top of page

Privacy Policy

Our Privacy Policy outlines how Nordic Vitality OÜ (referred to as Nordic Vitality/we/us) handles personal data. We are committed to processing personal data in a transparent manner. It is important to read and understand this Privacy Policy as it provides crucial information about how your personal data is processed. This Privacy Policy is applicable to the processing of personal data related to our Website and the provision of our Service.

 

If you have any further questions or require additional information about our Privacy Policy, please feel free to reach out to us. The Privacy Policy covers the following key areas:

 

- Definitions

- General information and contact details

- Principles of personal data processing

- General purposes, legal grounds, and activities of processing

- Composition and collection of personal data

- Transfer and authorized processing of personal data

- Rights of the data subject and how to exercise them

- Storage and security measures for processing personal data

- Use of cookies and other web technologies

 

  1. Definitions

 

1.1  Personal data protection terms have the same meaning as outlined in the General Data Protection Regulation (GDPR).

1.2 Data Subject/you refers to an individual for whom we possess information that can be used to identify them

1.3 Customer includes any individual or entity that has purchased or shown interest in purchasing our products and/or services.

1.4 A Visitor is someone who accesses the Website. 

1.5 Cookies are data files stored on the Visitor's device based on their preferences. 

1.6 The Contract refers to any agreement, including the sale of products or services, between us and the Customer, along with terms and conditions. 

1.7 The Privacy Policy outlines how Nordic Vitality processes personal data. 

1.8 The Service includes all products and services provided by Nordic Vitality. 

1.9 The Website primarily refers to Nordic Vitality's website and social media pages. 

 

  1. General Information

 

2.1 Under gerneral information you can find details on the data controller for personal data, how to reach us, and when the Privacy Policy is applicable. 

 

2.2 About Nordic Vitality. Controller of your data is Nordic Vitality OÜ (registry code 16867505, address Möldre tee 33a, Tallinn, Estonia), wo is responsible for producing and selling ice- and japanese baths. 

 

2.3 Contacts. Please reach out to us regarding personal data matters by e-mail at support@nordic-vitality.com.

 

2.4 Understanding Our Privacy Policy. Our Privacy Policy governs the processing of personal data carried out by us. We reserve the right to make changes to this Policy at our discretion. Any significant modifications will be communicated to users through our Website or other means.

2.5 Roles as Data Controllers. We act as controllers of personal data when delivering our Service. 

 

2.5 Regulatory Oversight. The Estonian Data Protection Inspectorate serves as our supervisory authority.

 

2.6 External Links and Apps. Please be aware that links on our Website (including social media platforms) may direct you to content governed by the privacy policies of the respective service providers, not our Privacy Policy. We are not accountable for the content of these external websites. The processing of your personal data on social media platforms is subject to the privacy terms of those platforms.

 

3. Principles

The following principles guide our processing of personal data: 

 

3.1 Compliance and purpose: Our goal is to handle personal data responsibly and in line with set purposes and regulations. 

 

3.2 Lawfulness, fairness, transparency, purposefulness, minimisation, accuracy, storage limitation, integrity, confidentiality, and data protection by default and by design are the core principles that underpin all our processes, guidelines, actions, and activities related to personal data processing.

 

4. GENERAL PURPOSES, GROUNDS, AND ACTIVITIES OF PROCESSING

In this section, you will find details regarding the reasons and legal basis for processing your personal information.

 

4.1 Our primary goal is to provide our valued Customers with high-quality products and associated products, all while delivering exceptional customer service. To achieve this, we rely on the following legal grounds for processing personal data:

 

4.2 Consent: We only process personal data with your explicit consent, given freely, specifically, and with full knowledge of the purposes for which the data will be used. This consent can be provided by ticking a box on our website or through other clear actions, such as sending inquiries or booking consultations.

 

4.3 Contractual Obligations: When entering into or fulfilling a contract with you, we may process personal data for various purposes. This includes 

  1. fulfilling necessary requirements or fulfilling any requests made by the data subject. 

  2. Additionally, it is important to confirm the identity of the customer to ensure smooth contract execution. 

  3. Once the contract is in place, it is crucial to fulfill all obligations towards the customer, such as providing service and product information, and delivering goods if needed.

  4. Communication with the customer is also key, whether it be sending updates on contract progress or providing information about the service being offered.

 

4.4 Legal Obligations: We process personal data to comply with legal requirements as mandated by law.

 

4.5 Legitimate Interests: We may process personal data based on our legitimate interests in managing our business effectively and providing top-notch services. Before relying on legitimate interests, we assess the impact on your rights and interests. You have the right to access these assessments regarding the processing of your personal data under legitimate interests.

 

You always have the option to withdraw your consent at any time.

