Back to top
en
© 2025, DuoMedics OÜ
All rights reserved.
Back

Privacy Policy

Privaatsustingimused

Effective from June 1, 2021

The principles governing Farmatseut’s processing of Personal Data, including Client Data, are outlined in this Privacy Policy. This Privacy Policy applies, among other things, when a Client purchases, has purchased, or intends to purchase goods offered by Farmatseut, or uses, has used, or intends to use services provided by Farmatseut, or is otherwise connected to these services. This Privacy Policy also applies to Client relationships established before these terms came into force.

1 – Definitions

The following terms are used in this Privacy Policy with the meanings provided:

A Data Subject is a natural person about whom Farmatseut holds information, or information by which a natural person can be identified. Examples of Data Subjects include natural person Clients, individuals submitting applications or inquiries, cooperation partners, representatives of legal entity Clients, and newsletter subscribers;

Personal Data is any information concerning an identified or identifiable Data Subject, including a Client;

Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

Client Data is any information (including information considered Personal Data) known to Farmatseut about a Client or their representatives;

A Client is any natural or legal person who uses, has used, or has expressed a desire to purchase goods offered by Farmatseut, or to use services provided by Farmatseut, or is otherwise related to Farmatseut’s services;

A Third Party is any person who is not the Data Subject themselves, Farmatseut, or an employee of Farmatseut, and who, alone or jointly with another person, determines the purposes and means of Personal Data Processing;

An Agreement is any contract concluded between Farmatseut and the Client, regardless of its content;

Privacy Policy – this document, which sets out Farmatseut’s principles for Personal Data Processing;

Farmatseut is DuoMedics OÜ, registry code 14039224, address Järve 2, Tallinn 11314. Farmatseut’s contact details are provided in section 12 of this Privacy Policy;

Processing is any operation performed on a Data Subject’s Personal Data (including collection, recording, storage, alteration, systematization, granting access, use, querying, transmission, erasure, etc.), regardless of the method or means used for the operation.

2 – General Principles

Farmatseut processes Personal Data in accordance with the requirements set forth in the Data Protection Regulation, the Personal Data Protection Act, other relevant legal acts, and this Privacy Policy.

This Privacy Policy describes Farmatseut’s general principles for Personal Data Processing. Additional terms for Client Data Processing may also be outlined in Agreements, other documents related to goods or services, and on Farmatseut’s website.

This Privacy Policy forms an integral part of the Agreements concluded between Farmatseut and the Client. The Privacy Policy applies to the extent that it does not conflict with the terms set forth in the Agreement or other documents related to goods or services.

Farmatseut ensures the confidentiality of Personal Data within the framework of applicable law and implements appropriate technical and organizational measures to protect Personal Data against unauthorized access, unlawful Processing or disclosure, accidental loss, alteration, or destruction. For instance, Clients benefit from encrypted data communication with payment intermediaries when making purchases, which guarantees the security of the Client’s personal banking credentials, and Farmatseut does not have access to them.

Farmatseut may engage authorized processors for Personal Data Processing. In such instances, Farmatseut ensures that Personal Data Processing is conducted according to Farmatseut’s instructions and in compliance with applicable law and this Privacy Policy, and that authorized processors implement appropriate security measures.

This Privacy Policy is supplemented by the cookie policy published on Farmatseut’s website.

3 – Methods of Personal Data Collection

Farmatseut collects Personal Data through, among other things, the following methods:

  • primarily Personal Data disclosed to Farmatseut by the Data Subject (e.g., through applications, declarations, conclusion of Agreements);
  • Personal Data arising from the Data Subject’s and Farmatseut’s regular communication, including email correspondence;
  • Personal Data explicitly disclosed by the Data Subject (e.g., on social media);
  • Personal Data generated during the consumption of Farmatseut’s services (e.g., making transfers, analytical data, etc.);
  • Personal Data received from Third Parties (e.g., from Farmatseut’s cooperation partners).

4 – Legal Bases for Personal Data Processing

Farmatseut processes Personal Data on the following legal bases:

  • for fulfilling legal obligations arising from legal acts (both national regulations and European Union legal acts);
  • for the performance of an Agreement concluded with the Client or for the preparation of concluding an Agreement. Farmatseut may use Personal Data for the performance of an Agreement without the Client’s separate consent;
  • based on the consent of the Data Subject (including the Client) within the limits, scope, and for the purposes expressed in the consent – in such a case, Farmatseut requests appropriate consent from the individual;
  • for Farmatseut’s own legitimate interests or for their protection.

