DISCLAIMER: The information given in this document concerning technical, legal or professional subject matter is for guidance only and does not constitute legal or professional advice. Your use of this document is likely to require further modification and adaptation to reflect the specific use, the specific technical environment and your jurisdiction. We do not warrant, endorse, guarantee, or assume responsibility for the accuracy or reliability of any information offered in this document. Under no circumstance shall we have any liability to you for any loss or damage of any kind incurred as a result of the use of this document or reliance on any information provided in this document. Your use of this document and your reliance on this document is solely at your own risk. All Rights Reserved © FA Fashion Edge Solutions 2023
Welcome to TJ Retail Osaühing and our website at www.tjcollection.com. At TJ Retail Osaühing, we take the protection of your data very seriously. In the following, we explain what information we collect when you use our website and services, and how it is used.
The Basics
What law applies?
Our use of your Personal Data is subject to the Personal Data Protection Act and the EU General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.
What is Personal Data?
Personal Data is any information about personal or factual circumstances that relate to a person. This may include name, date of birth, email address, postal address or telephone number, but also online identifiers such as IP addresses or device IDs.
What is processing?
"Processing" is any operation or set of operations that is performed on Personal Data, whether or not it is done automatically. The term is broad and covers virtually any handling of data.
Who is responsible for data processing?
The responsible party within the meaning of the Personal Data Protection Act and the GDPR is TJ Retail Osaühing, Peterburi street 81-306, Harju county, 11415, Tallinn, Estonia (“TJ Retail Osaühing”, “we”, “us”, or “our”).
If you have any questions about this policy or our data protection practices, please contact us using privacy@tjcollection.com or write to us at the above address.
What are the legal bases for processing?
According to the Personal Data Protection Act and the GDPR, we should have at least one of the following legal bases to process your Personal Data:
To fulfill contractual obligations
(The purposes of the data processing are primarily based on the service we provide).
In connection with our legitimate interests.
(Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples include:
○ Ensuring IT security and IT operations,
○ Corporate governance measures and further development of our services,
○ defense against claims by third parties and
○ Enforcement of our own claims).
Based on your consent
(If you have given us your consent to process Personal Data for specific purposes).
To comply with legal obligations.
(Processing to comply with our legal obligations.)
Am I obliged to provide data?
In the context of our business relationship, you are only obliged to provide Personal Data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.
Data that we collect automatically
Log data
Each time you visit our website, our system automatically collects the following data from the visiting device and stores it in a so-called log file: (i) name of the file accessed, (ii) date and time of the visit, (iii) amount of data transferred, (iv) notification of successful retrieval, type of browser and version used, (v) IP address (identification of the user's device), (vi) operating system of the visiting device, (vii) Internet service provider of the visiting device, (viii) website from which you access our website, and (ix) which pages of our website you access. The legal basis for this processing is our legitimate interest.
Hosting and shop
The hosting services used by us for the purpose of operating our website and shop is bigcommerce.com. In doing so bigcommerce.com, processes inventory data, contact data, content data, usage data, meta data and communication data of customers, interested parties and visitors of our website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for our services). Data transfers to the USA are based on the EU-US Data Privacy Framework (DPF). You can find more information at: ec.europa.eu/commission/presscorner/detail/en/ip_23_3721 and www.dataprivacyframework.gov/s/
Cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies: i) Essential Cookies. Essential cookies are cookies to provide a correct and user-friendly website; and ii) Non-essential Cookies. Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
As set out in the Personal Data Protection Act and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.
Cookie consent
Our website uses a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: a) Your consent(s) or revocation of your consent(s); b) Your IP address; c) Information about your browser; d) Information about your device; d) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.
Links to other websites
Please note that if you use a link from our website to a third-party website, that third-party may also set new cookies that are not covered by this policy. In such cases, we recommend that you read the cookie policy on the third-party website itself.
Third-party services and content
We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services ("services").
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.
The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any,
Google Analytic
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined by Art. 6 (1) f. GDPR), we use Google Analytics, a web analysis service of Google Inc. ("Google"). Google uses cookies. The information generated by the cookie concerning use of the online offer by the user is generally transferred to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles may be created from the processed data.
We use Google Analytics to display the advertisements placed by Google and its partners within advertising services only to users who have shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that are determined by the websites visited) that we transfer to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences we also want to ensure that our advertisements correspond with the potential interests of the users and are not annoying.
We only use Google Analytics with IP anonymisation enabled. This means that the user's IP address will be shortened by Google within the Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transferred from the user's browser is not combined with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and the processing of these data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout; Further information on data use by Google, possible settings and objections can be found on Google's websites: www.google.com/intl/de/policies/privacy/partners ("How Google uses data when you use our partners' sites or apps"), www.google.com/policies/technologies/ads ("Use of data in advertising"), www.google.de/settings/ads ("Manage information that Google uses to show you ads").
Google remarketing services
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined by Art. 6 (1) f. GDPR), we use the marketing and remarketing services ("Google marketing services" for short) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
Google marketing services allow us to target advertisements for and on our website in order to present users only with advertisements that potentially match their interests. If a user, for example, sees advertisements for products he has been interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a Google code and (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies).