 

We collect personal data based on our legitimate interest for various purposes: 

1. Managing and analyzing customer information and service data to enhance service quality, utilizing CRM and analytics tools

2. Developing our services and website

3. Improving customer experience and providing high-quality service by monitoring service usage, analyzing data, and collecting customer statistics

4. Organizing personalized campaigns and promotions

5. Sending offers and information to customers or potential clients who have shown interest in similar products, allowing easy opt-out options

6. Conducting satisfaction surveys and measuring marketing effectiveness

7. Recording messages and orders for verification purposes

8. Implementing technical and cyber security measures to protect against piracy and ensure website security

9. Processing personal data for organizational purposes, internal management, and sharing data within our group companies

10. Establishing, exercising, or defending legal claims, including assigning claims to collection service providers

11. Respecting customer preferences regarding information communication

12. Protecting the health, property, and safety of employees and customers by using surveillance cameras for security purposes.

 

4.6 We carefully evaluate the permissibility of processing personal data for new purposes not originally collected or consented by the data subject. To determine if processing personal data for a new purpose aligns with the original purpose of collection, we will consider several factors: 

  1. The connection between the reasons for gathering personal data and the reasons for additional processing should be considered

  2. The circumstances under which personal data is collected, especially in relation to the relationship between the individual and the organization, should be taken into account

  3. The type of personal data being processed, particularly if it includes sensitive categories or information related to criminal history, should be noted

  4. The potential impact of further processing on individuals should be evaluated

  5. The presence of suitable measures to protect data, such as encryption or pseudonymization, should be ensured.


 

5. Gathering personal data- Our process of gathering and organizing personal information is detailed here. This includes a description of the types of personal data we collect, the individuals from whom we collect this information, and the methods by which we obtain it.

 

5.1 Collection of data. 

a) Information provided by individuals, such as when they provide their name, contact

details, email address, and product information to order a service; 

b) Details exchanged during regular communication between us and individuals, like

conversations related to the service; 

c) Information collected based on the use of the service; 

d) Data gathered from visits to and interaction with the website;

e) Data shared with us through contact forms or other means by individuals; 

f) Information received from third parties; 

g) Data created and compiled by us, like communication logs in the context of customer relationships or order history records.

 

5.2 Categories of Data Subjects- Nordic Vitality typically handles data from various categories of individuals. These include customers (who are natural persons), representatives of customers and cooperation partners who are also natural persons, our employees, (potential) customers, and visitors.

 

5.3 Processing data- We gather a variety of personal data in relation to our Service and Website, including but not limited to: name, contact information (such as email address and phone number), date of birth, address, business location, Customer/Data Subject's area of activity, representatives, contact persons, bank account details, payment and invoice details, information on how our systems are used (Website, showroom), customer type (business, private, architect/designer), type of inquiry, data related to interest in our Service and its usage, data related to Contract performance, and other information related to the offer and consumption of our Service and activities. This data may be collected through chats, forms, emails, and other means.

 

5.4 Protection of Children's Personal Data. Nordic Vitality does not intentionally collect personal data of children.

 

6. Transfer and Authorized Processing of Personal Data. This section covers the transfer and authorized processing of personal data.

 

6.1 Cooperation with Partners. We may share data, including personal information, of Data Subjects with our partners for relevant collaborations. When sharing personal data with third parties, we adhere to data protection regulations.

 

6.2 Utilization of Processors. These external parties may consist of individuals within the same organization as us, distributors of our products and services, shipping companies, business partners, financial service providers, marketing and advertising collaborators, payment processors, customer feedback agencies, debt recovery agencies, consultants, credit bureaus, IT partners, and other technical service providers (such as server management and technical support), as long as: 

a) the intended purpose and handling of data are lawful; 

b) personal information is processed in accordance with the controller's instructions and under a valid agreement.

 

6.3 Other Transfers. We may share your personal data with third parties if you provide consent, there's a legal obligation, or if it's necessary to protect your vital interests.

 

6.4 Data Transfers. Our standard practice is to keep personal data within the European Economic Area (EEA). However, in cases where we need to transfer personal data outside the EEA, we ensure that it is done in accordance with data protection regulations. This includes ensuring that the country receiving the data provides an adequate level of protection, as determined by the European Commission. If no such decision has been made, we implement appropriate safeguards such as binding corporate rules or EU standard data protection clauses.

 

7. Rights of the Data Subject and How to Exercise Them

 

7.1 Consent Rights: The Data Subject can withdraw their consent for the processing of their personal data at any time. This withdrawal does not affect any processing that occurred before the consent was withdrawn. To exercise this right, individuals can unsubscribe from emails or contact us at support@nordic-vitality.com

 

7.2 Rights of the Individual whose Data is Collected. The individual whose data is collected has certain rights, provided that the conditions outlined in the GDPR are met: 

  1. Right to Information: The individual has the right to receive information about the personal data that has been collected about them. 

  2.  Right to Access and Obtain a Copy of Data: The individual has the right to access and obtain a copy of the personal data that has been processed.

  3. Right to Rectification of Incorrect Personal Data: The individual can correct any inaccurate data by contacting us using the contact information provided above.

  4. Right to Erasure: In certain situations, the individual has the right to request the erasure of personal data, particularly when the data is processed based solely on consent.

  5. Right to Restrict Processing of Personal Data: This right applies when the processing of personal data is not allowed by law, or when the individual contests the accuracy of the data.

  6. Right to Data Portability: In specific circumstances, the individual has the right to receive their data in a machine-readable format or request that the data be transferred to another controller in a machine-readable format.

