• Eesti
  • Русский
  • English

Privacy Policy

PERSONAL DATA PROCESSING

The data controller of the ROSES.EE online store is:
ONE MANAGEMENT OÜ
Registration number: 14770859
Address: Tartu mnt 24, Tallinn, Harju County, Estonia
Phone: +372 54 50 12 19
Email: [email protected]

ONE MANAGEMENT OÜ may transfer personal data necessary not only for payment processing but also for order management, logistics, and internal operations to authorized partners, including Montonio Finance UAB, Revolut Payments UAB, Poster POS Inc., and other companies that provide payment, delivery, or infrastructure services to the online store. All partners are required to comply with GDPR and have signed data protection agreements with ONE MANAGEMENT OÜ.

Personal data processed: name, phone number, email address; delivery address; bank account number (for refunds); value of goods and purchase history; customer support data; IP address, cookies, device and browser data.

Purpose of processing: order fulfillment and delivery; refunds; customer support; customer behavior analysis; website traffic statistics.

Legal basis: performance of the contract with the customer (Art. 6(1)(b) GDPR); legal obligations (Art. 6(1)(c) GDPR); consent for marketing (Art. 6(1)(a) GDPR).

Data recipients: ROSES.EE customer service; delivery service providers (name, phone, email, address); accounting and IT partners.

Security and storage: servers located in the EU or countries with adequate data protection; access is granted only to authorized personnel; technical and organizational security measures are applied; no automated decision-making or profiling is used.

Customer rights: access, correction, deletion, and portability of data; withdrawal of consent; requests should be sent to [email protected] and will be answered within 1 month.

Data retention: customer accounts — until deletion; orders without accounts — 3 years; for disputes — until resolved or until the limitation period expires; accounting data — 7 years.

Marketing: messages are sent only with consent; customers can unsubscribe via the email link or by writing to the support address; customers have the right to object to marketing at any time.

Complaints: [email protected], +372 54 50 12 19
Supervisory authority: https://www.aki.ee

Audio and Video Recording

Video surveillance with audio recording is conducted at the ROSES.EE store (Tartu mnt 24, Tallinn). Phone calls with customer service may also be recorded.

The purpose of recording is to ensure security, prevent theft and other violations, and resolve possible disputes related to customer service. The legal basis is the legitimate interest of the company (Art. 6(1)(f) GDPR).

Recordings are accessible only to authorized staff. Data is retained for a limited period and is automatically deleted after the retention period expires.

LEGITIMATE INTEREST ASSESSMENT FOR VIDEO SURVEILLANCE IN ONE MANAGEMENT OÜ

  1. Definition of Legitimate Interest
    Purpose of surveillance:

  • protection of property, goods, and employees;

  • prevention and investigation of incidents (e.g. theft, damage);

  • resolution of customer disputes regarding orders, service, or delivery.

Legal basis: Article 6(1)(f) GDPR — the legitimate interest of the company.

Justification:

  • retail and online business involves risks of loss, theft, and disputes;

  • disputes require objective evidence.

  1. Necessity of Processing
    Area-based justification:

  • sales area — monitor customer behavior, prevent theft;

  • corridors, storage areas, and refrigeration units — protect inventory and limit unauthorized access;

  • bouquet preparation area — control quality and processes;

  • exit — confirm delivery to clients and couriers.

Alternative measures (e.g., security guards, logs) do not provide objective records.

Data minimization principle:

  • cameras do not cover staff rest areas, toilets, or changing rooms;

  • recording is limited to work and sales areas.

  1. Impact on Data Subjects
    Any discomfort is mitigated by:

  • clear signage at entrances;

  • recording used only for security and rights protection purposes;

  • data retention limited to 7 days unless necessary;

  • restricted access to footage (all access logged).

  1. Balancing Interests
    Company interests:

  • protect property and prevent losses;

  • ensure staff and customer safety;

  • resolve disputes.

Subject interests:

  • right to privacy.

Conclusion:
The limited scope, short retention, and access controls ensure proportionality. The legitimate interest of the company outweighs the minimal intrusion.

  1. Final Conclusion
    Audio and video surveillance at ONE MANAGEMENT OÜ:

  • is necessary and justified;

  • complies with GDPR and respects data subject rights.