Terms of use of the Maxima application

1. MAXIMA Eesti OÜ (hereinafter MAXIMA or the Seller or the Application Owner), reg. code 10765896, legal address Aiandi 13/2, 12918 Tallinn, makes it possible to use the MAXIMA application under the following terms and conditions.

2. The MAXIMA application (hereinafter also the Application) is an application (app) for use on a smartphone or other smart device. It can be used to find out about MAXIMA promotions, discounts or other offers at MAXIMA points of sale, to find out about the promotions, discounts or other offers of the AITÄH Loyalty Programme, and to scan and/or pay for purchases at MAXIMA points of sale.

3. The Application User must be a natural person aged 14 or over. By agreeing to the terms of use of the Application, the Application User confirms that he or she complies with the age restriction.

4. When downloading the Application to his or her smart device, the Application User must confirm that he or she is familiar with the terms and conditions of the Application and the privacy policy of the Application by ticking the box "I have read the terms and conditions of the application and the privacy policy of the application and wish to enter into a contract to use the application". The terms and conditions then become a binding legal document for the Application User and the Seller – a contract that sets out the rights and obligations of the parties. The Application User who has not read and accepted the terms and conditions of the Application and the privacy policy of the Application does not have the right to use the MAXIMA Application.

5. The terms and conditions, which must be read and accepted by the Application User upon initial registration in the MAXIMA Application, apply to all activities of the Application User in the Application until the publication of the updated terms and conditions.

6. The Application User may or may not be a customer. The functionality of using the Application is restricted for non-customers and natural persons who do not participate in the AITÄH Loyalty Programme. If the Application User decides to link their AITÄH card to the application account and register their AITÄH account, the relationship between the Application User and the Seller is additionally governed by the terms and conditions of the AITÄH Loyalty Programme and the privacy policy of the AITÄH Loyalty Programme.

7. If the Application User is not a member of the AITÄH Loyalty Programme but wants to join the AITÄH Loyalty Programme, the Application User can read the terms and conditions of the AITÄH Loyalty Programme and the Privacy Policy of the AITÄH Loyalty Programme at https://www.maxima.ee/aitah and create a virtual AITÄH card and AITÄH account in the Application.

8. The right to pay (settle) for purchases made with the Application at the point of sale is granted only to a user who:

8.1. is a natural person aged 14 or over and has downloaded the Application to their smart device, read the terms of use of the MAXIMA Application and the privacy policy of the Application. By agreeing to the terms of use, the Application User confirms that he or she complies with the age restriction and agreeing to the terms and conditions is deemed entry into the contract;

8.2. has linked his or her AITÄH plastic card to the application account or created a virtual AITÄH card in the Application and the AITÄH card is activated (i.e. not blocked);

8.3. has linked his or her application account to a bankcard that complies with the terms and conditions.

9. Title to the Application and all rights, including intellectual property rights, that are related to the Application’s application, software, service and third party information and any of its amendments, corrections or derivatives, belong exclusively to the Seller and/or its licensors, and any reproduction, copying, sale or other use of such rights not provided for in these terms and conditions is prohibited.

1. The Seller provides the Application on an as is basis and is under no obligation to ensure the faultless operation of the Application 24 hours a day. The Seller is released from any liability for damages that may arise from the non-functioning of the Application in accordance with Chapter V, point 6.

2. Downloading the MAXIMA Application on a smart device is free of charge.

3. The Application User must download the app on his or her smart device from the App Store or Google Play platform. The Application can be downloaded by the Application User on an unlimited number of devices.

