Privacy Policy

1. General provisions

1.1 This privacy policy governs the collection, processing and storage of personal data in the Eesti Pank commemorative coin online shop (eestipank.100kingitust.ee).

1.2 The controller of personal data is 100kingitust OÜ (registry code 12036279), Pärnu mnt 146, 11317 Tallinn, Estonia, tel +372 555 15 676, e-mail info@100kingitust.ee (hereinafter the Seller).

1.3 The data subject is a customer or another natural person whose personal data the Seller processes.

1.4 The Seller has not designated a separate data protection officer. For all questions concerning the processing of personal data, the Seller can be contacted at info@100kingitust.ee.

2. Personal data collected

2.1 The Seller collects and processes the following personal data:

  • first and last name;
  • telephone number;
  • e-mail address;
  • delivery address or chosen parcel machine;
  • bank account number (IBAN) and account holder’s name – in the event of withdrawal from an order or a refund;
  • purchase history and payment-related data (ordered products, amount, date);
  • customer account data, if the customer has created an account in the online shop;
  • IP address and website usage data (including statistics collected via cookies).

2.2 This is an indicative list; only data necessary for the specific purpose is processed.

2.3 Payments are processed via the Montonio payment solution – the Seller does not collect or store the customer’s payment card or bank login details.

3. Purpose of processing personal data

3.1 Personal data is used to:

  • process orders and deliver goods;
  • communicate with the customer and resolve questions related to the provision of goods and services (customer support);
  • issue invoices and manage accounting;
  • refund money in the event of withdrawal from an order or a claim;
  • ensure the functioning of the online shop, produce website usage statistics and prevent fraud.

4. Legal basis for processing

4.1 The legal basis for processing personal data is:

  • performance of a contract (Article 6(1)(b) of the General Data Protection Regulation) – placing an order, delivery and refunds;
  • legal obligation (Article 6(1)(c)) – fulfilment of accounting and tax obligations;
  • legitimate interest (Article 6(1)(f)) – ensuring the functioning and security of the online shop, preventing fraud, and website usage statistics.

5. Authorised processors and recipients

5.1 To fulfil orders and operate the online shop, personal data is disclosed only to the extent necessary to the following recipients:

  • payment service provider – Montonio Finance OÜ;
  • delivery service providers – Omniva, Itella SmartPOST, DPD, FedEx (name, telephone and e-mail are disclosed, and for courier delivery also the address);
  • accounting service provider – for performing accounting operations;
  • online shop hosting provider – Zone Media OÜ (zone.ee);
  • web analytics service – Google (Google Analytics / Site Kit) for producing website usage statistics.

5.2 Authorised processors process personal data in accordance with the Seller’s instructions and contracts concluded under Article 28 of the General Data Protection Regulation, and do not use it for any other purpose.

6. Security and access to data

6.1 The online shop’s servers are located in Estonia (hosting provider Zone Media OÜ), within the territory of the European Union.

6.2 The Seller applies appropriate technical and organisational security measures to protect personal data: data is exchanged via an encrypted connection (TLS/HTTPS), access to personal data is restricted and password-protected, a firewall and antivirus are in use, and regular backups are made.

6.3 Access to personal data is granted only to those Seller employees who need it to fulfil orders and provide customer support.

6.4 When using Google Analytics, data may be transferred to the United States; Google adheres to the EU-US Data Privacy Framework, which ensures an adequate level of protection. Analytics cookies are used on the basis of the user’s consent.

7. Storage of personal data

7.1 Personal data is stored for as long as necessary to fulfil the purpose of processing.

7.2 When a customer account is closed, personal data is deleted, except for data that must be retained for accounting purposes or for the resolution of consumer disputes.

7.3 Data related to payments and consumer disputes is retained until the claims are satisfied or the limitation period expires. Accounting source documents are retained for 7 years in accordance with the Accounting Act.

8. Rights of the data subject

8.1 The data subject has the right to:

  • access their personal data and receive information about its processing;
  • request the rectification of inaccurate or incomplete data;
  • request the erasure of personal data (except where retention is required by law);
  • request the restriction of processing of personal data;
  • object to the processing of their personal data;
  • request the portability of the personal data they have provided;
  • withdraw consent previously given at any time;
  • lodge a complaint with the Estonian Data Protection Inspectorate (Tatari 39, 10134 Tallinn, aki.ee, info@aki.ee).

8.2 To exercise these rights, a request must be submitted to info@100kingitust.ee. The Seller responds to the request within one month at the latest.

9. Cookies

9.1 The online shop uses cookies to ensure the functioning of the website, remember the cart contents and analyse website usage. Analytics and marketing cookies are used only with the user’s consent. The user can disable cookies in the browser settings, but this may limit the functionality of the online shop.

10. Final provisions

10.1 When processing personal data, the Seller follows the European Union General Data Protection Regulation (GDPR), the Personal Data Protection Act and other relevant legislation. The Seller has the right to update this privacy policy; the current version is published on the online shop’s website.

11. Contact

Controller of personal data:
100kingitust OÜ
Registry code 12036279
Pärnu mnt 146, 11317 Tallinn, Estonia
Tel +372 555 15 676
E-mail: info@100kingitust.ee