Responsible Processor and Data Protection Officer
3. The responsible processor for the Customer’s personal data is Brolexy grupp OÜ, registration number 14235362, address Harju County, Tallinn, Turki, 10152.
4. For questions related to the terms of privacy and the processing of personal data, we ask the Client to send requests to the email address [email protected]
Principles of personal data processing
5. Brolexy grupp processes personal data submitted by the Client in accordance with the requirements established by the applicable law, and when processing personal data always proceeds from the interests, rights and freedoms of the Client.
6. The goal of Brolexy grupp is responsible personal data processing, in which we are guided by the best practice, given the constant willingness to demonstrate the compliance of personal data processing with the goals set.
7. All processes, instructions, operations and actions of the Brolexy grupp related to the processing of personal data, proceed from the following principles:
7.1. Legality. There is a legal basis for the processing of personal data, for example, consent;
7.2. Justice. The processing of personal data is fair, ensuring, above all, that the Client has sufficient data and information on how personal data are processed;
7.3. Transparency. The processing of personal data is transparent to the Client;
7.4. Compliance with the goal. Personal data is collected for precise and well-defined and legitimate purposes, and is not subsequently processed in a manner that is contrary to these goals;
7.5. Minimality. Only the collection of reasonable and important data is made, the collection is limited to the data that are necessary from the point of view of the purpose of processing personal data. When processing personal data, Brolexy grupp proceeds from the principle of minimal processing, and if personal data are not necessary or are no longer needed for the purpose for which they were collected, they are deleted;
7.6. Credibility Personal data is reliable and, if necessary, updated, and all reasonable measures are taken to immediately remove or correct data that is not reliable in terms of the purpose of processing;
7.7. Storage Restriction. Personal data is stored in a form that allows identification of the Client, only as long as it is necessary to achieve the goal for which personal data are processed. This means that if, in accordance with the purpose, the Brolexy grupp wishes to keep personal data longer than necessary, the Brolexy grupp ensures the anonymity of the data in a way that no longer identifies the Client;
7.8. Reliability and privacy. The processing of personal data is carried out in a manner that ensures the proper security of personal data, including protecting it from processing without permission or illegal processing, as well as accidental loss, destruction or damage using reasonable technical or organizational measures.
7.9. Data protection by default and integrated data protection. Brolexy grupp ensures compliance with the required technical criteria of all systems used. Appropriate protection measures are planned for each update and design of an information system, as well as a database (for example, information systems and business processes are formed based on the prerequisites of pseudonymization and encryption).
8. When processing personal data, Brolexy grupp proceeds from the goal of always being able to confirm the implementation of the above principles. Additional information about these principles can be requested by email ([email protected]).
Purpose of processing personal data
9. Gamekeys processes Customer’s personal data for the following purposes:
9.1. To conclude an agreement with the Client and register as a regular client, including for registering the Client in the Brolexy grupp environment and performing registration-related operations, contacting the Client in connection with membership, and identifying the Client in case he contacts now;
9.2. To provide services to the Client, including the sale of goods to the Client and the delivery of ordered goods;
9.3. For making automated decisions, including the Client’s profile analysis in connection with the products he prefers, and, through this, offering the Client discounts;
9.4. To conduct satisfaction surveys, including management of research results and their analysis;
9.5. To send marketing messages, discounts and news to the Client;
9.6. To fulfill obligations arising from legislation, including the fulfillment of accounting and tax obligations, as well as orders of the competent state institutions and their bodies.
Personal data processed
10. Brolexy grupp processes the following personal data:
10.1. in the cases described in clause 9.1 - the name and surname, telephone number, email address, country, IP-address of the Client;
10.2. in cases specified in clause 9.2 - the name and surname, telephone number, e-mail address of the Client;
10.3. in the cases specified in clause 9.3 - the name and surname, telephone number, email address, Client's IP address, list of goods ordered by the Client;
10.4. in the cases specified in clause 9.4 - the name and surname, telephone number, e-mail address of the Client; the list of goods ordered by the Client and data about the Client, indicated by him during the research;
10.5. in the cases specified in clause 9.5 - the name and surname, the email address of the Client;
10.6. in the cases specified in clause 9.5 - in accordance with the provisions of the law or orders of state institutions and / or their bodies.
Legal basis for the processing of personal data
11. Brolexy grupp processes the Client's data because it is necessary for the fulfillment of the contract concluded with the Client’s participation (see clause 9.2 above) or for taking measures preceding the conclusion of the contract (clause 9.1 above). In such a case, the legal basis for data processing is the contract concluded with the Client or the Client's request for negotiations prior to the conclusion of the contract.
12. Brolexy grupp processes the client’s personal data in order to transfer marketing materials and offers, as well as conduct satisfaction surveys and analyze the results only if the Client has agreed to this (see clauses 9.4 and 9.5 above). In this case, the legal basis for data processing is the consent given by the Client.
13. The basis for making automated decisions is the justifiable interest of the Brolexy grupp (see paragraph 9.3 above). The justified interest of the Brolexy grupp is to offer the Client suitable offers and corresponding to his interests offers. Brolexy grupp processes the Client’s personal data to make automated decisions and to compile a profile analysis mainly anonymously and in a non-personalized form.
This minimizes the risk with respect to the rights and interests of the data subject.
14. Brolexy grupp processes the Client’s personal data in order to fulfill the duties arising from the legislation in each specific case if there is a legal basis that follows from the law (see paragraph 9.6 above).
Transfer of personal data to third parties
15. Brolexy grupp does not transfer Client’s personal data to third parties, except for:
15.1. Providers of IT-services and advertising services of Brolexy grupp, to the extent necessary for managing Brolexy grupp databases, providing services to Clients and communicating with Clients (for example, Amazon);
15.2. e-mail service providers in cases where a Brolexy grupp sends marketing materials and offers to the Client (for example, SendPulse);
15.3. accounting service provider Brolexy grupp, as well as government agencies and their agencies, to the extent necessary to fulfill the Brolexy grupp duties arising from legislation.
16. All authorized processors mentioned in clause 15 must ensure the same level of personal data protection as the Brolexy grupp. If the Brolexy grupp in the above cases transfers the Client’s personal data outside the European Economic Area, he is convinced that for such transfer of personal data there is an appropriate adequacy mechanism in the context of the General Regulation on Personal Data Protection (GDPR) and the Client’s personal data is protected at European Union
Storage of personal data
17. Client's personal data is stored:
17.1. before the client deletes his account, in the part in which the Brolexy grupp processes personal data submitted when creating an account in the Brolexy grupp environment and for 5 years after the last use by the Client of his account in any way (see paragraph 9.1 above);
17.2. up to 3 years after the termination of the contractual relationship, in the part in which the Brolexy grupp processes the client’s personal data in connection with the provision of the service (see paragraph 9.2 above);
17.3. In the part where Brolexy grupp processes Client’s personal data due to the presence of a valid interest (see clause 9.3 above), Brolexy grupp processes Client’s personal data until the Client deletes his account or has passed 5 years since the last use by the Client your account in any way;