4. The Application User can, among other things, do the following with the Application:

 4.1. receive information on MAXIMA points of sale, opening hours and offers valid for all Application Users and customers;

 4.2. link his or her AITÄH card to their application account or create a virtual AITÄH card and then log in to their AITÄH account or create a new AITÄH account if the AITÄH Loyalty Programme user does not have one;

 4.3. when linking his or her AITÄH card to the Application, check the information and offers of the AITÄH Loyalty Programme and use them at MAXIMA points of sale without an AITÄH card;

 4.4. when linking his or her AITÄH card to the Application, check personal offers if the Application User / member of the AITÄH Loyalty Programme has given his or her consent to receiving them and use them at MAXIMA points of sale without using the AITÄH plastic card;

 4.5. use any other benefits offered to the Application User or members of the AITÄH Loyalty Programme when linking their AITÄH card to the Application;

 4.6. when linking his or her AITÄH card to the Application, link their payment card to the application account and pay for purchases at MAXIMA points of sale using the Application, i.e. by using the payment card linked to the application account (without using a plastic payment card);

 4.7.  when linking his or her AITÄH card and payment card to the application account, scan purchases at MAXIMA points of sale using the Application and pay for purchases using the Application as set out in Chapter IV of the terms and conditions;

 4.8. when linking his or her AITÄH card to the Application, check the payments made at MAXIMA points of sale in the account statement in the Application, when the user has registered the AITÄH card. Information on the payment made is retained for two (2) years from the date of purchase;

 4.9. make suggestions and complaints to the Seller.

5. The Application User does not have the right to do the following:

 5.1. create more than one application/AITÄH account in the Application;

 5.2. link to the Application any other person’s AITÄH card, AITÄH account or payment card that is not the Application User’s own AITÄH card, AITÄH account or payment card;

 5.3.  use the application account linked to the AITÄH account on multiple smart devices at the same time.

6. The Seller may unilaterally upgrade, modify (including cancel) or update the features of the Application, which will ensure that the Application Users will always have an updated version of the Application. When new features are developed, the customer will receive an offer to implement the new features, and when the user starts to use the offered innovations, he or she expresses his or her wish to use them.

7. The Seller has the right to unilaterally terminate the provision of the services through the Application, in whole or in part, at any time, by notifying the Application User about this.

8. In order for the Application to work properly, the Application must have access to certain types of information on the smart device of the Application User (the operating system of the smart device and the factory model code of the smart device), as well as to certain features of the smart device. Before downloading the Application to the user’s smart device, the user is informed that the Application needs to have access to certain types of information on the user’s smart device (the operating system of the smart device and the factory model code of the smart device) in order to function. If the Application User does not want the Application to have access to these data, the Application User should not download the Application on their smart device, but if the Application has already been downloaded prior to reading these terms and conditions and/or the privacy policy of the Application, you must immediately delete the Application from your smart device. In this case, the Seller cannot guarantee that the Application will work on the Application User’s smart device.

9. Subject to additional consent from the Application User, the Seller may use the Application to send business messages to the Application User’s smart device (such as a mobile phone). For more information about the processing of such personal data, please see the privacy policy of the Application.

1. Using the steps provided in the Application, the Application User can link his or her AITÄH card to the application account and log in to his or her AITÄH account securely by entering his or her Smart ID, Mobile ID or email address and the password created for the AITÄH account.

2. An Application User who does not have an AITÄH card and an AITÄH account but wants to create them must, after reading and accepting the terms and conditions of the AITÄH Loyalty Programme and the privacy policy of the AITÄH Loyalty Programme, create a virtual AITÄH card and an AITÄH account by entering his or her date of birth, email address or telephone number and a verification code sent to the designated email address or telephone number. After the creation of a virtual AITÄH card and an AITÄH account, the Application User becomes a member of the AITÄH Loyalty Programme. For more information on personal processing, please see the privacy policy of the Application.

3. The Application User must log in securely with Smart-ID, Mobile-ID or secure the application account with a security code to protect the Application User’s personal data, MAXIMA money and other information in the Application and on the AITÄH account.

1. Only an Application User who is an AITÄH cardholder, i.e. a member of the AITÄH Loyalty Programme, can link his or her payment card to the app account and pay (settle) for purchases at points of sale using the Application.

