General Provisions

1.1. This privacy policy governs the principles concerning the collection, processing, and retention of personal data. Personal data is collected, processed, and stored by the responsible data processor OÜ Celeht (hereinafter referred to as the Data Processor).
1.2. In the context of this privacy policy, a data subject is a client or other natural person whose personal data is processed by the Data Processor.
1.3. In the context of this privacy policy, a client is anyone who purchases goods or services from the Data Processor’s website.
1.4. The Data Processor adheres to the data processing principles established by law, including processing personal data lawfully, fairly, and securely. The Data Processor can confirm that personal data has been processed in accordance with legal requirements.

2. Collection, Processing, and Retention of Personal Data
2.1. The personal data that the Data Processor collects, processes, and retains has been gathered electronically, primarily via the website and email.
2.2. By sharing their personal data, the data subject grants the Data Processor the right to collect, organize, use, and manage the personal data for the purposes defined in this privacy policy, which the data subject provides directly or indirectly when purchasing goods or services on the website.
2.3. The data subject is responsible for ensuring that the data provided is accurate, correct, and complete. Intentionally providing false data is considered a breach of this privacy policy. The data subject is obliged to promptly notify the Data Processor of any changes to the provided data.
2.4. The Data Processor is not liable for any damages incurred by the data subject or third parties as a result of the data subject providing false data.

3. Processing of Clients’ Personal Data
3.1. The Data Processor may process the following personal data of the data subject:
 3.1.1. First and last name;
 3.1.2. Telephone number;
 3.1.3. Email address;
 3.1.4. Delivery address;
 3.1.5. Account number;
3.2. In addition to the above, the Data Processor has the right to collect information about the client that is available in public registries.
3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
 a) the data subject has given consent to process their personal data for one or more specific purposes;
 b) the processing of personal data is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract;
 c) the processing of personal data is necessary for the fulfillment of a legal obligation by the responsible processor;
 f) the processing of personal data is necessary for the purposes of the legitimate interests pursued by the responsible processor or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of the personal data, especially if the data subject is a child;
 g) processing of personal data for direct marketing purposes.
3.4. Processing of personal data according to the purpose of processing:
 3.4.1. Purpose – Security and Safety
  Maximum retention period for personal data – in accordance with the time limits specified by law.
 3.4.2. Purpose – Order Processing
  Maximum retention period for personal data – in accordance with the time limits specified by law.
 3.4.3. Purpose – Ensuring the Functioning of E-Shop Services
  Maximum retention period for personal data – in accordance with the time limits specified by law.
 3.4.4. Purpose – Client Management
  Maximum retention period for personal data – in accordance with the time limits specified by law.
 3.4.5. Purpose – Financial Activities, Accounting
  Maximum retention period for personal data – in accordance with the time limits specified by law.
 3.4.6. Purpose – Marketing
  Maximum retention period for personal data – in accordance with the time limits specified by law.
3.5. The Data Processor has the right to share clients’ personal data with third parties, such as authorized data processors, accountants, transportation and courier companies, and companies providing transfer services. The Data Processor is the responsible data processor. For payment processing, the Data Processor transfers the necessary personal data to the authorized processor Montonio AS.
3.6. In processing and retaining the personal data of the data subject, the Data Processor implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
3.7. The Data Processor retains the data of data subjects depending on the purpose of processing, but for no longer than 15 years.

4. Use of Cookies on the cosmicshepherdess.com Website
Cosmicshepherdess.com uses cookies for the operation of the website and to offer visitors a better user experience. Cookies are small text files that are stored on your computer or mobile device when you visit websites. Cookies help us analyze visitor behavior on the website, provide personalized content and advertisements, and improve the overall web experience.
4.1. Consent to the Use of Cookies
 By visiting the cosmicshepherdess.com website, you agree to the use of cookies in accordance with this privacy policy. You can change the use of cookies at any time through your web browser settings or opt out of cookie usage entirely. Please note that disabling cookies may affect your web experience and the functionality of certain features of the website.
4.2. Types of Cookies on the cosmicshepherdess.com Website
 4.2.1. Necessary Cookies: These cookies are essential for the basic functions of the website, allowing you to navigate and use its features. They do not collect personal information.
 4.2.2. Functional Cookies: These cookies enable us to remember your preferences and enhance the website’s functionality.
 4.2.3. Analytical Cookies: These cookies help us gather information on how visitors use the website, so that we can improve and tailor our website.
If you have any questions regarding the use of cookies on the cosmicshepherdess.com website, please contact us at cosmicshepherdess@outlook.com.

5. Rights of the Data Subject
5.1. The data subject has the right to access and review their personal data.
5.2. The data subject has the right to receive information regarding the processing of their personal data.
5.3. The data subject has the right to supplement or correct inaccurate data.
5.4. If the Data Processor processes the personal data of the data subject on the basis of the data subject’s consent, the data subject has the right to withdraw that consent at any time.
5.5. To exercise these rights, the data subject may contact the e-shop’s customer support at cosmicshepherdess@outlook.com.
5.6. The data subject also has the right to lodge a complaint with the Data Protection Inspectorate to safeguard their rights.

6. Final Provisions
6.1. These data protection terms have been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the invalidation of Directive 95/46/EC (General Data Protection Regulation), the Estonian Personal Data Protection Act, and the laws of the Republic of Estonia and the European Union.
6.2. The Data Processor reserves the right to amend these data protection terms in part or in full, notifying data subjects of any changes via the website www.cosmicshepherdess.com/.