Data protection terms and conditions

Updated 24.07.2024

Disaintekstiil OÜ (the owner of the moomoo brand) protects and respects your privacy. These data protection terms and conditions explain which personal data we collect or are transferred to us during the consumption of web services, how we process the data, what your rights are, and what laws protect you. By visiting the moomoo website (hereinafter also referred to as our Web), you agree to these terms and conditions.

These data protection terms and conditions provide an overview of how we collect and process personal data. They also describe the data you give us by joining our newsletter (including the moomoo cycling club), visiting the website, or purchasing from the web store.

By reviewing the data protection terms and conditions, you can understand why and how we use the data related to you.

Data controller

The data controller of personal data is Disaintekstiil OÜ located at Riia 138c, Tartu, Estonia.

If you have any questions about the data protection terms and conditions or the company, please contact us via the contact details below.

Contact

Email: info@moomoo.ee

Address: Riia 138c, Tartu 50411, Estonia

You have the right to submit a complaint to the supervisory authority, the Estonian Data Protection Inspectorate (email: info@aki.ee), or the supervisory authority in your country of origin. We would like to address the complaints before you turn to the Estonian Data Protection Inspectorate.

Changes in the data protection terms and conditions and your responsibilities when you change the data

All changes to the data protection terms and conditions will always be posted on this website. Where appropriate, changes will also be emailed to you. To stay up to date with any amendments or updates, we recommend that you check the website regularly.

It is essential that your personal data is accurate and up to date. During our partnership, we ask you to inform us of any changes in your personal data.

Third-party links

Our website contains links to the websites or functions of third parties. By clicking on them, they may collect information about you. We are not responsible for the privacy terms and conditions of third parties. When leaving our website, we recommend that you review the data protection terms and conditions of the specific website.

Personal data we may process

Personal data or identification data is information based on which a person is identifiable. It does not include data that could lead to identifiable persons. In this case, it is considered anonymous data.

We may collect, store, and transfer personal data that we have grouped as follows:

Identity data: Given name, surname, date of birth, personal identification code, gender

Contact data: Billing address, delivery address, telephone number, email address

Financial data: Bank account number

Transfer data: Data regarding the transfer of money from you to us, or vice versa; advance payment and installment information, other information (purchase history) regarding the products or services acquired

Technical data: Internet Protocol (IP) address, browser and its version, location and time zone, information regarding browser interfaces and their versions, operating system, information regarding the means of communication used to visit our website

Usage data: Information about how our website, products, and services are used

Direct marketing data: Includes information regarding direct marketing preferences from us and selected third parties, as well as information on how you prefer to be contacted

We also collect, process, and share aggregated and anonymised data. Such data may be derived from your personal data (anonymisation), but in this case, it does not refer directly to you and is not associated with you. Irreversibly unidentifiable data is not considered personal data. For example, we may collect information about the volume of visitors who use a certain web functionality. If we combine aggregated data in such a manner that it can be specifically linked to your identity or your data, we treat the data as personal data under these terms and conditions.

We do not collect your sensitive personal data, such as race, religion, sexual orientation, health records, etc.

If you do not share your personal data with us

We may not be able to fulfil the contract concluded or about to be concluded (e.g., for the sale of products or services) between us if you do not share the data that we may collect under the law or the contract. In this case, we may cancel the delivery of products or services between us. We will inform you of this situation.

How personal data is collected

Information you share with us: You may share your identity, contact, and financial data by filling out forms on our website or in social media, by calling us, by contacting us via email, or otherwise. This includes personal data that you share with us if you:

  • Buy our products or services
  • Subscribe to our newsletter with your email address
  • Ask for our online advertising to be sent
  • Participate in a survey, competition, or prize game
  • Give us feedback
  • Apply for work

Information we collect about you: By visiting our website, we can automate the collection of different data: technical information (e.g., data regarding your browser and means of communication you visit the website with), information about the website visit (e.g., length of visit, viewed pages, source of arrival to the website).

We use cookies to obtain the data mentioned above. Cookies give us the opportunity to improve our website and make it more secure. Cookies may be used to distinguish you from other visitors. Thus, we are able to provide you with a better user experience. Find further information about the terms and conditions of the use of cookies at (www.moomoo.cc/cookies).