2. Using the steps provided in the Application, the Application User will be able to link his or her VISA, VISA Electron and MasterCard payment cards (except Maestro) that support the secure online payment feature (MasterCard Secure Code, validated by Visa) to his or her application account, provided that the secure online payments are enabled on Application User’s payment card. The Application User can only link one payment card to his or her application account.

3. During the steps presented in the Application, the user will be redirected to the website of the bank – payment card issuer, where he or she will have to perform the necessary actions (enter login codes and/or security code, etc.). After completing the instructions of the bank, the Application User will be redirected back to the Application.

4. During the process of completing the steps in the Application, the user must create a security code to ensure the security of the payment card. The Application User can use his or her biometric data (e.g. fingerprint) as a security code. If the Application User does not create a security code, their payment card cannot be linked to the application account.

5. If the Application User does not use biometric data as a security code, the security code must consist of four symbols. The following may not be used as the security code:

 5.1. several identical numbers in a row (e.g. 9999, 2222, etc.);

 5.2. numbers in ascending or descending order (e.g. 9876, 2345, etc.); and

 5.3. pairs of identical numbers that reoccur (for example, 0101, 9595, etc.).

6. If the Application User enters the wrong security code 4 (four) times in a row, the Application and/or the payment function will be blocked for 10 (ten) minutes, i.e. the Application User will not be able to perform any operations with the Application for 10 (ten) minutes.

7. The Seller recommends that the Application User follows the procedures set out in Chapter IV, points 1 to 6 of the terms and conditions to link the payment card to the application account before making the first purchase at the point of sale.

8. The Application User may pay for the goods at the point of sale using the Application, provided that the purchase does not include the excluded items mentioned in Chapter IV, point 15.1 of these terms and conditions.

9. The goods offered, their description and purchase prices are defined at the point of sale and in the Application. In the event of a discrepancy between the purchase prices set at the point of sale and those set in the Application, the prices set at the point of sale will apply.

10. The Application User can pay for the purchases as follows:

 10.1. the Application User scans the purchases using the Application and pays for the purchases at the point of sale’s regular or self-service checkout using the Application, a payment card or cash;

 10.2. the Application User scans the purchases at the self-service checkout and pays for the purchases at the point of sale’s self-service checkout using the Application, a payment card or cash;

 10.3. the purchases are scanned by the cashier at the point of sale’s regular checkout, and the Application User pays for the purchases at the point of sale’s regular checkout using the Application, a payment card or cash;

 10.4. by way of derogation from clauses 10.1. to 10.3. of these terms and conditions, the customer may pay for purchases costing €500 (five hundred euros) or more only in cash or by payment card.

11. The payment method is selected by the customer at the regular or self-service checkout of the point of scale after scanning the QR code displayed by the Application User (after scanning the QR code, all the benefits of the AITÄH loyalty programme will apply). When the Application User pays for purchases with the Application:

 11.1. the Application User chooses the payment method at the self-service checkout or informs the cashier at the point of sale at the regular checkout of his or her wish to pay for purchases using the Application;

 11.2. the Application User selects the Mobile Payment function at the self-service checkout or informs the cashier at the regular checkout of the point of sale of the respective request and confirms the payment receipt by entering a security code or biometric data.

12. When purchasing a product with a security element, the Application User will receive the respective message after the purchase and in order to remove the security element, the Application User must contact a cashier at a regular checkout or the customer service representative of the self-service checkout.

13. After the Application User has scanned the QR code and confirmed the payment with the security code, the Application User and the Seller are assumed to have entered into a sales contract regarding the specific item.

