Data protection terms and conditions
Disaintekstiil OÜ (the owner of the moomoo brand) protects and respects your privacy. These data protection terms and conditions explain which personal data we collect or are transferred to us during service consumption, how we process the data, what your rights are and what laws protect you. By visiting the moomoo website (herein after also referred to as our Web), you agree to the terms and conditions thereof.
These data protection terms and conditions provide an overview of how we collect and process personal data. They also describe the data you give us by joining our mailing list, Website, or by purchasing from the Web store.
By accessing the data protection terms and conditions, you are able to understand why and how we use the data that relates to you.
The data controller of personal data is Disaintekstiil OÜ located at Riia 138c, Tartu.
If you have any questions about the data protection terms and conditions, or about the company, please contact us via the contact details below.
Physical address: Riia 138c, Tartu, 51014
Legal address: Kalda tee 6-78, Tartu 50703
You have the right to submit a claim to the supervisory authority, Estonian Data Protection Inspectorate (email firstname.lastname@example.org) or the supervisory authority in your country of origin. We would like to address the claims before you turn to the Estonian Data Protection Inspectorate.
Changes in the data protection terms and conditions and your responsibilities when you change the data
All changes to the data protection terms and conditions will always be posted on this Website. Where appropriate, the changes will also be emailed to you. To be up to date with any amendments or updates, we recommend that you check the Website regularly.
It is essential that your personal data is accurate and up to date. During our partnership, we ask you to inform us of any changes in your personal data.
Third party links
Our Website contains links to the websites or functions of the third parties. By clicking on them, they may collect information about you. We are not responsible for the privacy terms and conditions of the third parties. When leaving our Website, we recommend that you consult the data protection terms and conditions of a particular website.
Personal data which we can process
Personal data or identification data is the data on the basis of which a person is identifiable. It does not include the data which could lead to identifiable persons. In this case, it is considered anonymous data.
We may collect, store and transfer personal data that we have grouped as follows:
identity data – given name, surname, date of birth, gender;
contact details – billing address, delivery address, telephone number, email address, address of the preferred parcel terminal;
financial data – bank account number, payment card details, PayPal account details;
transfer details – data regarding the transfer of money from you to us, or vice versa; advance payment and instalment details, other data (purchase history) regarding the products or services acquired;
technical data – Internet Protocol (IP) address, browser and its version, location and time zone, information regarding browser interfaces and their versions, operating system, information regarding the means of communication used to visit our Website;
usage data – information about how our Website, products and services are used;
direct marketing data – includes information regarding direct marketing from us and from selected third parties as well as information on how you prefer to be contacted.
We also collect, process and share aggregated and anonymised data. Such data may be derived from the personal data relating to you (anonymisation), but in this case, it does not refer directly to you, and is not associated with you. Irreversibly unidentifiable data is not considered as personal data. For example, we may collect information regarding the volume of visitors that use a certain web functionality. If we combine aggregated data in such a manner that it can be specifically linked to your identity or your data, we treat the data as personal data under these terms and conditions.
We do not collect your sensitive personal data, such as race, religion, sexual orientation, health records, etc.
If you do not share your personal data with us
We may not be able to fill the contract concluded or about to be concluded (e.g., for the sale of products or services) between us if you do not share the data that we may collect under the law or the contract. In this case, we may cancel the delivery of products or services between us. We will inform you of this situation.
How your personal data is collected
Information you share with us. You may share your identity, contact and financial data by filling out forms on our Website or in social media, by calling us, by contacting us via email or otherwise. This includes personal data that you share with us if you:
- buy our products or services;
- subscribe to our newsletter with your email address;
- ask for our advertising to be sent;
- participate in a survey, competition or prize game;
- give us feedback;
- apply for work.
Data we collect about you By visiting our Website, we can automate the collection of different data: technical information (e.g., data regarding your browser and means of communication you visit the Website with), information about the Website visit (e.g., length of visit, viewed pages, source of the arrival to the Website).
Information we can obtain from other sources We may receive data related to you from third parties and from public sources, such as:
- technical information from data providers (e.g., from Google, Hotjar and Hubspot from outside the European Union);
- contact, financial, and transfer data from the parties who offer technical solutions and payment or financial solutions;
- identity and contact data from the selected business partners and data providers.
