Privacy policy

  1. General provisions
    1.1. This Privacy Policy governs the collection, processing and storage of personal data.
    principles on. Personal data collected, processed and stored by the data controller
    processor Estonian Automobile Sports Association (hereinafter referred to as the data processor).
    1.2. For the purposes of this Privacy Policy, a data subject is a customer or other natural person who.
    personal data processed by the data controller.
    1.3. For the purposes of this Privacy Policy, a customer is anyone who purchases from the data controller’s website.
    goods or services.
    1.4. The data processor shall comply with the data processing principles laid down in the legislation,
    among other things, process personal data lawfully, fairly and securely.
    The data controller is able to confirm that the personal data have been processed in accordance with.
    as provided for in the legislation.
  2. Collection, processing and storage of personal data
    2.1. The personal data collected, processed and stored by the data controller are collected electronically,
    mainly via the website and e-mail.
    2.2. By sharing his or her personal data, the data subject gives the data controller the right to collect,
    organise, use and manage personal data for the purposes set out in the Privacy Policy,
    which the data subject directly or indirectly provides to the data controller when purchasing goods or services from the website.
    2.3. It is the responsibility of the data subject to ensure that the information provided by him or her is accurate, correct and.
    and holistic. Knowingly providing false information is considered a breach of the Privacy Policy.
    The data subject is obliged to inform the data processor without delay of the following.
    from changing.
    2.4. The data processor shall not be liable for any damage caused by a data subject as a result of the provision of false information.
    any damage to the data subject or third parties.
  3. Processing of customers’ personal data
    3.1. A data processor may process the following personal data of a data subject:
    3.1.1. First name and surname;
    3.1.2. Date of birth;
    3.1.3. Phone number;
    3.1.4. E-mail address;
    3.1.5. Delivery address;
    3.1.6. Current account number;
    3.1.7. Payment card details;
    3.1.8. Information on the state of health provided in the health declaration.
    3.2. In addition to the foregoing, the data controller has the right to collect data about the customer that is.
    available in public registers.
    3.3. The legal basis for the processing of personal data is Article 6 of the General Data Protection Regulation.
    lg 1 p-d a), b), c) and f):
    (a) the data subject has given his or her consent to the processing of his or her personal data in one or more of the following ways.
    for a specific purpose;
    (b) the processing of personal data is necessary for the performance of a contract entered into with the data subject; or
    or to take pre-contractual measures at the request of the data subject;
    (c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
    (f) the processing of the personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party; or
    unless such interest is overridden by the interests of the data subject; or
    the fundamental rights and freedoms for which personal data must be protected, in particular where.
    the data subject is a child.
    3.4. Processing of personal data for the purposes for which it is processed:
    3.4.1. Purpose of processing – security and safety
    Maximum retention period – in accordance with the time limits specified by law.
    3.4.2. Purpose of the processing – order processing
    Maximum retention period – 10 years
    3.4.3. Purpose of the processing – to ensure the functioning of the e-shop services.
    Maximum retention period – 10 years
    3.4.4. Purpose of processing – customer management
    Maximum retention period – 10 years
    3.4.5. Purpose of the processing – financial activities, accounting.
    Maximum retention period – in accordance with the time limits specified by law.
    3.4.6. Purpose of processing – marketing
    Maximum retention period – 10 years
    3.5. The data processor has the right to share customers’ personal data with third parties, such as.
    such as authorised data processors, accountants, transport and courier companies,
    companies providing transfer services The data controller is the data processor.
    The processor shall transmit the personal data necessary for the execution of payments to the processor.
    To Maksekeskus AS.
    3.6. When processing and storing personal data relating to a data subject, the data controller shall apply.
    organisational and technical measures to ensure the protection of personal data in the event of accidental or.
    unlawful destruction, alteration, disclosure or any other unlawful act of.
    for processing.
    3.7. The data controller stores data subjects’ data depending on the purpose of the processing, but.
    for no more than 10 years.
  4. Data subject rights
    4.1. Data subjects have the right to access and inspect their personal data.
    4.2. The data subject has the right to be informed about the processing of his or her personal data.
    4.3. The data subject has the right to complete or correct inaccurate data.
    4.4. Where a data controller processes personal data relating to a data subject with the data subject’s consent.
    the data subject has the right to withdraw consent at any time.
    4.5. To exercise their rights, data subjects can contact the e-shop’s customer support at the following address.
    4.6. The data subject has the right to lodge a complaint with the Data Protection Authority in order to protect his or her rights.
    To the Inspectorate.
  5. Final provisions
    5.1. These data protection terms and conditions have been drawn up in accordance with the European Parliament and the
    Council Regulation (EU) No 2016/679 on the protection of personal data of natural persons.
    and the free movement of such data and the repeal of Directive 95/46/EC.
    (General Data Protection Regulation)/EC, the Personal Data Protection Regulation of the Republic of Estonia, the
    Protection Act and the legislation of the Republic of Estonia and the European Union.
    5.2. The data controller has the right to modify the data protection conditions, in whole or in part, by notifying.
    data subjects about changes via the website .

Who we are

Suggested text: Our website address is:


Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can view, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.