1. General provisions
1.1. This Privacy Policy regulates the principles of collecting, processing, and storing personal data. The data controller is Goality Sport Group OÜ (registry code 17232252), hereinafter referred to as the data controller.
1.2. A data subject, within the meaning of this privacy policy, is a customer or any other natural person whose personal data is processed by the data controller.
1.3. A customer is any individual who uses the Goality360 website and purchases goods or services.
1.4. The data controller processes personal data in accordance with applicable legal acts—lawfully, fairly, and securely—and is able to demonstrate compliance with regulations.
2. Collection, processing, and storage of personal data
2.1. Data is collected electronically (via website, email). If applicable, other channels may be added.
2.2. By submitting their personal data, the data subject grants the controller permission to collect, organize, use, and manage the personal data for purposes outlined in this privacy policy.
2.3. The data subject is responsible for the accuracy, correctness, and completeness of the submitted data. Knowingly providing false information is considered a violation of this policy. The data subject must notify the controller of any changes to their data without delay.
2.4. The controller is not liable for any damage caused by incorrect data submitted by the data subject.
3. Processing of customer personal data
3.1. The data controller may process the following personal data:
- First and last name
- Phone number
- Email address
- Shipping address
- Bank account number
- Payment card details
3.2. In addition, the controller may collect data available from public registers.
3.3. The legal basis for processing personal data is Article 6(1) points a), b), c), and f) of the General Data Protection Regulation (GDPR):
- a) The data subject has given consent
- b) Processing is necessary for the performance of a contract
- c) Processing is necessary for compliance with a legal obligation
- f) Processing is necessary for the purposes of legitimate interests, unless overridden by the data subject’s rights or freedoms
3.4. Purposes of processing and retention periods:
- Security and logging – as prescribed by law
- Order processing – up to 3 years
- E-store functionality – up to 3 years
- Customer management – up to 3 years
- Financial operations, accounting – up to 7 years as required by law
- Marketing – up to 3 years or until consent is withdrawn
3.5. Personal data may be shared with trusted third parties, including: authorized processors, accountants, courier and transport companies, and payment service providers (e.g., Maksekeskus AS).
3.6. The controller implements appropriate technical and organizational measures to protect data from accidental or unlawful destruction, alteration, disclosure, or unauthorized access.
3.7. Personal data is retained no longer than 7 years, unless otherwise required by law.
4. Data subject rights
4.1. The right to access personal data.
4.2. The right to obtain information about processing.
4.3. The right to correct inaccurate data.
4.4. The right to withdraw consent at any time.
4.5. To exercise rights, contact: support@goality360.com
4.6. The right to file a complaint with the Data Protection Inspectorate.
5. Final provisions
5.1. This Privacy Policy complies with Regulation (EU) 2016/679 (GDPR), the Estonian Personal Data Protection Act, and relevant EU and Estonian legislation.
5.2. The controller reserves the right to partially or fully amend the policy. Changes will be published at https://goality360.com.