Use of personal data
We use your personal data only when necessary and to the extent permitted by law, mainly in the following cases:
- to perform the contract to be concluded or the contract already concluded regarding the provision of products, services or information you request;
- to provide you with information about our other products or services that are similar to those you have purchased from us before, or on which you have made inquiries;
- to provide you with information about the products or services by us or by the carefully selected third parties that might interest you; to forward information about the products or services that are similar to your last purchase or wish by electronic means only (e.g., an email);
- in a situation where we or third parties have legal obligations that overcome your rights;
- to administer, manage, and improve Our Website, and make it more efficient and safe, to provide recommendations on other products and services that might interest you.
For such purposes, we may use the data that you have shared with us, which we have collected or received from other sources.
Cancelling your subscription (to newsletters or advertising) is not considered as the cancellation of the personal data processing. This includes the data we have received from you when purchasing products or services, requesting a guarantee or from your feedback.
Purpose and legal basis for the processing of personal data
The table below gives an overview of the purpose and legal basis for the use of personal data. We have also added the legal bases for our own interests where they are valid.
See the Excel table “Purpose and basis for data processing”
Please note that for processing some of the data there may be more than one legal basis. Contact us (email@example.com) if you would like to know the legal basis for processing your personal data, if there are several of them.
|Purpose / activity||Data||Basis for processing|
|To process and deliver your order, including: a) processing costs and fees b) collection of money owed to us||Personal, contact, financial, transfer and direct marketing data||a) to comply with the contract b) to comply with legal interests (such as collecting debts) c) consent|
|To process the relationship between us, such as: a) notifications about the changes in the sales and data protection terms and conditions b) asking for your feedback or for filling in a questionnaire||Personal, contact and direct marketing data||a) to comply with the contract b) to comply with legal interests (to keep your data up to date and to find out how people use our products and services) c) legal obligations c) consent|
|To enable you to take part in a prize game, competition or fill in a questionnaire||Personal, contact, financial, usage, transfer and direct marketing data||a) to comply with the contract b) to exercise legal interests (to find out how people use our products and services, to develop products, services, and the company)|
|To manage and protect our company and our Website (to find and fix errors, for data analysis, for testing, for support services and retaining the data)||Personal, contact, and technical data||a) to exercise legal interests (management of the company, management of information technology services, Web security, prevention of fraud)|
|To provide adequate web and advertising content and to measure and understand the efficiency of adverts provided to you b) consent||Personal, contact, usage, direct marketing and technical data||a) to exercise legal interests (to find out how people use our products and services, to develop products, services, and the company as well as the marketing strategy)|
|To use data analysis to improve the Website, products and services, marketing, customer communication and experience||Technical and usage data||a) to exercise legal interests (to define customer profiles, keep our web content up-to-date and to develop the company and marketing strategy) b) consent|
|To suggest or propose products or services that might be of interest to you||Personal, contact, technical and usage data||a) to exercise legal interests (to develop own products and services and to grow the company) b) consent|
|To understand whether you are fit to work in the company||Personal and contact data||a) to exercise legal interests b) to comply with the contract of employment c) to comply with the vital interests of people d) legal obligation e) consent|
Disclosure of data to third parties.
We may need to disclose your personal data to third parties.
In this context, third parties include the following:
- professional advisers and service providers acting as data processors, such as business advisers, lawyers, financial institutions, auditors and accountants who provide services such as consultations, financial, legal, insurance and accounting services;
- Tax and Customs Board, Enterprise Estonia and other public or legal institutions acting as data processors who may, in certain situations, require reporting;
- other very carefully selected third parties as service providers who provide the web, payment, transfer, cloud, communication, transport, and courier services, management of mailing lists, data processing services, as well as social media.
All data processors are required to secure and process your personal data pursuant to the law. We do not allow the data processors to use your data in their own interests. Third parties may, in accordance with the instructions, use the data only in the interest of the purposes authorised to them.
The collected personal data may be processed outside the European Union. This may be done by the employees of the service providers from outside the European Union. These employees may be needed for executing your order, or providing the service.
When transferring your personal data to the countries outside the European Union, we ensure that the exercised data protection terms and conditions are of equal level and that at least one of the following legal frameworks are observed in the processing:
- we transfer personal data only to the countries which have ensured their security requirements as established by the European Commission and the Council. You can find further information in the Regulation (EU) 2016/679 of the European Parliament and the Council.
- In the case of service providers, we may use the contracts coordinated with the security measures set by the European Commission. For further information, see Regulations 2004/915/EC and 2010/87/EU of the European Commission.
