1. General Provisions
1.1. This Privacy Policy governs the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller Front42 OÜ (hereinafter referred to as the "Data Controller").
1.2. A Data Subject, within the meaning of this Privacy Policy, is a customer or any other natural person whose personal data is processed by the Data Controller.
1.3. A Customer, within the meaning of this Privacy Policy, is any person who purchases goods or services from the Data Controller’s website.
1.4. The Data Controller adheres to the principles of data processing established by applicable legislation, including processing personal data lawfully, fairly, and securely. The Data Controller can demonstrate that personal data is processed in accordance with legal requirements.
2. Collection, Processing, and Storage of Personal Data
2.1. Personal data is collected, processed, and stored electronically, primarily via the website and email.
2.2. By sharing their personal data, the Data Subject grants the Data Controller the right to collect, organize, use, and manage personal data for the purposes defined in this Privacy Policy, either directly or indirectly through the purchase of goods or services on the website.
2.3. The Data Subject is responsible for ensuring that the data provided is accurate, correct, and complete. Knowingly providing false information is considered a violation of this Privacy Policy. The Data Subject must promptly notify the Data Controller of any changes to the submitted data.
2.4. The Data Controller is not liable for any damage caused to the Data Subject or third parties resulting from the submission of incorrect data by the Data Subject.
3. Processing of Customer Personal Data
3.1. The Data Controller may process the following personal data:
3.1.1. First and last name;
3.1.2. Phone number ;
3.1.3. Email address ;
3.1.4. Delivery address ;
3.2. In addition to the above, the Data Controller may collect data about the Customer from public registers.
3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a) The Data Subject has given consent for one or more specific purposes;
b) Processing is necessary for the performance of a contract or to take steps prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation;
f) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, especially if the Data Subject is a child.
3.4. Data processing purposes and retention periods:
3.4.1. Security and safety – retained as required by law
Maximum retention period of personal data – in accordance with the deadlines specified by law.
3.4.2. Purpose of processing – order processing
Maximum retention period of personal data – 2 years.
3.4.3. Purpose of processing – ensuring the operation of the e-store services
Maximum retention period of personal data – 2 years.
3.4.4. Purpose of processing – customer management
Maximum retention period of personal data – 2 years.
3.4.5. Purpose of processing – financial activities, accounting
Maximum retention period of personal data – in accordance with the deadlines specified by law.
3.5. The Data Controller may share personal data with third parties such as authorized processors, accountants, logistics and courier companies, and payment service providers. The Data Controller is the primary data controller and transmits necessary personal data to authorized processors for payment processing.
3.6. The Data Controller applies organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, or any other unauthorized processing.
3.7. Personal data is retained based on the purpose of processing, but no longer than 2 years unless otherwise required by law.
4. Rights of the Data Subject
4.1. The Data Subject has the right to access and review their personal data.
4.2. The Data Subject has the right to receive information about the processing of their personal data.
4.3. The Data Subject has the right to correct or supplement inaccurate data.
4.4. If personal data is processed based on the Data Subject’s consent, they have the right to withdraw consent at any time.
4.5. To exercise these rights, the Data Subject may contact customer support at sales@prodroneparts.com.
4.6. The Data Subject also has the right to file a complaint with the Estonian Data Protection Inspectorate.
5. Final Provisions
5.1. This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 (GDPR), the Estonian Personal Data Protection Act, and other applicable EU and Estonian legislation.
5.2. The Data Controller reserves the right to amend this Privacy Policy, either partially or fully, by notifying Data Subjects via the website https://prodroneparts.com.