Privacy Policy

General Provisions

  1. This privacy policy governs the principles of collecting, processing, and storing personal data. Personal data is processed and stored by Apple Red LLC, acting as the controller of the personal data (hereinafter referred to as the controller).
  2. For the purposes of this privacy policy, a data subject refers to the customer or any natural person whose personal data is processed by the controller.
  3. For the purposes of this privacy policy, a customer means anyone who purchases goods or services on the controller’s website.
  4. The controller adheres to the principles of personal data processing as provided by legislation. Personal data is processed lawfully, fairly, and securely in compliance with relevant regulations.

Collection, Processing, and Storage of Personal Data

  1. The controller collects, processes, and stores personal data primarily gathered electronically via the website and email.
  2. By providing their personal data, the data subject grants the controller the right to collect, organize, use, and manage their data for the defined purposes in this privacy policy.
  3. The data subject is responsible for the accuracy, correctness, and integrity of the submitted data. Knowingly submitting false data breaches the privacy policy. The data subject must promptly notify the controller of any changes to the data submitted.
  4. The controller is not liable for any damage or loss resulting from the submission of false data by the data subject.

Processing of Personal Data of Customers

  1. The controller may process the following personal data of the data subject:
    • Given name and surname
    • Date of birth
    • Telephone number
    • Email address
    • Delivery address
    • Bank account number
    • Payment card details
  2. Additionally, the controller has the right to collect data about the customer from publicly available registers.
  3. The legal basis for processing personal data is outlined in points (a), (b), (c), and (f) of Article 6(1) of the General Data Protection Regulation (GDPR).
  4. Processing purposes and maximum storage periods:
    • Security and safety: As specified by law
    • Processing of orders: 2 years
    • Functioning of online store services: 2 years
    • Customer management: 2 years
    • Financial activities, accounting: As specified by law
    • Marketing: 2 years
  5. The controller may share customers' personal data with third parties such as processors, accountants, transport and courier companies. The controller oversees this data processing. Payment-related data may be transmitted to the processor, Maksekeskus AS.
  6. The controller implements organizational and technical measures to protect and secure personal data against unauthorized or unlawful processing, disclosure, alteration, or destruction.
  7. Data of data subjects are retained based on the purpose of processing, up to a maximum of 2 years.

Rights of the Data Subject

  1. The data subject has the right to access and review their personal data.
  2. They can obtain information about the processing of their personal data.
  3. The data subject has the right to rectify inaccurate data.
  4. If personal data is processed based on the data subject's consent, they have the right to withdraw consent at any time.
  5. To exercise their rights, the data subject can contact the customer support of the online store at support@yellzello.com.
  6. The data subject can file a complaint with the Data Protection Inspectorate to protect their rights.

Final Provisions

  1. These data protection terms and conditions are prepared in compliance with Regulation (EU) 2016/679 (GDPR), the Personal Data Protection Act of the Republic of Estonia, and relevant legislation.
  2. The controller reserves the right to amend the data protection terms and conditions, notifying data subjects of any changes via yellozello.com.