- We may transfer data to the service providers in the American Community only if the service provider has joined the framework of the data protection shield (Privacy Shield). This ensures the security level of the processing of personal data equally with the local requirements. For further information, see the Regulation of the European Commission “EU-U.S. Privacy Shield”.
Contact us, if you would like to know which framework is used for transferring your data to countries outside the European Union.
Security and access to the data
We implement various security measures to prevent the destruction, loss or modification, illegal disclosure of or unauthorised access to your data. Access to your data is restricted to those employees, service providers or contractors who need it. They process your data according to our instructions and in confidence.
The breaches related to personal data will be documented. In the event of danger, you and the Data Protection Inspectorate will be informed as required by law.
We retain your data only for as long as the purposes of data collection are met, which may include legal, accounting, consumer claim or reporting obligations.
When determining the retention time, we consider the amount, nature, sensitivity, and the potential risk of the data in case of unauthorised use and public disclosure, as well as the purposes for processing. We also consider whether the purpose of data collection may be accomplished in a different manner, and our legal obligations.
For accounting and other legal purposes, we are required to retain the main customer data (personal, contact, financial and transfer data) for at least seven years after the end of the customer relationship.
Under certain conditions, you are entitled to delete the data related to you. See the chapter on “Deletion”.
In certain cases, we may anonymise your personal data so that they can no longer be associated with you, for example, for the purposes of statistical data analysis. In such cases, we may use the data without time limits and without notifying you.
Under the data protection terms and conditions, you have a number of rights regarding your personal data.
Accessing and learning your data You have the right to obtain a copy of your personal data and to verify that we process them lawfully. To gain access to your data processed by us, please contact our customer support at firstname.lastname@example.org.
Modification of data related to you You have the right to supplement or correct the inaccurate data related to you. We may need to verify your revised data.
Deletion of your personal data You have the right to request the deletion of your personal data if there is no reason for us to process the data in the future, if you have successfully withdrawn consent for processing your data or if we have unlawfully processed the data related to you. In certain cases, the deletion of your personal data may not be possible (for example, we retain the accounting source documents, which include customer data, for seven years following the termination of the customer relationship). If possible, we will inform you of such reasons at the moment of the data deletion request. To delete personal data, you should contact our customer support by email. The data deletion request will be answered within one month.
Withdrawal of consent regarding the data for which processing is based on our legal interest You have the right to withdraw your consent if you wish to challenge the processing of data because it violates your fundamental rights and freedom. You also have the right to challenge the processing of your data if we do so for the purposes of direct marketing. The email address is used for sending direct marketing notifications, if you have given the corresponding consent. If you do not wish to receive direct marketing notices, you should choose the appropriate reference in the footnote of the email or contact our customer support. In certain legitimate cases, we may provide a legal basis for the processing of your data, which is beyond your rights and freedom, for example, the obligations arising from taxation to process financial data related to. Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent.
Restriction of processing your data You have the right to suspend the processing of your personal data in the following cases:
- during the time you want us to adjust your data;
- if we process the data illegally, but you do not want to delete your data;
- if you want us to retain your data even if we no longer need them, but you need your data to respond to a claim;
- during the time you have withdrawn your consent for the processing of your data and we are in the middle of determining whether there is a legal basis which exceeds your wish.
Transferring data to you or any third party We guarantee that your data is transferred to you or a third party of your choice in a structured and machine-readable format. This right only applies to automated data that you have shared with us to comply with the contract.
You can find further information regarding the civil rights of the data protection terms and conditions at https://ec.europa.eu/commission/sites/beta-political/files/data-protection-overview-citizens_et.pdf.
You do not have to pay for gaining access to the data related to you. There is also no fee for exercising your other rights. However, a reasonable fee may be applied if your request is unjustified, repeated or excessive. In this case, we may apply a reasonable fee in accordance with the actual required costs. In such cases, we may also refuse to respond to your request, in which case we will provide justification.
What data we may need from you
In cases of inquiries related to your rights, we may need to identify you, so we may ask for specific information. This enables us to make sure that you have the right to access your data or other rights. This is a security measure to prevent your data from being transferred to a person who does not have the appropriate rights. To speed up the process of responding to you, we may contact you and ask for further information.
Period for responding
We try to respond to all legal requests within one month. If the request is particularly complex or there are several requests, the response may take more time. In this case, we will notify you.
Settlement of disputes
Settlement of disputes relating to the processing of personal data takes place via customer support (email: email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).