1. GENERAL PROVISIONS

​

1.1. The Data Controller of personal data is KILLTHEFRAME OÜ, registry code 14735030, located in the Republic of Estonia.

1.2. A Data Subject refers to any individual whose personal data is processed by the Data Controller.

1.3. A Customer refers to any natural person who purchases goods or services via the framedesign.ee website.

1.4. The Data Controller ensures that all personal data is processed lawfully, fairly, and securely, in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

1.5. For payment processing purposes, personal data may be transferred to authorized processors such as Maksekeskus AS.

 

2. COLLECTION AND PROCESSING OF PERSONAL DATA

​

2.1. Personal data is collected electronically, primarily through the website and email correspondence.

2.2. By submitting personal data, the Data Subject grants the Data Controller the right to collect, use, and manage the data for the purposes specified in this policy.

2.3. The Data Subject is responsible for the accuracy and completeness of the data provided. Providing false information is considered a breach of this policy. The Data Subject must inform the Data Controller of any changes to the submitted data.

2.4. The Data Controller is not liable for damages arising from incorrect data submitted by the Data Subject.

​

3. TYPES AND PURPOSES OF PERSONAL DATA PROCESSED

​

3.1. The Data Controller may process the following personal data:

• First and last name;

• Phone number;

• Email address;

• Billing and shipping address;

• Bank account number (if applicable);

• Payment card details (if applicable).

3.2. Publicly available data may also be collected from official registries, where legally permitted.

3.3. Legal bases for data processing are set out in Article 6(1) of the GDPR:

a) Consent of the Data Subject;

b) Fulfillment of a contract or taking steps prior to contract formation;

c) Compliance with a legal obligation;

f) Legitimate interests of the Data Controller or third parties (unless overridden by the fundamental rights of the Data Subject).

3.4. Personal data is processed for the following purposes and retention periods:

Security and legal compliance - As required by law;

Order processing - 180 days;

Operation of the online store - 180 days;

Customer service and communication - 180 days;

Accounting and financial operations - As required by law;

Marketing (with consent) - 180 days.

3.5. The Data Controller may share personal data with authorized processors including:

• Accounting service providers;

• Logistics and courier companies;

• IT and payment service providers;

• Legal and regulatory authorities if required by law.

3.6. The Data Controller applies organizational and technical measures to ensure the protection of personal data against unauthorized access, alteration, disclosure, or destruction.

3.7. Personal data is not stored for longer than necessary for the purposes for which it was collected and will not exceed 2 years, unless a longer retention period is required by law.

​

4. RIGHTS OF THE DATA SUBJECT

​​​

The Data Subject has the following rights under applicable data protection laws:

• Right to access their personal data

• Right to receive information about data processing

• Right to rectify or complete incorrect or incomplete data

• Right to withdraw consent at any time (if processing is based on consent)

• Right to object to or restrict processing under certain conditions

• Right to request data deletion ("right to be forgotten") under certain conditions

• Right to file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

To exercise these rights, contact us at: info@framedesign.ee

​

5. FINAL PROVISIONS

​​

5.1. This policy is prepared in accordance with:

• EU General Data Protection Regulation (Regulation (EU) 2016/679)

• Estonian Personal Data Protection Act

• Other applicable Estonian and EU laws

5.2. The Data Controller reserves the right to amend this policy partially or fully. Updates will be published on www.framedesign.ee and are effective from the date of publication.