Privacy policy

Page Content

1. General Provisions

1.1. This privacy policy governs the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by GUP-Tuning OÜ (hereinafter “data controller”).

1.2. A data subject is a client or any other individual whose personal data is processed by the data controller.

1.3. A client is any individual who purchases goods or services via the data controller’s website.

1.4. The data controller complies with applicable laws, processes personal data lawfully, fairly, and securely, and can confirm that personal data is processed in accordance with legal requirements.

 

2. Collection, Processing, and Storage of Personal Data

2.1. Personal data is collected and processed mainly electronically via the website and email.

2.2. By sharing personal data, the data subject authorizes the data controller to collect, organize, use, and manage the data for the purposes defined in this privacy policy.

2.3. The data subject is responsible for providing accurate and correct data. Deliberate submission of false data is considered a violation of the privacy policy. Changes must be reported immediately to the data controller.

2.4. The data controller is not liable for any damages caused by the submission of false data by the data subject.

 

3. Processing of Client Data

3.1. The following personal data may be processed:

  • First and last name

  • Phone number

  • Email address

  • Delivery address

  • Bank account number

  • Payment card details

  • Company name

  • Company VAT number

  • Company address

3.2. Additionally, the data controller may collect publicly available information from registries.

3.3. Legal basis for processing (GDPR Article 6(1)(a, b, c, f)):

  • a) consent of the data subject;

  • b) processing necessary for performance of a contract;

  • c) processing required to comply with a legal obligation;

  • f) processing necessary for legitimate interests, except when overridden by the rights of the data subject.

3.4. Processing purposes and retention period:

  • Security – statutory period

  • Order processing – 3 years

  • E-shop operation – 3 years

  • Client management – 3 years

  • Financial operations, accounting – statutory period

  • Marketing – 3 years

3.5. Data may be shared with authorized processors, accountants, transport and courier companies, and payment service providers (Montonio Finance OÜ).

3.6. The data controller applies organizational and technical measures to protect data against accidental or unlawful destruction, alteration, or disclosure.

3.7. Data is retained according to the processing purpose, but no longer than 3 years.

 

4. Data Subject Rights

  • Right to access and review personal data

  • Right to information about data processing

  • Right to correct inaccurate data

  • Right to withdraw consent at any time

  • Rights can be exercised via info@gup-tuning.ee

  • Right to lodge a complaint with the Data Protection Inspectorate

 

5. Final Provisions

  • 5.1. This privacy policy is in accordance with GDPR (EU 2016/679), Estonian Personal Data Protection Act, and relevant Estonian and EU legislation.

  • 5.2. The data controller may amend the privacy policy, notifying data subjects via www.gup-tuning.ee.