14. The Application User will get a receipt (on paper) after paying for the goods with the Application. A copy of the receipt will be sent to the application and via email (in electronic format) if the Application User has given the respective consents in the application. The customer has the right to opt-out of receiving paper receipts by giving the respective consent in the Application. The consent will be valid for all purchases made after the consent was given, until the Application User indicates otherwise by making a change in the Application. The goods and their quantity, the discounts applied, the total amount of the purchase, including all taxes, and any other information required by law must he shown on the receipt. The Seller also retains the receipts of the goods purchased by the user on the user’s application account for a period of two (2) years from the date of purchase.

15. Rights of the Application User:

 15.1. the Application User has the right to pay for all of the goods sold at the points of sale using the Application, subject to the limit set out in clause 10.4 of the terms and conditions. The Application User cannot use the Application to pay for the Seller’s gift cards and goods and services offered by third parties (e.g. concert tickets, theatre tickets, other events, gift vouchers, transport tickets, utility payments, lottery tickets, etc.);

 15.2. the Application User has the right to request from the Seller an exchange or return of the purchased goods in accordance with the procedure provided for by the legislation of the Republic of Estonia. In cases provided for in legislation, the Seller will refund the money for the goods purchased through the Application only to the Application User.

16. An Application User who uses the Application must comply with these terms and conditions and any other terms and conditions set out in the Application, as well as the legislation of the Republic of Estonia.

17. The Seller has the right to:

 17.1.   at the point of sale, check (subject to checkout control) that the name and quantity of the products scanned with the application correspond to the products actually placed in the shopping cart/basket or other packaging at any given time;

 17.2.   change, suspend or terminate all or part of the features of the Application, and change the layout of elements in the Application;

 17.3.   suspend or stop the functioning of the Application;

 17.4. restrict or suspend the Application User’s access to the Application and, in certain cases, immediately and without notice, terminate an Application User’s AITÄH account if the Application User attempts to undermine the stability and security of the operation of the Application or fails to comply with its obligations;

 17.5. not to allow the Application User to pay for purchases through the Application if the Application User intends to pay through the Application for items excluded under Chapter IV, point 15.1 of these terms and conditions;

 17.6.at the point of sale, verify the age of the Application User when age-restricted goods are purchased. Through the app, customers can confirm their age when purchasing age-restricted goods by authenticating themselves with a Mobile-ID or Smart-ID:

  17.6.1. when age-restricted goods are scanned with the Application, the Application offers the customer the possibility to verify their age with a Mobile-ID or Smart-ID. To do this, the customer enters their personal identification code in the application and confirms their identity by authenticating themselves with Mobile-ID or Smart-ID;

  17.6.2.the Application checks the personal identification code entered in the Application by the Application User and the identity and age of the person who authenticated themselves with Mobile-ID or Smart-ID when age-restricted goods are purchased.

 17.7. exercise any other rights provided for in the Terms And Conditions and in the legislation of the Republic of Estonia.

18. The Seller must:

 18.1. enable the Application User to use the functionalities of the Application in accordance with the conditions and rules set out in the terms and conditions;

 18.2. perform other obligations in accordance with the terms and conditions and the legislation of the Republic of Estonia.

1. After logging in securely in with Smart-ID or Mobile-ID, it is possible to receive personalised information about offers of alcoholic beverages. The customer must express their wish to receive such offers by selecting Settings from the menu and activating the Get Alcohol Offers under My Preferences. This option can always be turned off. Offers will be shown to adults only

1. The Application User uses the Application only for his or her personal needs and will ensure that the security code and biometric security features are protected on his or her smart device so that third parties cannot access and/or use the security code of the Application Useror the biometric security features and the Application.

2. The Application User must ensure that third parties do not have access to his or her smart device and the Application. If the features of the Application are used by a third party who has logged into the Application using the Application User’s login data and security code, it is assumed that the Application is/was used by the Application User.

