Privacy policy

Privacy policy
Aligaator grupp OÜ
Valid from: January 10, 2024
This data protection policy provides a comprehensive overview of the principles on which your personal data is processed on the website https://www.alligatordeals.com (hereinafter the website). Its purpose is to provide clear and transparent information about how we may process your personal data when you use our website.
If you have specific questions about how we process your personal data or if you want to submit requests to us to exercise your rights related to the processing of your personal data, please contact us using the contact details provided below in the chapter "Other provisions."

1. DEFINITIONS

"data subject" -is a natural person whose personal data we process;
"GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
"Personal data" - is any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, personal identification number, location information, network identifier or one or more physical, physiological, genetic, mental, economic, cultural or social characteristics of that natural person or several natural persons;
" applicable law" - all applicable legislation of the European Union and all applicable legislation of the Republic of Estonia, including, but not limited to, GDPR's domestic implementing acts, which are valid during the validity of these terms or come into force after the terms are established;
" user" - means a natural or legal person who has registered as a user of the website or carries out transactions with a guest account.
"Alligatordeals" - is Aligaator grupp OÜ, registry code 17051606; the office address is here.
" website" - is the website managed by Aligaator grupp OÜ located at https://www.alligatordeals.com
"data protection conditions" - is this personal data processing document;
"controller" - is a natural or legal person, public authority, agency, or other body that, alone or together with others, determines the purposes and means of the Processing of Personal Data. For the purposes of these terms and conditions, Aligaator grupp OÜ is the controller of personal data;
"authorized processor" - is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

2. PURPOSES OF PROCESSING OF PERSONAL DATA

2.1 As the controller, we process personal data for the purposes outlined in this privacy policy. We base our processing of personal data on the applicable law, including the Personal Data Protection Act and other legislation dealing with the processing of personal data.
2.2 When processing personal data, we are based on the principles of personal data protection, including the principle of minimality, according to which we process only the data that is necessary for the provision of the service and the fulfillment of the purposes.
2.3 We process personal data only on the basis of the law. In doing so, our legal basis for processing personal data is your consent, fulfillment of a contractual obligation, fulfillment of a legal obligation, and/or legitimate interest:

2.4 Processing of personal data based on consent

2.4.1 In cases where you have given us separate consent to process your personal data, the legal basis for processing your personal data is your consent. In this case, we process your personal data only for the purposes specified in the consent and to the extent specified in the consent. Please note that if you have given us your consent to process your personal data, you have the right to withdraw your consent at any time. The legal basis for the processing of personal data in the case of such processing is Article 6, paragraph 1 Clause A of GDPR. On the basis of consent, we process, for example, data related to sending newsletters. Please refer to the chapter "Overview of the personal data to be processed" for more details.

2.5 Processing of personal data for purposes related to the performance of the contract

2.5.1 We process personal data primarily to provide services and fulfill contractual obligations. In order to provide the service, the legal basis for personal data processing is Article 6(1)(b) of GDPR (personal data processing is necessary to fulfill a contract concluded with the participation of the data subject or to take measures prior to the conclusion of the contract in accordance with the data subject's request).

2.6 Processing of personal data to fulfill a legal obligation

2.6.1 We process personal data when it is necessary to fulfill the legal obligations applicable to them. For example, if personal data is requested from us by a court on the basis of a valid court order or judgment or if personal data is requested by a law enforcement agency on the basis of a valid regulation. Also, if we are obliged to store personal data based on, for example, the Accounting Act, the Tax Information Exchange Act, or other applicable legislation. The legal basis for the processing of personal data in case of such processing is Article 6(1)(c) of the GDPR (the processing of personal data is necessary to fulfill the legal obligation of the controller).