5 – Categories of Personal Data

The categories of Personal Data that Farmatseut primarily, but not exclusively, collects and processes are as follows:

  • personal identification data (e.g., name);
  • contact details (e.g., address, phone number, email address);
  • data on the Data Subject’s connections with legal entities (e.g., data provided by the Data Subject or obtained from public registers or through Third Parties for conducting transactions on behalf of a legal entity);
  • data necessary for providing services or concluding a sales agreement (e.g., product name, delivery method, payment data, purchase history, wish list data);
  • data related to ordered and sold goods (e.g., performance or non-performance of Agreements, concluded and terminated Agreements, submitted applications, inquiries and complaints, product name);
  • data on habits, preferences, and Client feedback (e.g., data on purchased goods, Client feedback data, ratings, Data Subject inquiries, Client complaints);
  • data on participation in games and campaigns (e.g., prizes won in games or campaigns);
  • data on the Client segment (e.g., data on the client group);
  • communication data (e.g., data collected via email, messages, and other communication mechanisms (e.g., social media), as well as Personal Data related to the Data Subject’s visits to Farmatseut’s websites);
  • data obtained and/or created during the fulfillment of a legal obligation (e.g., invoice data).

For the purpose of transmitting marketing information, Farmatseut primarily uses the following Personal Data:

  • Data Subject’s (including Client’s) contact details (e.g., email address) and, if necessary, personal identification data (e.g., name);
  • data on the Client segment (e.g., data on the client group);
  • information on purchased products and analytical data (e.g., product category, purchase history, language, number of orders, newsletter subscription time).

Additionally, Farmatseut may collect further and other Personal Data from the Data Subject if it is necessary for providing a specific service or if required by law related to the provision of services and sale of goods.

5 – Purposes and Legal Bases for Personal Data Processing

Farmatseut processes Personal Data primarily for the following purposes:

  • to offer products and services, particularly for the conclusion and performance of an Agreement with the Client, processing Client applications, delivering products, enabling installment payments, identifying the Client, communicating with the Client, ensuring the fulfillment of the Client’s payment obligations, resolving Client complaints, based on: the performance of an Agreement or the implementation of pre-contractual measures at the Client’s request or the fulfillment of a legal obligation;
  • to manage client relationships, particularly for keeping Personal Data up-to-date and accurate and, if necessary, correcting or supplementing such Personal Data by verifying and supplementing Personal Data through external and internal sources, as well as for keeping records of Agreements, providing feedback, or contacting, based on: the performance of an Agreement or the implementation of pre-contractual measures at the Client’s request or the fulfillment of a legal obligation or the Data Subject’s consent or Farmatseut’s legitimate interest;
  • to protect and safeguard the interests of the Client and/or Farmatseut:
  • to improve the quality of services offered by Farmatseut and to verify business transactions or other business communication, based on: the performance of an Agreement or the implementation of pre-contractual measures at the Client’s request or the fulfillment of a legal obligation or the Client’s consent or Farmatseut’s legitimate interest in ensuring and/or improving service quality;
  • to ensure a trustworthy Client relationship and prevent fraud and damage, based on: Farmatseut’s legitimate interest;
  • to develop and/or improve products, services, or IT systems and ensure data protection, based on: Farmatseut’s legitimate interest or a legal obligation;
  • to provide additional services, collect and publish feedback and product ratings, and compile statistics: to manage and analyze the Client base to offer personalized offers from Farmatseut to the Client, based on the Client’s consent or Farmatseut’s legitimate interest in offering additional services, i.e., personalized offers;
  • to conduct analyses, collect and publish feedback and product ratings, and compile statistics based on: Farmatseut’s legitimate interest in improving Farmatseut’s services, enhancing the Client’s user experience, and developing new services and offering new products, or with the Client’s consent;
  • to organize games and campaigns for the Data Subject (including personalized and targeted campaigns), based on: Farmatseut’s legitimate interest in improving the Client’s user experience or the Data Subject’s consent;
  • to prevent misuse of services and ensure their proper provision: to enable and control access to digital channels (e.g., e-shop user account) and their operation, prevent unauthorized access to and misuse of digital channels, and ensure information security, based on: the performance of an Agreement or the implementation of pre-contractual measures at the Client’s request or the fulfillment of a legal obligation or the Client’s consent or Farmatseut’s legitimate interest in ensuring control over the authorizations, access, and operation of Farmatseut’s digital services;
  • to enhance technical systems, IT infrastructure, and develop Farmatseut’s services through testing and improvement, based on: Farmatseut’s legitimate interest;
  • to prove, enforce, and defend legal claims, particularly to record notices and orders given via communication means (e.g., email), as well as information and other actions taken by Farmatseut, based on: the performance of an Agreement or the implementation of pre-contractual measures at the Client’s request or the fulfillment of a legal obligation or Farmatseut’s legitimate interest in enforcing legal claims;
  • to cooperate with public sector authorities and provide required information or fulfill Farmatseut’s legal obligations, based on: the fulfillment of a legal obligation.

