Privacy policy
1. General Provisions
1.1. This privacy policy governs the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by GUP-Tuning OÜ (hereinafter “data controller”).
1.2. A data subject is a client or any other individual whose personal data is processed by the data controller.
1.3. A client is any individual who purchases goods or services via the data controller’s website.
1.4. The data controller complies with applicable laws, processes personal data lawfully, fairly, and securely, and can confirm that personal data is processed in accordance with legal requirements.
2. Collection, Processing, and Storage of Personal Data
2.1. Personal data is collected and processed mainly electronically via the website and email.
2.2. By sharing personal data, the data subject authorizes the data controller to collect, organize, use, and manage the data for the purposes defined in this privacy policy.
2.3. The data subject is responsible for providing accurate and correct data. Deliberate submission of false data is considered a violation of the privacy policy. Changes must be reported immediately to the data controller.
2.4. The data controller is not liable for any damages caused by the submission of false data by the data subject.
3. Processing of Client Data
3.1. The following personal data may be processed:
First and last name
Phone number
Email address
Delivery address
Bank account number
Payment card details
Company name
Company VAT number
Company address
3.2. Additionally, the data controller may collect publicly available information from registries.
3.3. Legal basis for processing (GDPR Article 6(1)(a, b, c, f)):
a) consent of the data subject;
b) processing necessary for performance of a contract;
c) processing required to comply with a legal obligation;
f) processing necessary for legitimate interests, except when overridden by the rights of the data subject.
3.4. Processing purposes and retention period:
Security – statutory period
Order processing – 3 years
E-shop operation – 3 years
Client management – 3 years
Financial operations, accounting – statutory period
Marketing – 3 years
3.5. Data may be shared with authorized processors, accountants, transport and courier companies, and payment service providers (Montonio Finance OÜ).
3.6. The data controller applies organizational and technical measures to protect data against accidental or unlawful destruction, alteration, or disclosure.
3.7. Data is retained according to the processing purpose, but no longer than 3 years.
4. Data Subject Rights
Right to access and review personal data
Right to information about data processing
Right to correct inaccurate data
Right to withdraw consent at any time
Rights can be exercised via info@gup-tuning.ee
Right to lodge a complaint with the Data Protection Inspectorate
5. Final Provisions
5.1. This privacy policy is in accordance with GDPR (EU 2016/679), Estonian Personal Data Protection Act, and relevant Estonian and EU legislation.
5.2. The data controller may amend the privacy policy, notifying data subjects via www.gup-tuning.ee.