Your privacy is important to Windmill – Estonian Chamber of Wind Orchestra (hereinafter Windmill – ECWO). This privacy policy helps you understand how Windmill – ECWO uses and protects the data you provide when using our website.
1. General Provisions
These data protection and personal data processing principles describe how non-profit association Windmill – Estonian Chamber of Wind Orchestra (est MTÜ Puhkpillimuusika Koda) collects, uses, stores, and protects personal data related to visitors, customers, and members of our website Home page and our eShop.
The NGO processes personal data in accordance with the General Data Protection Regulation (GDPR) of the European Union and the laws of the Republic of Estonia.
2. Collected Personal Data
2.1 When Placing Orders
- First and last name
- Email address
- Phone number
- Delivery and billing address
- Payment-related information (bank account number is not stored, but payment service providers may process it)
2.2 When Creating an E-shop Account (Optional)
- Username and password
2.3 Marketing and Newsletters (Optional Consent)
- First and last name
- Email address
2.4 Website Cookies and Analytics
- IP address
- Browser and device information
- Visit history and preferences
3. Purposes and Legal Basis for Processing Personal Data
The NGO processes personal data for the following purposes:
- Order and purchase management (performance of a contract)
- Invoicing and payment processing (legal obligation)
- Customer communication and order fulfillment (performance of a contract)
- Marketing and newsletters (only with consent)
- E-shop analysis and cookies (to improve user experience)
4. Retention of Personal Data
The NGO retains personal data only as long as necessary to fulfill the purposes or comply with legal obligations:
- Data related to purchases and invoices are retained for at least 7 years (Accounting Act).
- User account data are retained until the account is deleted.
- Marketing consents are retained until the individual unsubscribes from newsletters.
- Cookies are retained according to browser settings.
5. Transfer of Personal Data to Third Parties
The NGO does not sell or share personal data with third parties, except in the following cases:
- Payment service providers (e.g., Stripe, Maksekeskus, PayPal) – for processing purchases
- Delivery service providers (e.g., Omniva, DPD, Itella) – for order delivery
- Accounting service providers – to fulfill legal obligations
- Law enforcement agencies – when required by law
All data processors must comply with data protection requirements and ensure data security.
6. Cookies and Analytics
The NGO uses cookies on the website to improve user experience and analyze website usage. Cookies may include:
- Session cookies (temporary, deleted after closing the page)
- Persistent cookies (stored on the device for a certain period)
- Third-party cookies (Google Analytics, Facebook Pixel)
Cookie usage can be managed in browser settings.
7. Protection of Personal Data
The NGO implements technical and organizational measures to ensure data security:
- Encrypted data transmission (HTTPS)
- Access restrictions to personal data
- Regular security audits
The PMK board is responsible for the storage of personal data.
8. Rights of the Data Subject
Every individual has the right to:
- Access their data (inquire about the data being processed)
- Rectify data (correct incorrect data)
- Erase data (“right to be forgotten”), if there are no legal obstacles
- Restrict processing
- Data portability (transfer data to another service provider)
- Object to processing (e.g., regarding marketing data processing)
9. Complaints and Contact Information
Since 25.05.2018, compliance with the General Data Protection Regulation (GDPR) in Europe is overseen by the web admin.