or was processed using another method;

9.6.2. User revokes his/her agreement for personal data processing and there are no other legal grounds for User’s personal data processing;

9.6.3. User submit objection to personal data processing and this objection has adequate basis to stop personal data processing;

9.6.4. User’s personal data was processed illegally;

9.6.5. personal data must be removed to perform Company obligations on the grounds provided by law;

9.6.6. in case when personal data of person under the age of 13 the agreement for which processing was obtained previously.

9.7. In case when User require removal of his/her personal data he/she must describe on which condition, specified in clause

9.6. of the Policy he/she requires personal data removal. Company is not obligated to remove personal data if there are no grounds for it or if personal data is required for the following reasons:

9.7.1. exercise of freedom of speech and information;

9.7.2. performing obligations on the grounds provided by law;

9.7.3. personal data is required for Company rights protection;

9.7.4. Company has other following from the law grounds for personal data processing

9.8. In case when personal data is processing by User’s agreement he/she always has a right to revoke his agreement. If User revoke his/her agreement for personal data processing all the data processing performed before revoke considers to be legitimate and lawful.

9.9. User must notify Company about changes in his/her contact details to keep them up to date.

9.10. In case of User rights violation User has a right to ask Personal Data Protection Inspectorate or court to protect his/her rights.

10. Policy changing

10.1. Policy can be changed to comply with changes in law, personal processing or under instructions of supervisory authorities. In this case Company notifies User about such changes.