These personal data processing terms (hereinafter “Terms”) set forth the principles of processing personal data by Ambista OÜ (registry code 17145346, Kuuspuu tee 3, Peetri, Rae municipality, Harju County 75312, website www.ambista.eu; hereinafter “we”) as the data controller of your ("you") personal information.
When acting as a data processor, we operate according to data processing agreements signed between us and responsible data controllers and in accordance with applicable laws. In addition to ensuring compliance with relevant laws as a data controller, we keep all other data disclosed to us confidential (subject to applicable exceptions) and secure, where confidentiality is required.
Before using our website or entering into a contract with us, please read these Terms carefully. If you do not agree, we ask that you refrain from using the site or entering a contractual relationship with us.
We reserve the right to update the Terms occasionally and will inform you via our website and/or email.
1. Types of Personal Data
To fulfill the purposes outlined in these Terms, we may process all or part of the following personal data, depending on the situation. We always follow the principle of processing only what is necessary:
First and last name
Personal identification code
Delivery and installation address
Email address
Phone number
Payment method details
Payment history, debt-related data
Data for assessing creditworthiness (bank statements, credit reports)
Purchase history
Remote-readable data related to customer device usage (e.g., consumption, error codes, user settings)
Direct marketing consent or opt-out data
Other personal data arising from service delivery or customer interaction
We also collect anonymized data such as site visit durations, click counts, and user behavior for analysis and website improvement. We use only secure services like Google Analytics. For business purposes, we generate statistical summaries based on anonymized data stored securely.
2. Purposes and Legal Basis for Data Processing
We process personal data to enable use of our website (including online store) or fulfill our contractual obligations to you. Specifically, we process:
(i) Name, personal ID, contact details, and address to prepare and manage contracts/orders and for delivery and installation
(ii) Payment details for transactions and refunds
(iii) Payment history and debt info for client relations and billing
We also process data to send service-related notifications and respond to comments, questions, or requests.
If you call or email us, we may process your personal data (including saving emails and, with notification, recording calls) to respond to inquiries and improve support quality. These actions are based on our legitimate interest in ensuring smooth customer service.
Based on legitimate interest, we assess creditworthiness using data like credit reports (e.g., taust.ee, accountscoring.com) and bank statements. This helps verify potential clients’ reliability and ability to pay.
We analyze purchase history (e.g., date, product, quantity, client info) to assess preferences and generate service/product overviews.
We may also process personal data to comply with legal obligations, such as data protection, retention (e.g., for accounting), or other statutory duties.
In case of disputes, we may use your personal data to protect our interests.
With your consent, we may send newsletters, blog updates, advertisements, marketing, and other information via email. You may unsubscribe anytime using the link at the bottom of the message.
We always seek your prior, explicit consent for any processing not outlined in these Terms. You may withdraw consent at any time.
3. Security Measures
- Personal data is processed only with a legal basis and for legitimate purposes.
- We implement physical, organizational, and IT security measures to prevent unauthorized access, alteration, loss, or destruction of personal data.
- Access is granted only to those who need it for their job or when legally justified.
- Data is stored on servers within EU countries or those with adequate data protection according to the European Commission.
- We are not responsible for misuse of your data caused by malware on your device.
4. Data Recipients
- Data may be shared with third parties working on our behalf—no prior consent needed if legally permitted.
- Recipients include payment processors (e.g. Maksekeskus AS), installers, suppliers, service developers, credit registries, accountants, IT and analytics providers, transport and financing services.
- Data may be disclosed to fulfill legal obligations.
- To protect our legal interests, data may be shared with credit default registries, debt collectors, legal advisors, and auditors.
- Marketing service providers (e.g. Facebook) may access data collected during campaigns, acting as authorized processors.
5. Retention and Deletion
- Data is retained only as long as needed for the purposes in these Terms or to protect our rights or fulfill legal duties.
- Standard retention:
- Up to 5 years after the end of customer relationship
- Up to 10 years for contract-related data (e.g. debts)
- After expiry, data is deleted unless needed to protect our interests.
- We may anonymize data after retention periods.
- Accounting documents are kept for 7 years after the fiscal year end.
- With your consent, data may be used for direct marketing until you withdraw that consent.
- If marketing consent is withdrawn, we keep minimal data to ensure you don’t receive further messages.
- We may process anonymized data during and after contract validity for development and analytics purposes.
6. Your Rights
You may request:
- Deletion of your personal data
- Correction of inaccurate data
- Limitation of processing (which may reduce service usability)
- Objection to processing
- Your data in a portable format for transfer to another controller
You can withdraw consent anytime (applies only to consent-based processing), which won’t affect earlier processing. We aim to respond to inquiries promptly, within legal deadlines.
7. Cookies
- Cookies are small text files stored in your browser during site visits.
- They remember your preferences and enhance your user experience.
- Types:
- Essential cookies for site operation
- Analytics cookies, used with your permission
- You can disable cookies via browser settings.
- We share usage data with advertising and social media partners, who may combine it with other data.
8. Newsletter Terms
- If you subscribe to our newsletter, Ambista OÜ uses your submitted data to send marketing messages.
- You confirm consent by filling in the subscription form and clicking join.
- Your data is handled carefully and in accordance with data protection laws and our Terms.
9. Requests and Complaints
If you have questions or complaints about personal data processing, contact:
- Ambista OÜ at info@ambista.eu or +372 55 999 970
- Or Data Protection Inspectorate at info@aki.ee or +372 627 4135