Information we can obtain from other sources: We may receive data related to you from third parties and from public sources, such as:

  • Technical information from data providers (e.g., from Google and HubSpot from outside the European Union)
  • Contact, financial, and transfer data from parties who offer technical solutions and payment or financial solutions
  • Identity and contact data from selected business partners and data providers

Use of personal data

We use your personal data only when necessary and to the extent permitted by law, mainly in the following cases:

  • To perform the contract to be concluded or the contract already concluded regarding the provision of products, services, or information you request
  • To provide you with information about our other products or services that are similar to those you have purchased from us before, or on which you have made inquiries
  • To provide you with information about the products or services by us or by the carefully selected third parties that might interest you; to forward information about the products or services that are similar to your last purchase or wish by electronic means only (e.g., an email)
  • In a situation where we or third parties have legal obligations that overcome your rights
  • To administer, manage, and improve our website, and make it more efficient and safer, to provide recommendations on other products and services that might interest you

For such purposes, we may use the data that you have shared with us, which we have collected or received from other sources.

Cancelling your subscription (to newsletters or advertising) is not considered as the cancellation of the personal data processing. This includes the data we have received from you when purchasing products or services, requesting a guarantee, or from your feedback.

Purpose and legal basis for the processing of personal data

The table below gives an overview of the purpose and legal basis for the use of personal data. We have also added the legal bases for our own interests where they are valid.

Purpose/Activity Data Legal basis for processing
To process and deliver your order, including: a) handling costs and charges b) collecting money owed to us Identity, contact, financial, transaction, and direct marketing data a) To fulfil our contract b) To fulfil legal interests (e.g., collecting debts) c) Consent
To manage our relationship, such as: a) notifying you of changes in sales and data protection terms b) asking for your feedback or filling in a questionnaire Identity, contact, and direct marketing data a) To fulfil our contract b) To fulfil legal interests (to keep our data up-to-date and to understand how people use our products and services) c) To comply with legal obligations d) Consent
To enable you to participate in a prize draw, competition, or fill in a questionnaire Identity, contact, financial, usage, transaction, and direct marketing data a) To fulfil our contract b) To fulfil legal interests (to understand how people use our products and services, to develop products, services, and the company)
To administer and protect our website (troubleshooting and fixing errors, data analysis, testing, support services, and data retention) Identity, contact, usage, and technical data a) To fulfil legal interests (company management, information technology services administration, website security, fraud prevention) b) Consent
To provide relevant web and advertising content and measure and understand the effectiveness of the ads you are shown Identity, contact, usage, direct marketing, and technical data a) To fulfil legal interests (to understand how people use our products and services, to develop products, services, and the company, and to improve marketing strategy)
To use data analysis to improve our website, products and services, marketing, customer relationships, and experience Technical and usage data a) To fulfil legal interests (to define customer profiles, keep our website relevant and up to date, to develop the company and marketing strategy) b) Consent
To offer suggestions or recommendations about products or services that might interest you Identity, contact, technical, and usage data a) To fulfil legal interests (to develop our products and services and grow the company) b) Consent
To understand if you are suitable for employment in the company Identity and contact data a) To fulfil legal interests b) To fulfil an employment contract c) To fulfil vital interests of individuals d) Legal obligation e) Consent
To organize moomoo cycling club activities Identity, contact, financial, transaction, and direct marketing data a) To fulfil legal interests (to manage club membership and collect debts) b) Consent

Please note that some data processing may have more than one legal basis. Contact us (info@moomoo.ee) if you would like to know which legal basis, we rely on for processing your personal data when there are multiple bases.

Disclosure of data to third parties

We may need to transfer your personal data to third parties.

In this context, third parties include:

  • Professional advisors and service providers acting as authorized data processors, such as business advisors, lawyers, financial institutions, auditors, and accountants who provide services such as consulting, financial, legal, insurance, and accounting services.
  • Tax and Customs Board; and other public or legal institutions acting as authorized data processors who may, in certain situations, require reporting.
  • Other carefully selected third-party service providers who offer web, payment, transfer, cloud, communication, transport, and courier services, customer list management services, data processing services, as well as social media.

All authorized data processors are required to ensure the security of your personal data and process it in accordance with the law. We do not allow authorized data processors to use your data for their own purposes. Third parties may only use the data according to the instructions provided for the authorized purposes.

International transfers

Collected personal data may be processed outside the European Union. This may be done by service providers’ employees from outside the European Union. These employees may be necessary for fulfilling your order or providing the service.

