Privacy Policy (Ives Medical OÜ)

1. General Provisions
1.1. This Privacy Policy governs the principles for the collection, processing, and storage of personal data. The data controller is Ives Medical OÜ (registry code 14907887), address Sepapaja 12/1, Tallinn 1141, Estonia (hereinafter the data controller).
1.2. A data subject within the meaning of this Privacy Policy is a client or any other natural person whose personal data is processed by the data controller.
1.3. A client is any person who registers for trainings or seminars or uses other services provided by the data controller.
1.4. The data controller processes personal data in accordance with applicable laws, including the General Data Protection Regulation (GDPR).

2. Collection, Processing and Storage of Personal Data
2.1. Personal data is collected primarily via the website (e.g. registration forms), by email, by phone, or through other communication channels.
2.2. By providing personal data, the data subject grants the data controller the right to process such data for the purposes specified in this Privacy Policy.
2.3. The data subject is responsible for ensuring that the data provided is accurate and up to date and must inform the data controller of any changes.
2.4. The data controller is not liable for any damage caused by the submission of incorrect data.

3. Processing of Personal Data
3.1. The data controller may process the following personal data:

  • first and last name
  • phone number
  • email address
  • billing details (address, company name, etc.)
  • payment-related data (via payment service providers)

3.2. The data controller may also collect data that is publicly available.

3.3. The legal bases for processing personal data are:

  • consent of the data subject
  • performance of a contract (e.g. registration for training)
  • compliance with legal obligations (e.g. accounting)
  • legitimate interest (e.g. service improvement and security)

3.4. Purposes of processing personal data:

  • registration and organisation of trainings and seminars
  • customer communication and information sharing
  • invoicing and accounting
  • service improvement
  • marketing (based on consent)

3.5. The data controller may share personal data with third parties, such as:

  • payment service providers
  • accounting service providers
  • IT service providers

3.6. The data controller implements appropriate technical and organisational measures to protect personal data.

3.7. Personal data is retained:

  • accounting data for up to 7 years
  • marketing data until consent is withdrawn
  • other data as long as necessary for the purpose, but not longer than 10 years

4. Rights of the Data Subject
4.1. The data subject has the right to access their personal data.
4.2. The data subject has the right to request correction or deletion of data.
4.3. The data subject has the right to restrict processing or object to processing.
4.4. Where processing is based on consent, the data subject has the right to withdraw consent at any time.
4.5. To exercise their rights, the data subject may contact the data controller at info@lymphworks-baltics.eu or by phone at +372 58891566.
4.6. The data subject has the right to lodge a complaint with the Estonian Data Protection Inspectorate.

5. Final Provisions
5.1. This Privacy Policy is prepared in accordance with the legislation of the European Union and the Republic of Estonia.
5.2. The data controller has the right to amend this Privacy Policy by publishing the updated version on its website.

Shopping Cart
Scroll to Top