_edited.png)
Store Policy
Customer Care
The Privacy Policy governs how Nordic Vitality OÜ (hereinafter Nordic Vitality/we/us) process personal data. We always aim to process personal data in a transparent way. Please read this Privacy Policy as it contains important information about the processing of your personal data.
This Privacy Policy applies to processing in connection to our Website and to our processing of personal data when offering our Service.
If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us. The Privacy Policy provides an overview of the following:
-
Definitions
-
General information and contact details
-
Principles of personal data processing
-
General purposes, grounds for, and activities of processing
-
Composition and collection of personal data
-
Transfer and authorised processing of personal data
-
Rights of the data subject and exercise of rights
-
Storage and security of processing personal data
-
Cookies and other web technologies
1. DEFINITIONS
Definitions are terms often used in the Privacy Policy. Definitions are defined in this Section of the Privacy Policy or in the text of the Privacy Policy.
1.1 Personal data protection terms have the same meaning as defined here or in the General Data Protection Regulation (2016/679) (“GDPR”).
1.2 Data Subject/you means a natural person regarding whom we have information or information that can be used to identify a natural person.
1.3 Customer means any natural or legal person who has purchased or expressed their desire to purchase our products and/or services.
1.4 Visitor means a person who visits the Website.
1.5 Cookies mean data files stored in the Visitor’s device on the Website according to the selection made.
1.6 Contract means a contract of sale of products or services or another contract entered into between us and the Customer, incl. standard terms and conditions and other applicable procedures and policies.
1.7 Privacy Policy means this text, which sets out Nordic Vitality's principles of personal data processing.
1.8 Service means the services and products offered by Nordic Vitality.
1.9 Website foremost means Nordic Vitality's website https://nordic-vitality.com and all its subdomains as well as our social media pages.
2. GENERAL INFORMATION AND CONTACT DETAILS
Under general information, you will find information about who is the data controller regarding your personal data, how to contact us, and when does the Privacy Policy apply.
2.1 About Us. Controller of your personal data is Nordic Vitality OÜ (registry code 16867505, address Moldre tee 33a, Tallinn 10915, Estonia) – a company engaged in the production and sale of quality cold plunges.
2.2 Contacts. You can contact us in matters related to personal data by e-mail at support@nordic-vitality.com.
2.3 About the Privacy Policy. The Privacy Policy applies to personal data processing done by us. We have the right to unilaterally amend this Privacy Policy. We will notify the data subject of all important material changes on the Website or otherwise.
2.4 About the Controller-Processor Statuses. We are controllers of personal data when providing our Service.
2.5 Lead Supervisory Authority. Our supervisory authority is Estonian Data Protection Inspectorate.
2.6 Other Links/Apps etc. Please note that the links on our Website (incl. social media) may lead to media that is governed by privacy terms of the respective service providers’, and not by this Privacy Policy. We are not responsible for anything on those other websites. Processing of your personal data on social media channels by those platforms is done according to the privacy terms of those platforms.
3. PRINCIPLES
Here you will find the key principles that we are always guided by when processing your personal data.
3.1 Compliance and aim. Our aim is to process personal data in a responsible manner where we are able to demonstrate the compliance of personal data processing with the purposes set and the applicable regulations.
3.2 The principles. All our processes, guidelines, actions, and activities related to personal data processing are based on the following principles: lawfulness, fairness, transparency, purposefulness, minimisation, accuracy, storage limitation, integrity, confidentiality, and data protection by default and by design
4. GENERAL PURPOSES, GROUNDS FOR, AND ACTIVITIES OF PROCESSING
Here you will find information about the purposes and grounds for processing your personal data.
4.1 Our main aim is to offer our Customers high-quality cold plunges and related products with pleasant customer service.
We use the following grounds as grounds for personal data processing:
4.2 Consent. Based on consent, we process personal data precisely within the limits, to the extent and for the purposes for which the Data Subject has given us their consent. The Data Subject’s consent to us shall be freely given, specific, informed, and unambiguous, for example, by ticking the box on the Website. Consent may also be expressed by a clear act, for example, the Data Subject can, at their own discretion, send inquiries through the inquiry forms on our Website or book a consultation, in which case we process their data to respond to them and offer them our Service. As a Data Subjects you always have the right to withdraw your consent.