2.7 Processing of personal data based on legitimate interest

2.7.1 In certain cases, we may also process personal data if it is necessary for our legitimate interest. In this case, the legal basis for the processing of personal data is Article 6(1)(f) of the GDPR. On the basis of legitimate interest, we process personal data only if such processing is not outweighed by the interests or fundamental rights and freedoms of the data subject, for the sake of which personal data must be protected. On the basis of legitimate interest, only data received from the data subject or generated during the performance of the contract is processed.
2.7.2 We may have a legitimate interest in processing personal data if it is necessary to prepare, present, or defend legal claims. For example, such a need may arise in a situation where the data subject has violated the contract. For example, in a situation where the user has offered pirated copies for sale or used the website for illegal transactions.
2.7.3 The storage of data processed on the basis of legitimate interest is based on the statutory deadline, which is three years after the service has been provided. More details about storage periods are in the chapter "Overview of the personal data to be processed."

3. OVERVIEW OF THE PERSONAL DATA TO BE PROCESSED

We may process the following data about you, depending on the legal relationship between you and Alligatordeals:
Purpose - User registration for the website
Contact information: first and last name, personal identification code, email address, telephone
Information related to the user: username, password (encrypted and securely stored)
Legal basis - GDPR Article 6 (1) (b), after the termination of the contract GDPR Article 6 (1) (f)
Storage period - Up to 3 years after the provision of the service (Section 146 subsection 1 of the An Act on the General Part of the Civil Code)
Up to 10 years due to the Tax Information Exchange Act (Section 8 subsection 3 of the TIEA) and the regulation "Diligence measures, information to be submitted and the procedure for registration of non-Union platform operators" (Section 2 subsection 1 and section 8 subsection 2)
Purpose - Using the website for buying and selling
Contact information: first and last name, social security number, email address, telephone address, bank account number
Information related to the user: username, password (encrypted and securely stored), profile picture at the user's request, feedback given to the user, user's followers, user's statistics for the last year (i.e., sales transactions, offers, sales turnover), e-account status of Osta.
Information related to user transactions: Information about transactions, such as products sold and for sale (i.e., product images, description, cost), transaction status (e.g., paid, unpaid, not shipped, etc.)
Legal basis - GDPR Article 6 (1) (b), after the termination of the contract GDPR Article 6 (1) (f)
Storage period - Up to 3 years after the provision of the service (Section 146 subsection 1 of an Act on the General Part of the Civil Code)
Up to 10 years due to the Tax Information Exchange Act (Section 8 subsection 3 of the TIEA) and the regulation "Diligence measures, information to be submitted and the procedure for registration of non-Union platform operators" (Section 2 subsection 1 and section 8 subsection 2)
Purpose - Sending newsletters
Contact information: first and last name, email address
Legal basis - GDPR Article 6 (1) (a)
Storage period - Until withdrawal of consent
Purpose - Customer appeals (complaints, inquiries, suggestions, or other appeals)
Information related to the request: content of the appeal, customer contact information (first and last name, email address)
Legal basis - GDPR Article 6 (1) (b), GDPR Article 6 (1) (f)
Storage period - Up to 10 years from the receipt of the appeal (Section146 subsection 1 of an Act on the General Part of the Civil Code)
Purpose - Processing of payment data (for example, when offering additional auction services or paying the opening fee)
Personal data to be collected - Invoice-related information, such as information about paid invoices (invoice issuance and payment date), bank account number, etc.
Legal basis - GDPR Article 6 (1) (b), after the termination of the contract GDPR Article 6 (1) (f) of GDPR Article 6 (1) (c)
Storage period - Up to 3 years after the provision of the service (Section146 subsection 1 of an Act on the General Part of the Civil Code or, to the extent that accounting documents are involved, seven years due to the Accounting Act (Section 12 subsection 4 of the Accounting Act)
Purpose - Accounting documents
Personal data to be collected - Documents required to fulfill a legal obligation
Legal basis - GDPR Article 6 (1) (c)
Storage period - 7 years due to the Accounting Act (Section 12 subsection 4 of the Accounting Act)
Purpose - Data collected through cookies
Personal data to be collected - Read the terms of use of cookies separately.
Purpose - Collection and reporting of tax information
Personal data to be collected - Contact data: first and last name, address, personal identification number, date of birth
Transaction-related data: item cost, commission paid to us, and other tax-related information.
Legal basis - GDPR Article 6 (1) (c)
Storage period - Up to 10 years due to the Tax Information Exchange Act (Section 8 subsection 3 of the TIEA) and the regulation "Diligence measures, information to be submitted and the procedure for registration of non-Union platform operators" (Section 2 subsection 1 and section 8 subsection 2)

