Privacy Policy
Lindenhill is committed to being a trustworthy partner that respects your rights when it comes to processing personal data. With this in mind, we have developed privacy policy principles that govern the collection, use, disclosure, transfer, and storage of customer data.
1. DEFINITIONS
1.1. Data Subject refers to a natural person about whom Lindenhill has information or information that can be used to identify the individual. Data Subjects may include individual customers, partners, and employees for whom Lindenhill has Personal Data.
1.2. Privacy Policy refers to this document, which sets out the principles of Personal Data Processing by Lindenhill.
1.3. Personal Data refers to any information related to an identified or identifiable natural person.
1.4. Processing of Personal Data refers to any operation performed on the Data Subject’s Personal Data, such as collection, storage, organization, retention, alteration, disclosure, enabling access, querying and extracting, use, transfer, cross-use, merging, locking, deletion, or destruction, or a combination of the aforementioned operations, regardless of the means and tools used.
1.5. Customer refers to any natural or legal person who uses or has expressed a desire to use Lindenhill’s services.
1.6. Agreement refers to the service or other agreement concluded between Lindenhill and the Customer.
1.7. Website www.lindenhill.ee refers to Lindenhill’s website.
1.8. Visitor refers to any individual who uses the Lindenhill website.
1.9. Child refers to a person under 13 years of age in the context of Personal Data Processing in the Republic of Estonia.
1.10. Services refer to all services and products provided by Lindenhill.
1.11. Cookies are data files that are sometimes stored on the Visitor’s device.
1.12. Lindenhill Data Protection Officer is the person responsible for ensuring the application of Personal Data Processing principles at Lindenhill, and whom the Data Subject can contact in case of complaints.
1.13. Sales Channels are the means used by Lindenhill to communicate with the Data Subject for the purpose of selling goods and providing services, including email, phone, public and social media, various chat lines, personalized and interactive advertisements, and other similar tools on Websites and elsewhere.
1.14. Product Portfolio refers to the various products and services offered by Lindenhill, which are listed on the website www.lindenhill.ee.
The terms used in the Privacy Policy, the Agreement, the General Terms, and in communication between the parties shall have the meanings ascribed to them above.
2. GENERAL PROVISIONS
2.1. Lindenhill is a legal entity Lindenhill OÜ, registered with code 16159174, located in Harju County, Tallinn, Ööbiku 2a-13, 11315.
2.2. Lindenhill may process Personal Data:
2.2.1. As a data controller, determining the purposes and means of processing;
2.2.2. As a data processor, according to the instructions of the data controller;
2.2.3. As a recipient, to the extent that Personal Data is transferred.
2.3. The Privacy Policy applies to Data Subjects, and the rights and obligations set forth in the Privacy Policy are observed by all Lindenhill employees and partners who have contact with Personal Data in Lindenhill’s possession.
2.3.1. The Privacy Policy may be supplemented by privacy notices published on the Website or in devices, and the Privacy Policy may be amended and supplemented by such notices.
3. PRINCIPLES
3.1. Lindenhill always considers the interests, rights, and freedoms of Data Subjects in the Processing of Personal Data.
3.2. Lindenhill aims for responsible Personal Data Processing, which is based on best practices, ensuring that we are always ready to demonstrate compliance with the goals set for Personal Data Processing.
3.3. All processes, instructions, operations, and activities related to Personal Data Processing at Lindenhill are based on the following principles:
3.3.1. Legality. There is a legal basis for the Processing of Personal Data, such as consent;
3.3.2. Fairness. Personal Data Processing is fair, requiring that the Data Subject has sufficient information and awareness about how Personal Data is processed.
3.3.3. Transparency. Personal Data Processing is transparent to the Data Subject.
3.3.4. Purposefulness. Personal Data is collected for specific, clearly defined, and legitimate purposes and is not processed later in a way that is incompatible with those purposes.
3.3.5. Accuracy. Personal Data is accurate and kept up to date, and all reasonable steps are taken to ensure that incorrect Personal Data, considering the purpose of the processing, is erased or rectified.
3.3.6. Storage Limitation. Personal Data is stored in a form that allows the identification of Data Subjects only as long as necessary for the purpose of the processing. This means that if Lindenhill wishes to retain Personal Data longer than necessary for the collection purpose, Lindenhill anonymizes the data so that the Data Subject is no longer identifiable. For data obtained through a customer or other similar relationship, Lindenhill retains the data according to best practices and with consent until the consent is withdrawn.
3.3.7. Reliability and Confidentiality. Personal Data Processing is carried out in a way that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using reasonable technical or organizational measures. Lindenhill has internal instructions, rules for employees, and separate agreements with each authorized processor, which provide for best practices, continuous risk assessment, and appropriate technical and organizational measures for Personal Data Processing.