7 – Use of Data for Marketing Purposes, Profiling

  • Farmatseut uses Personal Data for marketing purposes, primarily for sending offers and other marketing information regarding products offered by Farmatseut, i.e., for direct marketing via communication means (e.g., email), if the Data Subject has consented to it. If the Client has not given separate consent for direct marketing, Farmatseut may process the Client’s Personal Data for the purpose of making offers for Farmatseut’s services regarding similar products or services that the Client has acquired or consumed, in accordance with Farmatseut’s legitimate interest.
  • Farmatseut transmits marketing information based on similar product groups, campaigns (including personalized ones), and about Farmatseut in general, utilizing profiling for this purpose. Profiling is the automated processing of Personal Data used to identify the Data Subject’s personal preferences and interests, i.e., to select direct marketing recipients. Profiling is employed to enable Farmatseut to transmit only relevant information to the Data Subject and to do so more efficiently (e.g., information solely about women’s or men’s products or a hair care product campaign).

8 – Transfer of Personal Data

Farmatseut is the data controller for personal data and transfers the personal data necessary for payment processing to the authorized processor Maksekeskus AS.

Farmatseut transfers Personal Data to the following recipients:

  • Farmatseut’s authorized employees;
  • public authorities (e.g., law enforcement agencies, bailiffs, tax authorities, supervisory authorities, and the Financial Intelligence Unit);
  • Third Parties related to the provision of services and the performance of an Agreement concluded with the Client – e.g., payment intermediaries, installment payment service providers, communication, IT, and postal service providers, cooperation partners, advertising and marketing partners, etc.;
  • auditors, legal and financial consultants, or other Farmatseut consultants;
  • a new creditor in case of assignment of claims;
  • operators of payment default registers, to whom information is transmitted to enable Third Parties to assess the Client’s payment behavior and creditworthiness;
  • participants and/or parties involved in payment systems and payment solutions;
  • if the Client has breached the Agreement, then debt collection service providers, courts, and bankruptcy or insolvency administrators;
  • other persons related to the provision of services to Farmatseut, e.g., postal service providers.

9 – Geographical Area of Processing

As a general rule, Personal Data Processing takes place within the European Union/European Economic Area (EU/EEA), and if there is a need to transfer data outside this area, it will only occur provided that appropriate safeguards are implemented. Appropriate safeguards include, for example, the following:

  • in a country outside the EU/EEA where the recipient is located, there is an adequate level of data protection according to the relevant decision of the European Commission;
  • the existence of a valid agreement containing standard contractual clauses developed by the EU or approved codes of conduct, certifications, and other similar measures that comply with the Data Protection Regulation;
  • the recipient is certified under the Privacy Shield data protection framework (applicable to recipients located in the United States).