When transferring your personal data outside the European Union, we ensure that the associated data protection terms are of an equivalent level and that processing complies with at least one of the following legal frameworks:

  • We transfer personal data only to countries that have ensured their security requirements as established by the European Commission and the Council. For additional information, see Regulation (EU) 2016/679 of the European Parliament and the Council.
  • In the case of service providers, we may use contracts coordinated with the security measures set by the European Commission. For further information, see the regulations (EU) 2021/914 and (EU) 2016/679.
  • We may transfer data to service providers in the United States only if the service provider complies with the EU-US Data Privacy Framework. This ensures the security level of personal data processing equivalent to local requirements. For further information, see the European Commission’s decision on the EU-US Data Privacy Framework.

Contact us if you would like to know which framework we use for transferring your data outside the European Union.

Security and access to data

We implement various security measures to prevent the destruction, loss, modification, illegal disclosure, or unauthorized access to your data. Access to your data is restricted to those employees, service providers, or contractors who need it. They process your data according to our instructions and confidentially.

Breaches related to personal data will be documented. In the event of danger, the Estonian Data Protection Inspectorate and you will be informed as required by law.

Data retention

We retain your data only for as long as the purposes of data collection are met, which may include legal, accounting, consumer claim, or reporting obligations.

When determining the retention time, we consider the amount, nature, sensitivity, and the potential risk of the data in case of unauthorized use and public disclosure, as well as the purposes for processing. We also consider whether the purpose of data collection may be accomplished in a different manner, and our legal obligations.

For accounting and other legal purposes, we are required to retain the main customer data (personal, contact, financial, and transaction data) for at least seven years after the end of the customer relationship.

Under certain conditions, you are entitled to delete the data related to you. See the chapter on “Deletion”.

In certain cases, we may anonymize your personal data so that they can no longer be associated with you, for example, for the purposes of statistical data analysis. In such cases, we may use the data without time limits and without notifying you.

Your rights

Under the data protection terms and conditions, you have several rights regarding your personal data.

Accessing and learning your data: You have the right to obtain a copy of your personal data and to verify that we process them lawfully. To gain access to your data processed by us, please contact our customer support at info@moomoo.ee.

Modification of data related to you: You have the right to supplement or correct inaccurate data related to you. We may need to verify your revised data.

Deletion of your personal data: You have the right to request the deletion of your personal data if there is no reason for us to process the data in the future, if you have successfully withdrawn consent for processing your data, or if we have unlawfully processed the data related to you. In certain cases, the deletion of your personal data may not be possible (for example, we retain the accounting source documents, which include customer data, for seven years following the termination of the customer relationship). If possible, we will inform you of such reasons at the moment of the data deletion request. To delete personal data, you should contact our customer support by email. The data deletion request will be answered within one month.

Withdrawal of consent regarding data for which processing is dased on our legitimate interest: You have the right to withdraw your consent if you wish to challenge the processing of data because it violates your fundamental rights and freedom. You also have the right to challenge the processing of your data if we do so for the purposes of direct marketing. If you do not wish to receive direct marketing notices, you should choose the appropriate reference in the footnote of the email or contact our customer support. In certain legitimate cases, we may provide a legal basis for the processing of your data, which is beyond your rights and freedom, for example, the obligations arising from taxation to process financial data related to you. Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent.

Restriction of processing your data: You have the right to suspend the processing of your personal data in the following cases:

  • During the time you want us to adjust your data;
  • If we process the data illegally, but you do not want to delete your data;
  • If you want us to retain your data even if we no longer need them, but you need your data to respond to a claim;
  • During the time you have withdrawn your consent for the processing of your data and we are in the middle of determining whether there is a legal basis which exceeds your wish.

Transferring data to you or any third party: We guarantee that your data is transferred to you or a third party of your choice in a structured and machine-readable format. This right only applies to automated data that you have shared with us to comply with the contract.

You can find further information regarding the civil rights of the data protection terms and conditions at https://commission.europa.eu/law/law-topic/data-protection/data-protection-eu_et.

Fees

You do not have to pay for gaining access to the data related to you. There is also no fee for exercising your other rights. However, a reasonable fee may be applied if your request is unjustified, repeated, or excessive. In this case, we may apply a reasonable fee in accordance with the actual required costs. In such cases, we may also refuse to respond to your request, in which case we will provide justification.

What data we may need from you

In cases of inquiries related to your rights, we may need to identify you, so we may ask for specific information. This enables us to make sure that you have the right to access your data or other rights. This is a security measure to prevent your data from being transferred to a person who does not have the appropriate rights. To speed up the process of responding to you, we may contact you and ask for further information.

Period for responding

We try to respond to all legal requests within one month. If the request is particularly complex or there are several requests, the response may take more time. In this case, we will notify you.

Settlement of disputes

Settlement of disputes relating to the processing of personal data takes place via customer support (email: info@moomoo.ee). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).