4.3 Entry Into and Performance of a Contract. Upon entering into and performing a Contract, we may process personal data for the following purposes:
(1) taking steps prior to entering into a Contract, which are necessary for entering into a Contract or which the Data Subject requests;
(2) identifying the Customer to the extent necessary for entering into and performing a Contract;
(3) performing the obligations assumed to the Customer with regard to the provision of our Service, incl. product information, delivery information if necessary, etc.;
(4) communicating with the Customer, incl. sending information and reminders about the performance of the Contract or about Service.
4.4 Legal Obligation. We process personal data to comply with a legal obligation in accordance with and to the extent provided by law.
4.5 Legitimate Interest. Legitimate interest means our interest in managing or directing our company and enabling us to offer the best possible Service on the market. In case we are using legitimate interest, we have previously assessed your and our interests. You have the right to view conducted assessments that are about processing your personal data under the legitimate interest. We may process your personal data on the basis of legitimate interest for the following purposes:
(1) managing and analysing a Customer database and Service (if not covered with the Contract) to improve the availability, functions and quality of Service, e.g., using a CRM or analytics solutions to enable the foregoing;
(2) development of our Service and Website;
(3) ensuring a better Customer experience, to provide higher quality Service; we may monitor the usage of our Service and Website, analyse identifiers and personal data collected when our Website, Service, our social media pages and other sales channels are used, and we may collect statistics about Customers and Visitors;
(4) organizing campaigns, incl. organising personalised and targeted campaigns. The terms and conditions of campaigns are set out separately;
(5) sending offers/information to the Customer or potential client if the respective person has previously purchased or shown interest in a similar product (e.g., after showroom usage), and if such processing is allowed in respective jurisdiction. In this case, the person is always guaranteed to have a simple opportunity to resign from the communication, and we have considered our and the (potential) Customers interests;
(6) conducting satisfaction surveys and measuring the effectiveness of marketing activities performed;
(7) making recordings and logging; we may record messages and orders given both in our premises and using means of communication (e-mail, phone etc.) as well as information and other activities we have performed. If necessary, we use these recordings to prove orders or other activities;
(8) technical and cyber security reasons, for example measures for combating piracy and ensuring the security of the Website as well as for making and storing back-up copies and preventing/repairing technical issues;
(9) processing for organisational purposes, foremost for management and processing of personal data for internal management purposes (but also audits and other potential supervision), including for processing the personal data of clients or employees, and disclosure of personal data within our group companies (subsidiaries, affiliates);
(10) establishing, exercising or defending legal claims, incl. assigning claims to, for example, collection service providers, or using legal advisors;
(11) If you have given us information about not sending you a certain type of information – retaining the information about such prohibition
(12) protecting our health and property and the health and property of our employees and Customers, for example, we may use cameras that may also record sound to ensure safety and security on our territory.
4.6 New Purpose. Where personal data is processed for a new purpose other than that for which the personal data are originally collected or it is not based on the Data Subject’s consent, we carefully assess the permissibility of such new processing. We will, in order to ascertain whether processing for a new purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia:
(1) any link between the purposes for which the personal data are collected and the purposes of the intended further processing;
(2) the context in which the personal data are collected, in particular regarding the relationship between the Data Subject and us;
(3) the nature of the personal data, in particular whether special categories of personal data are processed or whether personal data related to criminal convictions and offences are processed;
(4) the possible consequences of the intended further processing for Data Subjects;
(5) the existence of appropriate safeguards, which may include encryption or pseudonymisation.
5. COMPOSITION AND COLLECTION OF PERSONAL DATA
Here you will find information about whose personal data and which personal data we collect and how we collect personal data.
5.1 Collection of Personal Data. We collect the following types of personal data:
(1) Personal data disclosed to us by the Data Subject (e.g., data submitted for the purpose of ordering Service – name, contact details, e-mail address, product information);
(2) Personal data resulting from standard communication between us and the Data Subject (e.g., correspondence regarding the Service);
(3) Personal data resulting from the consumption of Service;
(4) Personal data resulting from visiting and using the Website;
(5) Data transmitted to us by the data subject e.g., via contact forms;
(6) Personal data obtained from third parties;
(7) Personal data generated and combined by us (e.g., correspondence within the context of customer relationship or list of order history).
5.2 Categories of Data Subjects. Nordic Vitality generally processes the data of the following Data Subjects: Customers (natural persons), representatives of Customers and cooperation partners who are natural persons, our employees, (potential) customers and Visitors.
