Data Controller

The data controller for the pogenemistoad.ee website is OÜ A360 (registry code 14765249), located at Side 9-46, Pärnu City, Pärnu County, 80015, Estonia. Contact: phone +372 555 28 376, email info@pogenemistoad.ee.

Personal Data Processed

• Name, telephone number, and e-mail address;
• Booking and purchase history (service, date, quantity, customer details);
• Payment-related data (transaction amount, payment method, payment status);
• Customer support interactions.

Purpose of Processing

Personal data are processed to manage customer bookings and orders.

Purchase and booking history are used to compile overviews of services purchased and to analyze customer preferences.

Payment details are used for processing transactions and issuing refunds.

Contact details (email, phone number, customer name) are processed for customer support and resolving issues related to the service.

IP addresses or other network identifiers are processed to provide the website as an information society service and for website usage statistics.

Legal Basis

• Processing is based on the performance of a contract with the customer.
• Processing may also be required for compliance with legal obligations (e.g., accounting, consumer dispute resolution).

Recipients of Personal Data

• Personal data are transmitted to the EscapeNavigator.com system for booking management and payment processing.
• Payment-related data are passed to Stripe Payments Europe, Ltd for secure payment processing.
• If accounting is handled by a third party, personal data are shared with that provider for accounting purposes.
• Data may also be shared with IT service providers as needed for website functionality or hosting.

Security and Access

Personal data are stored on servers operated by Zone Media OÜ (zone.ee) located within the European Union or a country recognized for adequate data protection.

Access to personal data is limited to website staff who require it for customer support or technical troubleshooting.

Appropriate physical, organizational, and technical measures are in place to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.

Data transfers to processors (e.g., IT service providers, hosting, accounting) are governed by contracts, and these processors are obliged to implement suitable protection measures.

Access and Correction

Customers may request access to or correction of their personal data by contacting customer support.

Withdrawal of Consent

If processing is based on consent, clients may withdraw consent at any time by notifying customer support via email.

Retention

• Booking and purchase history is retained for 3 years, except where retention is required longer for accounting or consumer dispute resolution purposes.
• Data related to payments or consumer disputes are kept until resolution or the expiry of any statutory limitation period.
• Data required for accounting purposes are kept for 7 years.

Erasure

To request erasure of personal data, customers should contact customer support via email. Requests will be processed within one month, and the period for completion will be specified.

Data Portability

Requests for personal data portability submitted by email will be processed within one month. Customer support will verify the requester’s identity and provide the data accordingly.

Direct Marketing

Email addresses and phone numbers may be used for direct marketing only with the customer’s explicit consent. Customers can unsubscribe at any time using a link in the email footer or by contacting customer support.

If data processing is used for profiling related to direct marketing, customers have the right to object at any time by notifying customer support via email.

Dispute Resolution

Disputes related to personal data processing are handled by customer support. The data protection supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).