1. general provisions

1.1 This privacy policy regulates the principles of collection, processing and storage of personal data. Personal data is collected, processed and stored by the data controller dexline.ee (hereinafter referred to as "data processor").

1.2 In the context of this privacy policy, the data subject is the customer or any other natural person whose personal data is processed by the data processor.

1.3 For the purposes of this privacy policy, a customer is any person who purchases goods or services from a data processor's website.

1.4 The Data Processor adheres to the principles of data processing required by law, including processing personal data lawfully, fairly and securely. The Data Processor can confirm that personal data has been processed in accordance with the legal requirements.

2. Collection, processing and storage of personal data

2.1 The personal data that the data processor collects, processes and stores is collected electronically, mainly via website and email.

2.2 By sharing their personal data, the data subject grants the data processor the right to collect, organize, use and manage personal data for the purposes defined in the privacy policy that the data subject directly or indirectly provides to the data processor when purchasing goods or services on the website.

2.3 It is the Data Subject's responsibility to ensure that the data they provide is accurate, correct and complete. Providing false information is considered a breach of the privacy policy. The data subject is obliged to notify the data processor immediately of any changes to the information provided.

2.4 The Data Processor shall not be liable for any damage caused to the Data Subject or third parties as a result of false information provided by the Data Subject.

3. processing of client's personal data

3.1 The Data Controller may process the following personal data of the Data Subject:

3.1.1 First and Last Name;

3.1.2 Date of Birth;

3.1.3 Telephone number;

3.1.4. e-mail address;

3.1.5 Delivery Address;

3.1.6 Current account number;

3.1.7. Details of the payment card;

3.2 In addition to the above, the data controller has the right to collect customer data that is available in public registers.

3.3 The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation:

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(b) the processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of acts requested by the data subject prior to entering into the contract;

(c) the processing is necessary for the fulfillment of a legal obligation to which the data controller is subject;

f) the processing of personal data is necessary for the protection of legitimate interests pursued by the controller in charge or a third party, unless such interests overlap with the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, especially if the data subject is a child.

3.4 Processing of personal data in accordance with the purpose of processing:

3.4.1 Purpose of processing - security and protection Maximum retention period of personal data - according to the terms specified in the legislation

3.4.2 Purpose of processing - order processing Maximum storage period of personal data - 12 months

3.4.3 Purpose of processing - customer management Maximum storage period of personal data - 12 months

3.4.5 Purpose of processing - financial activity, accounting. Maximum period of personal data storage - in accordance with the established time limits in the legislation.

3.4.6 The purpose of processing - marketing. The maximum storage period of personal data is 24 months.

3.5 The Processor has the right to transfer personal data of customers to third parties, such as authorized data processors, accountants, freight forwarding companies and translation service providers. The Processor is the responsible controller of personal data.

3.6 When processing and storing personal data of data subjects, the processor implements organizational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

3.7 The Processor retains the data of the Data Subjects depending on the purpose of the processing, but not longer than 5 years.

Rights of data subjects
4.1 The Data Subject has the right to access and view their personal data.

4.2 The Data Subject has the right to receive information about the processing of his/her personal data.

4.3 The Data Subject has the right to have inaccurate data supplemented or corrected.

4.4 If the processor processes the data subject's personal data on the basis of their consent, the data subject has the right to withdraw their consent at any time.

4.5 The Data Subject may contact the e-shop customer service at the following address info@dexline.ee to exercise their rights.

4.6 The Data Subject has the right to lodge a complaint with the Data Protection Inspectorate for the protection of his/her rights.

Final Provisions:
5.1 These data protection conditions have been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, as well as repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and the laws and regulations of the European Union and the Republic of Estonia.

5.2 The Data Controller has the right to partially or completely change the conditions of data protection by informing data subjects of the changes via the website dexline.ee. Our company is the supervisory authority for personal data.