5.3 Processed Personal Data. Specifically, we collect/may collect, inter alia, the following personal data in connection with the Service and the Website: name, contact details (e-mail address, phone number), date of birth, address/seat, place of business, area of activity of the Customer/Data Subject, representative(s), contact persons, bank account number, payment/invoice information, information about using our systems (Website, showroom), type of customer (business, private, architect/designer), type of inquiry, data concerning interest in Service and use thereof, data concerning the performance of the Contract, and other data concerning the offer/consumption of Service and our activities e.g., personal data in chats, forms, email etc.
5.4 No Personal Data of Children. Nordic Vitality does not knowingly collect the data of children.
6. TRANSFER AND AUTHORISED PROCESSING OF PERSONAL DATA
Here you will find information about the transfer and authorised processing of personal data.
6.1 Usage of Co-operation Partners. We cooperate with persons to whom we may transmit data, including personal data, concerning the Data Subjects within the context and for the purpose of the relevant cooperation. When transferring personal data to third parties (generally our cooperation partners), we comply with the applicable data protection requirements.
6.2 Usage of Processors. Such third parties may include, inter alia, persons in the same group as us, distributors of our Services, logistics companies, supply partners, factoring providers, advertising and marketing partners, payment service providers, customer satisfaction survey companies, debt collection service providers, advisers, credit registers, ICT partners, i.e., service providers for various technical services (e.g., server room, showroom technical solution), provided that:
(1) the respective purpose and processing are lawful;
(2) personal data is processed pursuant to the instructions of the controller and on the basis of a valid contract.
6.3 In other cases, we transmit your personal data to third parties provided that we have your consent, a legal obligation, or there is an exception in the event that the transfer is necessary to protect your vital interests.
6.4 Transfers. As a general rule, we do not transmit personal data outside the European Economic Area (EEA). If we transfer personal data outside the EEA, we do so in compliance with the requirements of data protection regulations, e.g., where the European Commission has decided that there is an adequate level of protection in the respective country or, in the absence of such a decision, we have adopted appropriate safeguards (e.g., binding intragroup rules or EU standard data protection clauses).
7. RIGHTS OF THE DATA SUBJECT AND EXERCISE OF RIGHTS
7.1 Rights Concerning Consent:
(1) The Data Subject has the right to notify us at any time of their intention to withdraw their consent to the processing of their personal data. Withdrawal of the consent does not affect the lawfulness of prior processing.
(2) You can exercise your rights concerning consent, for example by unsubscribing from messages in the footer of the respective e-mail or by contacting us at the address info@nordic-vitality.com;
7.2 Data Subject’s Rights. The Data Subject has the following rights, provided that the prerequisites set out in the GDPR are met:
(1) Right to receive information, i.e., the Data Subject has the right to receive information with regard to the personal data collected about them.
(2) Right to access and for copy data, i.e., the right of the Data Subject to have access and a copy of the personal data processed.
(3) Right to rectification of inaccurate personal data. The Data Subject can rectify incorrect data by contacting us using the contact details provided above.
(4) Right to erasure, i.e., in certain cases, the Data Subject has the right to obtain the erasure of personal data, for example where data is processed solely on the basis of consent.
(5) Right to restriction of processing personal data. This right arises, inter alia, where the processing of personal data is not permitted by law or temporarily when the Data Subject contests the accuracy of personal data.
(6) Right to data portability, i.e., in certain circumstances, the Data Subject acquires the right to receive their data in a machine-readable format or to require the transmission of the data to another controller in a machine-readable format.
(7) Rights related to automated processing and profiling mean that the Data Subject, on grounds relating to their particular situation, has the right to object at any time to the processing of personal data concerning them based on automated decisions/profiling and to require human intervention. The Data Subject may also require an explanation regarding the logic of making an automated decision. Automated processing/profiling may also be partially based on data collected from public sources. For avoidance of doubt, we do not use automated processing or profiling that has a significant effect on the Data Subject or their rights.
(8) Right to an assessment by a supervisory authority as to whether the processing of the personal data of the Data Subject is lawful.
(9) Right to compensation for damages where the processing of personal data has caused damages to the Data Subject.
7.3 Exercise of Rights. In the event of a question, request, or complaint regarding the processing of personal data, the Data Subject has the right to contact us using the contact details provided in Section 2.