  7. Rights Regarding Automated Processing and Profiling: The individual has the right to object to automated decisions or profiling based on their personal data, and can request human intervention. They can also ask for an explanation of the logic behind automated decisions.

 

  1. Right to Request an Assessment by a Supervisory Authority: The individual can request an assessment by a supervisory authority to determine if the processing of their personal data is lawful.

  2. Right to Compensation for Damages: If the processing of personal data has caused damages to the individual, they have the right to seek compensation.

 

7.3 Rights of Participation. If there are any concerns, inquiries, or grievances about the handling of personal information, individuals have the option to reach out to us using the contact information specified in Section 2. 

 

7.4 Lodging Complaints: 

a) Individuals have the right to submit their complaints to us, the Data Protection Inspectorate, or the judiciary. 

b) The contact information for the Data Protection Inspectorate (DPI) is available on the DPI’s official website at https://www.aki.ee/en/contacts.

 

8. STORAGE AND SECURITY OF PROCESSING PERSONAL DATA

In this section, we will outline how we safeguard your personal information and the duration for which we retain it. 

 

8.1 Storage: We only retain personal data for as long as it is necessary for processing purposes. Typically, this includes the duration of the contract plus an additional three years to protect against any potential claims. Certain data is stored in compliance with legal requirements, such as accounting data which is kept for seven years. Once the storage period for personal data has expired, it is either securely destroyed or anonymized. Our data storage practices align with the purpose of processing, limitation periods for potential claims, and legal storage requirements. 

 

8.2 Security Measures: To ensure the security and confidentiality of personal data, we have implemented guidelines and procedures that incorporate both organizational and technical measures. Some of the steps we take to maintain security include: 

a) Granting employees access to personal data only when necessary for their job duties and with appropriate permissions and rights. 

b) Ensuring that any third-party processors only handle personal data as required for the services outlined in the contract. 

c) Utilizing software solutions that meet industry standards for security to protect data.

 

8.3 Data Breaches. Should any mishap occur involving personal data, we strive to minimize the impact and prevent similar risks from arising in the future.

 

9. COOKIES AND OTHER WEB TECHNOLOGIES

In this section, you will find details about the Cookies and other web technologies we utilize on our website, as well as where you can find more comprehensive information about how these technologies are used.

 

9.1 We gather data about our website visitors and users of other online services (such as social media platforms) as well as our customers through the use of Cookies and similar technologies. Cookies are small pieces of information stored on a visitor's computer or device by their web browser, and we process data such as IP addresses, device information, and location information.

 

9.2 The data we collect is used to tailor our services to the preferences of the individual, provide the best possible service quality, inform visitors and customers about relevant content, offer personalized recommendations, enhance the relevance of advertisements, improve our marketing strategies, simplify the login process, and secure data. Additionally, we use this data to track the number of users and analyze their browsing habits.

 

9.3 We utilize both session Cookies, which are automatically deleted after each visit, and persistent Cookies, which remain on the user's device for future visits. 

 

9.4 Our website may also feature third-party Cookies, for which our partners are responsible for data processing.

 

9.5 We utilize various types of Cookies on our Website. 

 

9.5.1 Necessary Cookies are essential for navigating the site and utilizing its features. These Cookies enable functions such as logging in, using the shopping basket, distinguishing between bots and real users, and ensuring security. Without Necessary Cookies, the Website may not function correctly and the service provided may be compromised. These Cookies are always enabled as they are crucial for the operation of the Website and the provision of our services.

 

9.5.2 Cookies for personal preferences are used to remember the choices made by the user, such as font size or personalized display settings, as well as important attributes like language and location. These cookies enhance the user experience by providing a more tailored and convenient browsing experience on the website. While they are separate from essential cookies, preference cookies are necessary for ensuring that users receive a personalized solution. The data stored in these cookies varies depending on the specific cookie, but generally includes technical information about the device and the user's selected preferences and attributes.

 

9.5.3 Cookies known as Functional/Statistics/Analytics Cookies gather data on how users interact with the Website, such as the most visited subpages and any error messages encountered. These Cookies do not typically contain personal information. Their purpose is to enhance the functionality of the Website and improve the Services provided.

 

9.5.4 Marketing and personalized analytics cookies are cookies utilized to enhance marketing strategies and/or to showcase personalized advertisements. These cookies could potentially be sourced from third-party providers.

 

9.6 Visitors to the website are required to give their consent for the use of cookies, either on the website itself or through their web browser. This consent is typically given through the settings of the web browser. Most web browsers are set up to accept cookies automatically. However, if a visitor chooses to disable cookies, certain functions of the website may not be available to them. Visitors have the option to enable or disable cookies and other similar technologies through the settings of their web browser or through the cookie solution provided on our website. The data subject can customize their cookie preferences by type, excluding necessary cookies which are enabled by default.

 

9.7 For further details on Cookies and the utilization of similar technologies, you can explore additional information on our Website via the dedicated Cookie tool.

 

The most recent updates and enforcement of the Privacy Policy:

27th of March 2024

bottom of page