Cookies can be placed by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which content he is interested in and which offers he has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The user's IP address is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within Member States of the European Union or in other signatory states of the Agreement on the European Economic Area and only in exceptional cases transferred in full to a Google server in the USA and shortened there. The IP address is not combined with the user's data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, the advertisements tailored to his interests can be displayed.
Users' data are processed pseudonymously within Google marketing services. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data relating to cookies within pseudonymous user profiles. This means that, from Google's point of view, the advertisements are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transferred to Google and stored on Google's servers in the USA.
One of the Google marketing services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies cannot therefore be traced through the websites of AdWords customers. The information collected with the help of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their advertisement and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which they could personally identify users.
We can integrate third-party advertisements based on the Google marketing service "DoubleClick". DoubleClick uses cookies to enable Google and its partner websites to place advertisements based on users' visits to this website or other websites on the Internet.
We can integrate third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner websites to place advertisements based on users' visits to this website or other websites on the Internet.
We can also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of so-called "A/B testing". Cookies are stored on users' devices for these test purposes. Only pseudonymous user data are processed.
We can also use the "Google Tag Manager" to integrate and manage Google analysis and marketing services into our website.
Further information on Google's use of data for marketing purposes can be found on the overview page: www.google.com/policies/technologies/ads, Google's privacy policy can be accessed at www.google.com/policies/privacy.
If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: www.google.com/ads/preferences.
Facebook custom audiences and marketing services; disabling of the Facebook Pixel function
Because of our legitimate interests in the analysis, optimisation and economic operation of our online content and for the associated purposes, our website contains the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").On the one hand, the Facebook Pixel enables Facebook to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in specific topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook Pixel we also wish to ensure that our Facebook ads correspond to the potential interests of users and are not intrusive. The Facebook Pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook Pixel is directly integrated by Facebook when you access our website and can place a so-called "cookie", i.e. a small file, on your device. If you then log into Facebook or visit Facebook while logged in, the visit to our online service will be noted in your profile. The data collected about you is anonymous for us, so we are unable to draw conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for specific market research and advertising purposes. If we transmit data to Facebook for matching purposes, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of comparison with the other data that is also encrypted by Facebook. In addition, when using the Facebook Pixel, we use the "extended matching" function (with which data such as telephone numbers, email addresses or Facebook IDs of users is sent to Facebook (encrypted) in order to create target groups ("custom audiences" or "look-alike audiences")). Further details of "extended matching": https://www.facebook.com/business/help/611774685654668)
Also on the basis of our legitimate interests, we use the "custom audiences from file" process of the social network Facebook, Inc. In this case, the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload serves solely to identify recipients of our Facebook ads. This is to ensure that the ads are only displayed to users who have an interest in our information and services. The processing of the data by Facebook takes place within the framework of Facebook's data use policy. General information on the display of Facebook ads in the Facebook data use policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616 You may object to the recording of your data by the Facebook Pixel and its use to display Facebook ads. To manage what types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. To prevent the collection of your data using the Facebook pixel on our website, please click on "Edit cookie settings" at the top of the page. You can also object to the use of cookies for coverage measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/), the US website (http://www.aboutads.info/choices), or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
- External fonts from Google, Inc., www.google.com/fonts ("Google Fonts"). The integration of Google Fonts takes place by calling up a Google server (usually in the USA). Privacy policy: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.
- Maps from the service "Google Maps" provided by third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.
- Videos from the platform "YouTube" of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.
- Features of the service Instagram are integrated within our online offer. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account you can link the content of our pages with your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your account. We would like to point out that we, as the provider of the pages, are not aware of the content of the transferred data or its use by Instagram. Privacy policy: instagram.com/about/legal/privacy/.
- Our online offer uses features of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn "recommend button" and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that we, as the provider of the pages, are not aware of the content of the transferred data or its use by LinkedIn. Privacy policy: www.linkedin.com/legal/privacy-policy, Opt-Out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- We use social plug-ins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you access a page that contains such a plug-in, your browser establishes a direct connection to Pinterest's servers. The plug-in transfers log data to Pinterest's servers in the USA. This log data may include your IP address, the address of the websites you visit which also include Pinterest features, the type and settings of your browser, the date and time of your request, your use of Pinterest and cookies. Privacy policy: about.pinterest.com/de/privacy-policy.
- Features of the service Twitter may be integrated within our online offer. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Retweet" feature, the websites you visit are linked to your Twitter account and made known to other users. Data are also transferred to Twitter. We would like to point out that we, as the provider of the pages, are not aware of the content of the transferred data or its use by Twitter. Twitter's privacy policy can be found at twitter.com/privacy. You can change your Twitter privacy settings in your account settings at twitter.com/account/settings.
