Политика конфиденциальности

1. Introduction

This Privacy Policy explains how Mängupood, operating in Estonia, collects, uses, stores, and protects personal data.

This document is intended as a professional GDPR and ePrivacy compliance template for online catalog and inquiry services.

By using this website, you acknowledge that your personal data may be processed as described in this policy.

2. Data Controller

The data controller for processing activities described in this policy is Mängupood, Estonia.

For all privacy-related requests, data subject rights requests, and compliance inquiries, contact: infinitepowerits@gmail.com.

Mängupood determines the purposes and means of processing personal data submitted through this website.

3. What Data We Collect

We may collect identification and contact details such as name, email address, and phone number when you submit an inquiry or contact request.

We collect inquiry-related details, including selected products, quantities, and optional comments you provide.

We may collect communication records from contact forms to respond to requests and maintain support history.

We process technical information such as device details, browser metadata, and log data required for platform operation and security.

4. How We Use Your Data

We use your data to receive and process product inquiries and communicate with you about your request.

We use submitted details to provide pre-contractual information, product availability updates, and follow-up communication.

We use contact form data to answer questions, provide customer support, and improve service quality.

We may process minimal technical data to maintain system integrity, detect abuse, and ensure website reliability.

5. Legal Basis for Processing

Our processing is based on GDPR Article 6(1)(b) where data is required to take steps at your request before entering into a contract.

Our processing may be based on GDPR Article 6(1)(c) when legal obligations apply to accounting, recordkeeping, or regulatory requirements.

Our processing may be based on GDPR Article 6(1)(f) for legitimate interests such as fraud prevention, service security, and operational administration.

Where required, we process data on the basis of consent under GDPR Article 6(1)(a), including explicit GDPR consent fields in forms.

6. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.

Inquiry records are generally retained for business follow-up and legal documentation periods, unless deletion is requested and legally permissible.

Contact messages may be retained to ensure continuity of support and to document prior communications.

Where legal obligations require longer retention, data will be stored for the mandatory period and then securely deleted or anonymized.

7. Your Rights Under GDPR

You have the right to request access to personal data we hold about you and to obtain a copy of that data.

You have the right to request rectification of inaccurate data and completion of incomplete personal data.

You have the right to request erasure of your data, subject to legal and contractual limitations.

You have the right to request restriction of processing in specific circumstances provided by GDPR.

You have the right to data portability for data processed by automated means based on consent or contract.

You have the right to object to processing based on legitimate interests, including direct marketing where applicable.

You have the right to withdraw consent at any time, without affecting the lawfulness of prior processing.

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.

8. Cookies and ePrivacy

This website may use essential cookies or local storage to ensure core functionality, such as preserving language and list preferences.

Non-essential cookies, if introduced, should be managed through a compliant consent mechanism in line with ePrivacy requirements.

You may control cookie preferences through browser settings, though disabling essential technologies may impact site functionality.

9. Third-Party Services

We use Supabase as a data processor for hosted database, authentication, and storage services.

Supabase processes data under contractual safeguards and acts only on documented instructions where required.

Additional service providers may be engaged for infrastructure, security, or communication, subject to data processing obligations.

10. Data Security

We apply technical and organizational measures designed to protect personal data from unauthorized access, alteration, disclosure, or destruction.

Security controls may include access restrictions, encryption in transit, role-based permissions, and activity monitoring.

No internet-based service can guarantee absolute security, but we continuously work to reduce risk and improve safeguards.

11. Children's Privacy

Our services are intended for adults and legal guardians making inquiries about toys, not for independent use by children.

We do not knowingly collect personal data directly from children without appropriate legal basis and parental involvement.

If you believe a child has submitted personal data inappropriately, please contact us so we can review and take action.

12. Changes to This Policy

We may update this policy from time to time to reflect legal, technical, or business changes.

Material updates will be posted on this page with an updated revision date.

Continued use of the website after updates indicates acknowledgment of the revised policy terms.

13. Contact Information

For privacy, data protection, and GDPR rights requests, contact Mängupood at infinitepowerits@gmail.com.

When contacting us, please provide sufficient details to identify your request and verify your identity where necessary.

We aim to respond within the timelines required by applicable data protection law.