Privacy policy

Data Controller

AS Prisma Peremarket, registry code: 10569681, address: Mustakivi tee 17, Tallinn 13912, Estonia, e-mail: andmekaitse@prismamarket.ee

Contact information of the Data Protection Officer

andmekaitse@prismamarket.ee

Registrar

andmekaitse@prismamarket.ee

Name of the register

Prisma Customer Register

Purpose of personal data use

We process personal data for the purposes of managing AS Prisma Peremarket’s loyalty program and providing related services and discounts, monitoring purchasing behaviour, enabling the use of the online store, marketing, creating targeted and personalized content, as well as for business planning and development, including analysis and profiling, for market research, opinion surveys and handling customer feedback.

Lawful basis for processing personal data, personal data to be processed, and retention period

We process personal data on the following grounds:

Information sources and information available from public sources

We receive your data when you join and use the loyalty program, and also directly from you via websites, email, or other similar means, as well as through the use of services.

We may also receive your name, address, mobile number, and death-related data from the relevant authorities and companies.

Recipients of personal data

We may disclose personal data within the limits prescribed by applicable laws, such as in response to information requests from authorities. We may also share your data with our business partners.

Additionally, with your consent, we may transfer data to third parties for other purposes.

Transfer of personal data to third countries or international organisations and the safeguards used

We use subcontractors to process personal data, which is why your data may be transferred, to a limited extent, outside the European Union (EU) or the European Economic Area (EEA) for the purposes of providing services, technical administration and support. We may transfer data in this manner if the European Commission has decided that the data protection level of the target country or organization is adequate, or if we can otherwise ensure an adequate level of data protection in accordance with applicable laws.

In such cases, we require our subcontractors to commit to complying with the applicable laws and the data protection and information security requirements set by AS Prisma Peremarket.

Rights of the data subject

The data subject has the following rights:

• right to access personal data;
• right to rectification of inaccurate personal data
• right to erasure of personal data (for example, if the basis for processing is a consent or if there is no lawful basis for retaining the data);
• right to restriction of processing (the accuracy of personal data is contested or unlawful processing);
• right to object to processing of personal data for direct marketing purposes or other processing based on legitimate interest;
• right to withdraw the consent;
• right to have the personal data transmitted from one system to another (regarding automated processing);
• right to receive information about breaches of personal data security under the General Data Protection Regulation (GDPR).

You may withdraw your consent and object to the processing of your data for legitimate interest and direct marketing purposes, thereby decide how we use your personal data.

If you wish to exercise your rights or obtain more information about the processing of your personal data, please contact the data controller by sending an email to: andmekaitse@prismamarket.ee.

If you believe that we are violating applicable data protection laws in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The website of the Data Protection Inspectorate: www.aki.ee.

Data Protection Inspectorate

Tatari 39, Tallinn 10134

+372 627 4135

info@aki.ee