- We use features of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains Xing features, a connection to Xing's servers is established. To our knowledge, personal data are not stored. In particular, no IP addresses are stored and no usage behaviour is evaluated. Privacy policy: www.xing.com/app/share;
- Web analysis and optimisation with the help of the service Hotjar, third-party provider Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. With Hotjar, movements on the websites on which Hotjar is used can be traced (so-called heatmaps). For example, you can see how far users scroll and which buttons users click and how often. Furthermore, technical data such as selected language, system, screen resolution and browser type are recorded. Here, user profiles can be created, at least temporarily during the user's visit to our website. Hotjar also makes it possible to get feedback directly from the users of the website. This provides us with valuable information to make our websites even faster and more customer-friendly. Privacy policy: www.hotjar.com/privacy. Opt-out: www.hotjar.com/opt-out.
- External code of the JavaScript framework "jQuery", provided by third-party provider jQuery Foundation, jquery.org.
Data we collect directly
Contact
The processing of Personal Data depends on the nature of your contact. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also contain certain Personal Data. The Personal Data collected when you contact us is used to process your request, and the legal basis is your consent.
Registration
As part of the registration process, users provide their a) Full Name; b) User Name; c) Email address; d) Password. The data provided will be used for the purposes of creating and using the account and providing and/or using our services. In the context of the use of our registration and the use of your account, the legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as consent.
Shopping with us
We process your first name, last name, e-mail address, billing and shipping address for the delivery of your order and the data related to your contract with us to handle the contractual relationship.
Order confirmation/dispatch confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you your order, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfill our legal information obligations for an effective conclusion of a contract with you.
Payment Data
If you make a purchase your payment will be processed via our payment service provider Braintree is a service of PayPal. Payment data will solely be processed through Braintree and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.
Marketing
If you have given us your separate consent to process your data for marketing and promotional purposes, we are entitled to contact you for these purposes through the communication channels for which you have given your consent.
You may give us your consent in a variety of ways, such as by checking a box on a form asking for permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. In cases where your consent is implied, it is based on the assumption that you could reasonably expect to receive a marketing communication based on your interactions or contractual relationship with us.
Direct marketing is typically by email, but may include other less traditional or new channels. These forms of contact are managed by us or by our contracted service providers. Any direct addressed marketing sent or conducted by us or on our behalf will provide you with the opportunity to opt out or exclude yourself.
Economic analyses and market research
For business reasons, we analyze the data we have on business transactions, contracts, enquiries,browsing behavior etc., whereby the group of persons concerned may include contractual partners, interested parties, and users of our services.
The analyses are carried out for the purpose of business evaluations and market research. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).
General Principles
Who receives my information?
Within TJ Retail Osaühing, those who have access to your information are those who need it to fulfill our contractual and legal obligations.
Processors used by us may also receive data for these purposes. These are companies in the areas of IT services, telecommunications, sales and marketing and for the delivery of products using DHL/DPD/ Estonian post. If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of Personal Data in accordance with the relevant legal provisions.
Data is only passed on to third parties within the framework of the legal provisions. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or due to legitimate interests in the economic and effective operation of our company, or if you have consented to the transfer of data.
How long will my data be stored?
To the extent necessary, we process and store your Personal Data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations, which result, among other things, from the statutory minimum retention periods and other retention periods prescribed in this sense, e.g. retention periods under tax or commercial law. Depending on the document and the legal regulation, the periods specified there for storage and documentation are two to twenty years.
How do we secure your data?
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of content or contact requests that you send to us. In addition, we have taken numerous security measures ("technical and organizational measures"), such as encryption or access only when necessary, to ensure the most complete protection of Personal Data processed through this website.
Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. And databases or records containing Personal Data may be breached inadvertently or by unlawful intrusion. If we learn of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as soon as possible after the breach is discovered.
Is data transferred to a third country?
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
Special category data
We do not process special category data unless it is necessary for the use of our services and explicit consent has been given.
Minors
We do not request Personal Data from minors and children and do not knowingly collect such data or share it with third parties.
Automated Decision Making
Automated decision making is the process of making a decision by automated means without human involvement. Automated decision making does not occur.
Do Not Sell
We do not sell your personal information.
Your rights and privileges
Rights to protect your data
Under the Personal Data Protection Act and the GDPR, you may exercise the following rights:
- ● Right to information
- ● Right to rectification
- ● Right to deletion
- ● Right to data portability
- ● Right to object
- ● Right to withdraw consent
- ● Right to lodge a complaint with a supervisory authority
- ● Right not to be subject to a decision based solely on automated processing.
If you have any questions about the type of Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
Updating your data
If you believe that the data we hold about you is inaccurate or that we are no longer entitled to use it and you wish to request that it be rectified or erased, or object to its processing, please contact us.
Withdrawal of your consent
You may withdraw any consent you have given at any time by contacting us. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
Request for information
If you would like to make a request for information about your data, you can inform us in writing. We will respond to requests for information and correction as quickly as possible. If we are unable to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with the personal information you have requested or to make a correction, we will tell you why.
Complaint to a supervisory authority
You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
Changes
This Privacy Policy was last updated on 13.11.2023 and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary.