Privacy Policy

The controller of personal data at Diamande is Diamande: Sansaaro OÜ, Tuulemaa tn 20, Tallinn 10315


Personal data protection

Personal data are data collected by Diamande for providing a service, identifying a person, contacting a person for providing a service or for resolving any issues.

Diamande undertakes to protect the personal data and privacy of its customers and users. Diamande’s activities online are in conformity with all applicable requirements and legislation of the Republic of Estonia and the European Union, including Regulation (EU) 2016/679 of the European Parliament and of the Council. Diamande applies all precautionary measures (including administrative, technical and physical) to protect the personal data collected. Access to the personal data to change and process the data is only granted to authorised persons.


Security

The personal data which has become known in the course of visiting the website and making purchases on the account are treated as confidential information. An encrypted data communication channel with banks ensures the security of the customer’s personal data and bank information.


Diamande applies all security measures (including physical, information technology and organisational) to protect the personal data processed. Access to personal data is only granted to authorised persons, and the personal data of all customers of Diamande are treated as confidential information.


1. What kind of data are collected?

  • the information you provide to us when registering as a loyal customer or user of the Online Shop (including first name and family name, personal identification code, e-mail address, postal address, purchase history);
  • the information you provide to us when ordering goods/products and sending notices by e-mail;
  • any other information you provide to Diamande.

If a person visits the Diamande Online Shop, the following non-personal data are collected about him/her:

  • information on the use of the Online Shop (including IP address, geographical location, browser type and version, operating system, reference, length of visit, page views, website navigation, time and date of visit and other statistics. Furthermore, we may use third-party services such as Google Analytics, Hotjar or Facebook Pixel to collect, monitor and analyse information about the transactions between you and us or in relation to our Online Shop, including information on the products and services purchased from us.

Information is collected on website visits and the time spent on the website in order to improve the website and make it more convenient for visitors to use.


To process the data of legal persons, we collect data such as company name, registry code, VAT number, address, e-mail addresses to contact and send invoices, and the names, e-mails and phone numbers of persons representing the company.


If services are paid for by credit card or a bank link service, only Maksekeskus AS will have access to bank card information and bank information and will only issue information on successful completion of a payment to Diamande. 


2. Personal data usage

Diamande may use your personal data for the following purposes:

  • to perform the purchase and sale contract;
  • to manage the Online Shop;
  • to adapt the Online Shop to your needs;
  • to grant you access to the services of the Online Shop and use of such services;
  • to deliver you the products you have ordered by sharing your delivery address with logistics partners;
  • to receive notifications, pay invoices and receive payments;
  • to send the notices you have requested by e-mail;
  • to process your inquiries, feedback and complaints relating to our products;
  • to routinely send you e-mails about our new products, special offers or any other information which we think might be of interest to you, by using the e-mail address you have given us;
  • to use your personal data to contact you for permission to use your shopping experience / share your shopping experience in our promotional or sales materials. 


3. How long will the collected data be stored?

The personal data of people registered as loyal customers of Diamande are stored without a term. The non-personal technical data collected on the website of Diamande’s Online Shop are stored without a term.

The personal data related to non-anonymous inquiries and/or transactions are stored for up to 7 years after the last interaction with the service provider, pursuant to the obligation prescribed by the Accounting Act to prove transactions.

An interaction means, in particular, reacting to direct marketing by viewing or clicking on a link.


4. Who are the recipients of personal data?

Diamande is the controller of the personal data. The personal data processed by Diamande can be transmitted without the consent of the respective person only to a lawfully entitled (e.g. by a court or a body conducting pre-trial proceedings) institution or person who has a legitimate need.


5. What are the data subject’s rights?

The right to access the personal data, rectify the data and object to processing.


A customer registered in the Online Shop has the right to access and rectify his/her personal data on his/her account in the Online Shop. If the personal data cannot be rectified or accessed on the account, an application should be filed to us in a format which allows identifying the person, to access or rectify the data. If possible, the personal data are made available to access or rectify in 7 business days.


A loyal customer registered in Diamande’s Online Shop has the right to access and rectify his/her personal data in Diamande shops or by sending an application to info@diamande.ee. If the customer wishes to opt out of direct marketing, the link is available for immediate use at the bottom of each direct marketing letter. The change will become effective immediately.

If there is no legal ground (anymore) for processing or granting access to the personal data, Diamande can be requested to stop the processing or erase the data. A relevant application should be filed which should allow for identification of the person.


The customer has the right to demand that his/her personal data no longer be processed or that the personal data be rectified or erased, at any time. Diamande satisfies the customer’s application in three business days at the latest after receipt of the application.


If the customer deems his/her rights to be violated in processing his/her personal data, the customer has the right to turn to Diamande, the Estonian Data Protection Inspectorate or the court to demand that the violation be stopped.


6. Privacy Policy, and changes

By using Diamande’s website, you confirm you have read and agree to these principles and terms and conditions. We retain the right to change the general terms and conditions by notifying all related persons thereof.


If you have any questions about or issues with the Privacy Policy or data processing, please contact us at info@diamande.ee.