7.4 Filing Complaints:
(1) The Data Subject has the right to file their complaint with us, the Data Protection Inspectorate, or the court.
(2) Contact details of the Data Protection Inspectorate (DPI) can be found on the DPI’s website at https://www.aki.ee/en/contacts.
8. STORAGE AND SECURITY OF PROCESSING PERSONAL DATA
Here you will find a description of how we protect your personal data and for how long we store personal data.
8.1 Storage. We store personal data only for the period necessary for the purpose of processing. As a rule, for the duration of the period of validity of the Contract + three years to protect against any potential claims. Some data is stored based on requirements of the applicable law e.g., accounting data 7 years. Personal data which storage period has expired are destroyed or made anonymous. When storing personal data, we comply with the purpose of processing, limitation periods for potential claims in the event of filing claims, and storage periods provided for in the law.
8.2 Security Measures. We have established guidelines and rules of procedure on how to ensure the security of personal data through the use of both organisational and technical measures. Among others, we do the following to ensure security and confidentiality:
(1) we provide our employees with access to personal data only where this is necessary for the performance of their duties and where the respective permission has been requested and rights have been granted;
(2) a processor may process the personal data transferred to them only for the purpose and to the extent necessary for providing the services set out in the contract;
(3) we use software solutions that help ensure a level of security that meets the market standard.
8.3 Incidents. In the event of any incident involving personal data, we do our best to mitigate the consequences and alleviate the relevant risks in the future.
9. COOKIES AND OTHER WEB TECHNOLOGIES
Here you will find information about which Cookies or other technologies we use and where more detailed information about the respective processing can be found.
9.1 We may collect data about the Visitors of the Website and other information society services (e.g. social media users) as well as the Customers by using Cookies (i.e. small fragments of information stored in the hard drive of the Visitor’s computer or another device by the Visitor’s browser) or other similar technologies and process such data (e.g. IP address, device information, location information).
9.2 We use the collected data to enable the consumption of Service in accordance with the habits of the Data Subject, to ensure the best quality of Service, to inform the Visitor and Customer of the content and give recommendations, to make the advertisements more relevant and our marketing efforts more effective, to simplify logging in and protecting data. Collected data is also used to count Data Subjects and record their usage habits.
9.3 We use session and persistent Cookies. Session Cookies are deleted automatically after each visit, while persistent Cookies are retained when the Website is used repeatedly.
9.4 Our Website may contain third party Cookies regarding which our cooperation partners are the controllers.
9.5 We use the following types of Cookies:
9.5.1 Necessary Cookies are required to use the Website – to navigate the page and use its functions e.g., necessary Cookies enable logging into the Website, shopping basket functions, distinguishing bots from people, and ensure other security functions. Without these Cookies, the Website cannot function properly and the provision of service may be hindered. Because necessary Cookies are essential for the operation of the Website and for the provision of Nordic Vitality's Service, these Cookies are always enabled.
9.5.2 Preference Cookies – these Cookies store the Data Subject’s selections (such as font size, other personalised website display features) and attributes (such as user name, language, or country of location of the Visitor) in order to offer a more personalised and convenient use of the Website. Preference Cookies, although separate from necessary Cookies, are necessary for the Visitors to ensure that an appropriate personalised solution is displayed. The data stored depends on a specific Cookie. In general, we collect technical data about the device and store the selections made by the Data Subject (e.g. font size, other editable properties of the Website) and their attributes (e.g. language, country of location).
9.5.3 Functional/statistics/analytics Cookies are Cookies that collect information about how Data Subjects use the Website, for example which subpages are visited most frequently and which error messages occurred. These Cookies generally do not collect information that can identify the person. These are used to improve the operation of the Website and Service offers.
9.5.4 Marketing and personalised analytics Cookies are Cookies used for optimising marketing activities and/or for displaying personalised advertising. These Cookies may be third party Cookies
9.6 With regard to Cookies, Visitors consent to their use on the Website or in the web browser. The processing is generally based on consent. The majority of web browsers allow Cookies. Without Cookies, not all functions of the Website may be available to the Visitor. Enabling or disabling Cookies and other similar technologies is up to the Visitor through the settings of their own web browser and the Cookie solution on our Website (if enabled). The Data Subject can enable and disable Cookies by type (excl. necessary Cookies that are enabled automatically).
9.7 More information about Cookies and the use of other similar technologies can be found on our Website through the respective Cookie solution.