4. CATEGORIES OF PERSONAL DATA
4.1. Lindenhill collects, among other things, the following types of Personal Data:
4.1.1. Personal Data disclosed to Lindenhill by the Data Subject (name, email address, postal address, phone number);
4.1.2. Personal Data resulting from regular interaction between the Data Subject and Lindenhill;
4.1.3. Personal Data that is obviously made public by the Data Subject (e.g., on social media);
4.1.4. Personal Data generated during the use of Services (e.g., purchasing from an online store);
4.1.5. Personal Data generated from visiting and using the Website (e.g., time spent on the Website);
4.1.6. Personal Data received from third parties;
4.1.7. Personal Data created and combined by Lindenhill (e.g., correspondence during the customer relationship or an order history list).
5. PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
5.1. Lindenhill processes Personal Data exclusively based on consent or by law.
5.2. Lindenhill processes Personal Data based on consent strictly within the limits, scope, and purposes determined by the Data Subject. For consents, Lindenhill adheres to the principle that each consent must be clearly distinguishable from other matters, be presented in an understandable and easily accessible form, in clear and simple language. Consent can be given either in writing, electronically, or as a verbal statement. The Data Subject provides consent voluntarily, specifically, knowingly, and unambiguously, for example, by ticking a box on the Website.
5.3. Legitimate interest means Lindenhill’s interest in managing and directing its business to offer the best possible Services on the market. Lindenhill processes Personal Data based on the law only after careful consideration, determining that Lindenhill has a legitimate interest in processing Personal Data that is necessary and in accordance with the interests and rights of the Data Subject. Personal Data Processing on the basis of legitimate interest may primarily take place for the following purposes:
5.3.1. To ensure a trustworthy customer relationship, such as processing Personal Data that is strictly necessary to identify the actual beneficiaries or prevent fraud;
5.3.2. Managing and analyzing the customer base to improve the availability, choice, quality of Services and products, and to make the best and most personalized offers to the Customer with consent;
5.3.3. Collecting identifiers and Personal Data when using websites, mobile apps, and other Services. Lindenhill uses the collected data for web analysis or analysis of mobile and information society services, ensuring operation, improving, creating statistics, and analyzing Visitor behavior and usage experience to provide better and more personalized Services;
5.3.4. Organizing campaigns, including personalized and targeted campaigns, conducting customer and visitor satisfaction surveys, and measuring the effectiveness of marketing activities;
5.3.5. Analyzing customer and visitor behavior in different Sales Channels, Websites;
5.3.6. For network, information, and cybersecurity considerations, such as combating piracy and ensuring the security of Websites and taking measures for making and storing backups;
5.3.7. Preparing, submitting, or defending legal claims.
5.4. To fulfill legal obligations, Lindenhill processes Personal Data to comply with obligations set by law or to apply the uses permitted by law. For example, legal obligations arise in the processing of payments or compliance with anti-money laundering regulations.
5.5. If Personal Data Processing takes place for a new purpose different from the one for which the Personal Data was originally collected, or is not based on the Data Subject’s consent, Lindenhill carefully evaluates the permissibility of such new Processing.
6. DISCLOSURE AND/OR TRANSFER OF CUSTOMER DATA TO THIRD PARTIES
6.1. Lindenhill collaborates with persons to whom Lindenhill may transfer data related to Data Subjects, including Personal Data, in the course and for the purpose of cooperation.
6.2. Such third parties may include advertising and marketing partners, companies conducting customer satisfaction surveys, debt collection service providers, credit reporting agencies, IT partners, postal service intermediaries or providers, institutions, and organizations, provided that:
6.2.1. the corresponding purpose and Processing is lawful;
6.2.2. Personal Data Processing takes place according to Lindenhill’s instructions and under a valid agreement.
7. SECURITY OF PERSONAL DATA PROCESSING
7.1. Lindenhill retains Personal Data only for the strictly necessary period. Personal Data, whose retention period has expired, is destroyed using best practices and according to the procedures established by Lindenhill.
7.2. Lindenhill has established guidelines and procedural rules on how to ensure the security of Personal Data through the use of organizational and technical measures.
7.3. In the event of any incident related to Personal Data, Lindenhill takes all necessary measures to mitigate the consequences and minimize relevant risks in the future. Lindenhill records all incidents and notifies the Data Protection Inspectorate and the Data Subject directly if required.
8. PROCESSING OF CHILDREN’S PERSONAL DATA
8.1. Lindenhill’s Services, including information society services, are not directed at Children.
8.2. Lindenhill does not knowingly collect information about persons under 13 years of age, and in the event of such activity, we follow the wishes of the parent or guardian.