4. TRANSFER OF PERSONAL DATA AND AUTHORIZED PROCESSORS

4.1 We do not transfer personal data to third parties except when we have the legal right to do so under the applicable law. We also do not transfer personal data outside the European Economic Community. We may transfer personal data to authorities related to state security, tax compliance agencies, and other agencies that have a legal basis for requesting personal data from Aligaator grupp OÜ.
4.2 We may use authorized processors in the processing of personal data. The authorized processors appointed by us, who may process personal data in limited cases, are, for example, various service providers necessary for the company's business operations or other service providers for the functioning of the website (for example, companies related to accounting).
4.3 As authorized processors, we only use cooperation partners whose reliability we are convinced of and who have undertaken to process personal data in accordance with the applicable law.

5. RIGHTS OF THE DATA SUBJECT

5.1 We guarantee all rights arising from the applicable law to the data subject.
5.2 Each data subject has, among others, the following rights:
5.2.1 right of access: the right to ask at any time whether we have personal data about them or not and to receive information about what personal data we process about them;
5.2.2 right to correction of personal data: the right to request us to clarify or correct one's personal data if they are insufficient, incomplete, or incorrect;
5.2.3 the right to object: the right to object to us processing one's personal data, for example, when the use of personal data is based on our legitimate interest;
5.2.4 the right to request the deletion of personal data: the right to request the deletion of personal data, for example, when personal data is processed with the consent of the data subject and the data subject has withdrawn the consent;
5.2.5 the right to restrict processing: the right to request that we restrict the processing of personal data based on applicable law, for example, when we no longer need the personal data to achieve the purposes of the processing or when the data subject has objected to the processing of the personal data;
5.2.6 the right to withdraw the consent given to the processing of personal data: if the processing of personal data is based on the consent given by the data subject, the data subject has the right to withdraw the consent given to us at any time;
5.2.7 the right to data transferability: the right to receive from us personal data that the data subject has provided to us and that is processed on the basis of the data subject's consent or to fulfill a contract with the data subject in writing or in a commonly used electronic format, and, if technically possible, to request that we transmit this data to another controller;
5.2.8 the right to file a complaint: If the data subject finds that their rights have been violated during the processing of their personal data, they always have the right to file a claim or complaint with the Data Protection Inspectorate - Tatari 39, 10134 Tallinn, info@aki.ee, www.aki.ee.
5.3 The rights of the data subject listed in this chapter in relation to the processing of their personal data are not complete rights. In certain cases, the rights of other data subjects or our legal obligations may limit the data subject's rights.
5.4 To exercise the rights associated with the processing of personal data or to submit requests related to the processing of personal data, please contact the contact details provided in the chapter "Other provisions" below.

6. SECURITY OF PERSONAL DATA

6.1 We undertake to ensure the security of personal data processing, with the aim of protecting personal data from unintentional or unauthorized processing, disclosure, or destruction.
6.2 Taking into account the latest development of science and technology and the costs of implementation, as well as the nature, scope, context, and purposes of processing personal data, as well as threats of varying probability and magnitude to the rights and freedoms of data subjects arising from processing, we implement appropriate technical and organizational measures in the processing of personal data to ensure the security of personal data.

7. OTHER PROVISIONS

7.1 In accordance with changes in legislation or practice, we have the right to change this privacy policy and it will be published immediately on our website.
7.2 For questions related to the processing of personal data or to submit requests related to the processing of personal data, please contact us using the contact details below.

Our contact details are:

Aligaator grupp OÜ

klienditugi@alligatordeals.com, .eu, .com