In the absence of appropriate safeguards, Farmatseut has the right to transfer Personal Data outside the EU/EEA in situations where:

  • the Data Subject has given explicit consent, having been informed of the absence of safeguards;
  • it is necessary for the performance of an Agreement between the Client and Farmatseut or for the implementation of pre-contractual measures taken at the Data Subject’s request;
  • it is necessary to conclude or perform an agreement between Farmatseut and another natural or legal person in the interest of the Data Subject;
  • it is necessary for the establishment, exercise, or defense of legal claims;
  • it is necessary to protect the vital interests of the Data Subject or other persons, where the Data Subject is physically or legally incapable of giving consent;
  • the transfer is made from a register which, according to European Union or Member State law, is intended to provide information to the public and is open to consultation either by the general public or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions for consultation laid down by European Union or Member State law are met in the particular case;
  • the transfer is not repetitive, concerns only a limited number of Data Subjects, is necessary for the protection of Farmatseut’s legitimate interests, where the interests, rights, or freedoms of the Data Subject do not override them, and if Farmatseut has assessed all circumstances related to the data transfer and, based on this assessment, has established suitable safeguards for the protection of personal data. Farmatseut informs the supervisory authority of such a transfer.

For more detailed information on the transfer of Personal Data outside the EU/EEA, the Data Subject may contact Farmatseut using the contact details provided in section 12 of the Privacy Policy.

10 – Personal Data Retention Periods

Farmatseut does not process Personal Data longer than necessary for fulfilling the purposes related to the respective data, including fulfilling data retention obligations stipulated in legal acts. The retention period may be based on Agreements with the Client (e.g., for resolving disputes arising from an Agreement concluded with the Client), Farmatseut’s legitimate interest, or applicable law (e.g., laws related to accounting or statutes of limitations, other private law).

11 – Data Subject Rights

The Data Subject has the following rights regarding the Processing of their Personal Data:

  • to receive information about the Processing of their Personal Data and the right to request a copy of the Processed Personal Data (e.g., regarding the purposes of Processing, categories of Processed Personal Data, recipients or categories of recipients of Personal Data, the Personal Data retention period; if Personal Data is not collected from the Data Subject, then existing information about their source);
  • to request the rectification of their Personal Data if it has changed or is otherwise inaccurate;
  • to object to the Processing of their Personal Data if the Personal Data Processing is based on legitimate interest, including for direct marketing purposes. For example, the Data Subject may prohibit the use of their contact details for sending newsletters – for this purpose, the Data Subject can remove themselves from the relevant mailing list upon receiving a marketing email;
  • to request the erasure of their Personal Data, for example, if Farmatseut has no right to process such data or if the Personal Data Processing is based on the Data Subject’s consent and they have withdrawn that consent. Such a right does not apply (or applies only to a limited extent) if the Personal Data requested to be erased is also processed on other legal bases, such as under an Agreement or for fulfilling legal obligations;
  • to request the restriction of the Processing of their Personal Data, e.g., while Farmatseut assesses whether the Client has the right to have their Personal Data erased;
  • to receive their Personal Data, which they have provided to Farmatseut and which is processed based on consent or for the performance of an Agreement, in a commonly used machine-readable electronic format, and, if technically feasible, to transmit that data to another service provider (right to data portability);
  • withdraw their consent for the Processing of their Personal Data if the Processing is based on consent. Upon withdrawal of consent, Farmatseut will no longer Process the Data Subject’s Personal Data for the purpose for which the respective consent was given. For example, the Data Subject has the right to withdraw their consent for the Processing of their Personal Data for marketing purposes at any time by clicking the “Unsubscribe” link in the footer of the received newsletter or by notifying Farmatseut via email. Consent remains valid until its withdrawal;
  • lodge a complaint at any time with Farmatseut, the Data Protection Inspectorate (website: ee), or a competent court if they find that the Processing of their Personal Data violates their rights and interests.

12 – Contact Information

  • Data Subjects can exercise their rights, submit inquiries, or revoke consents by contacting Farmatseut. For matters and questions concerning Personal Data, Farmatseut can be reached on weekdays between 10:00 AM and 4:00 PM by phone at +372 656 0066 or by email at info@farmatseut.com.

Farmatseut will respond to the submitted request without undue delay, but no later than 1 month from the date of receipt of the request. If additional circumstances need to be clarified before responding to the request, Farmatseut may extend the response deadline by notifying the Data Subject in advance.

13 – Validity and Amendments to the Privacy Policy

 

  • Farmatseut reserves the right to unilaterally amend the Privacy Policy at any time in accordance with applicable law.

Farmatseut will inform the Data Subject of any changes to the Privacy Policy via the website or by email no later than one month before the changes take effect, unless the Privacy Policy is amended due to changes in legal acts.