8.3. If Lindenhill becomes aware that it has collected Personal Data from or about a Child, Lindenhill will make every effort to cease the processing of such Personal Data.
9. DATA SUBJECT’S RIGHTS
9.1. Rights related to consent:
9.1.1. The Data Subject has the right to notify Lindenhill at any time of their wish to withdraw consent for Personal Data Processing.
9.1.2. Consent to receive a newsletter from Lindenhill can be withdrawn via the link at the bottom of the newsletter.
9.2. In the Processing of Personal Data, the Data Subject has the following rights:
9.2.1. The right to access, which includes the Data Subject’s right to obtain information about the Personal Data collected about them.
9.2.2. The right to access the data, which includes the Data Subject’s right to obtain a copy of the Personal Data being processed.
9.2.3. The right to correct inaccurate Personal Data.
9.2.4. The right to erasure, meaning that in certain cases, the Data Subject has the right to request the erasure of Personal Data, such as when Processing is based solely on consent.
9.2.5. The right to restrict the Processing of Personal Data. This right arises, among other things, when the Processing of Personal Data is not permitted by law or when the Data Subject disputes the accuracy of the Personal Data. The Data Subject has the right to request the restriction of Personal Data Processing for a period allowing the data controller to verify the accuracy of the Personal Data, or when the processing is unlawful, but the Data Subject does not request the erasure of the data.
9.2.6. The right to obtain a review by the supervisory authority regarding the lawfulness of the Data Subject’s Personal Data Processing.
10. EXERCISING RIGHTS AND SUBMITTING COMPLAINTS
10.1. Exercising rights:
10.1.1. The Data Subject has the right to contact Lindenhill via email at kristjan@lindenhill.ee with any questions, requests, or complaints regarding Personal Data Processing.
10.2. Submitting complaints:
10.2.1. The Data Subject has the right to submit a complaint to Lindenhill, the Data Protection Inspectorate, or the court if the Data Subject believes that their rights have been violated in the Processing of Personal Data.
10.2.2. Contact details of the Data Protection Inspectorate (AKI) can be found on the AKI website: www.aki.ee.
11. COOKIES AND OTHER WEB TECHNOLOGIES
11.1. Lindenhill may collect data about Visitors to the Websites and other information society services using Cookies (i.e., small pieces of information stored by the Visitor’s browser on the Visitor’s computer or other device) or other similar technologies (e.g., IP address, device information, location information) and process this data.
11.2. Lindenhill uses the collected data to provide Services according to the Visitor’s or Customer’s habits; ensure the best quality of Service; inform the Visitor and Customer about content and make recommendations; make advertisements more relevant and improve marketing efforts; facilitate login and protect data. The collected data is also used for counting Visitors and recording their usage habits.
11.3. Lindenhill uses session, persistent, and advertising Cookies. Session cookies are deleted automatically after each visit; persistent cookies remain when the Website is used repeatedly. Third-party Cookies are used by the Websites of Lindenhill’s partners. Lindenhill does not control the creation of these Cookies, so information about these cookies can be obtained from third parties.
11.4. Visitors agree to the use of Cookies on the Website, in the settings of the Information Society service, or in the web browser.
11.5. Most web browsers allow Cookies. Without fully enabling Cookies, the Visitor will not have access to the functions of the Website. Allowing or disabling Cookies and other similar technologies is under the control of the Visitor through their web browser settings, Information Society service settings, and such privacy enhancement platforms.
12. IMPORTANT DOCUMENTS, GUIDELINES, PROCEDURES
12.1. The implementation of Lindenhill’s Privacy Policy is based on the following documents, procedures, guidelines:
12.1.1. Processing Activities Register, which lists all purposes, methods, types, and categories of Personal Data processed, as well as the corresponding legal bases for processing;
12.1.2. Personal e-store account, through which the Data Subject can access their Personal Data held by Lindenhill; can correct, modify it, and exercise their other rights granted by law and this Privacy Policy;
12.1.3. Lindenhill’s principles for the use of organizational and technical measures, which describe the various measures Lindenhill applies to ensure that personal data is always confidential and secure.
12.1.4. All About Cookies: Descriptions of cookies and other web technologies used by Lindenhill.
13. CONTACT INFORMATION AND DETAILS
13.1. Important contact information for the Data Subject at Lindenhill:
13.1.1. You can contact Lindenhill with questions about Personal Data at kristjan@lindenhill.ee.
14. OTHER TERMS
14.1. Lindenhill reserves the right to unilaterally amend this Privacy Policy. Lindenhill will notify Data Subjects of any changes on the website www.lindenhill.ee. We assume that by using Lindenhill’s website www.lindenhill.ee, you have read and agreed to the Privacy Policy. Read more: Terms and Conditions.