3. The Application User must:

 3.1. use the Application in accordance with the terms and conditions and in good faith;

 3.2. provide the Seller with correct and accurate information and update it promptly in the event of any changes;

 3.3. ensure the protection of the security code and security measures;

 3.4. ensure that the smart device in which the Application is installed is locked and protected; not to leave the Application unattended and available to third parties when it is switched on; not to transfer the Application to third parties and not to give third parties access to the Application, the application account, passwords and security code;

 3.5. if you suspect that your application account username, password or security code has become known to a third party, immediately change the security code and/or the password of your AITÄH account. If this is not possible, inform the Seller or a person designated by the Seller immediately;

 3.6. report the loss, theft or misappropriation of the smart device or the unauthorised use of the smart device or Application immediately to the Seller.

4. The Application User is responsible for all operations done using the AITÄH card, Application, smart device or AITÄH account.

5. The Application User is obliged to use the original operating system provided and supported for the smart device, as well as the standard equipment that came with the smart device. The Application User is responsible for installing the operating system and software updates provided on the smart device and for following any other instructions provided by the operating system, software and Application manufacturer. If the Application User installs a different operating system on their smart device or changes the built-in default permissions and security features, it may increase the risk that the Application may not function properly, including the threat to the security of the data stored in the Application. The Seller shall not be liable for any breach of security of the operating system and the smart device and for any damage resulting therefrom, including in cases where the Application User does not follow the above instructions.

6. The Seller shall be released from any liability in the event of damage caused by:

 6.1. operations and activities performed by the Application User with the Application and by breaching these terms and conditions;

 6.2. the inaccurate and false data provided by the Application User;

 6.3. failure by the Application User to read these terms and conditions and the privacy policy of the Application, to comply with the Seller’s recommendations and perform the Application User’s obligations, where the Application User was ensured the opportunity to do so;

 6.4. the acts or omissions of third parties, or by their access to the Application or personal data, including damage resulting from failures or malfunctions of electronic communications and electronic communications networks;

 6.5. the circumstances arising from the relationship between the payment card provider and the Application User;

 6.6. the illegal activity, gross negligence, fraud or malicious activity by the Application User;

 6.7. loss of control of the smart device or loss of the smart device;

 6.8. faults in the operating system of the smart device;

 6.9. if the Application User is unable to log in to the Application for any reason, or if for any other reason, the smart device, program or operating system used with the Application stops working, or the Application does not work as expected by the Application User, or failures are detected, or the services are not provided in a timely manner due to viruses, attacks or other actions of third parties (such as software, operating system, operators, etc.);

 6.10. force majeure.

7. The Seller has the right to make improvements to the Application to remedy any identified deficiencies, even if such action may cause / will cause temporary interruptions in the provision of services to the User of the Application. In the event of an emergency and with good reason, the Seller may make improvements to the Application and information system at any time. In this case, the shortcomings must be remedied as soon as possible.

8. The Seller reserves the right to refuse to accept and execute requests or instructions from the Application User and to refuse to serve the Application User in case of an emergency and for legitimate technical or other reasons, as well as in cases where the Seller considers the risk unacceptable.

1. The Seller may place advertisements and offer games in the Application at its discretion.

2. By paying for purchases through the Application of the points of sale, the app user earns MAXIMA money into the AITÄH account, according to the terms of the AITÄH loyalty programme. The ways to earn and use, and expiry of MAXIMA money are set out in the terms and conditions of the AITÄH loyalty programme.

3. The Seller will send notifications and offers to the Application User in accordance with the conditions set out in these terms and conditions, the terms and conditions of the AITÄH loyalty programme, the Privacy Policy of the Application and the Privacy Policy of the AITÄH Loyalty Programme.

4. The Application User can send questions to the Seller and request enquiries using the contact details provided in the Help and Feedback sections of the Application, by calling the freephone 8 00 2121 (Mon-Fri 8:00–17:00) or by writing to the following email address klienditugi@maxima.ee.

1. The Seller will process the Application User’s personal data in accordance with the procedures set out in the Privacy Policy of the Application or the Privacy Policy of the AITÄH Loyalty Programme.

1. These terms and conditions are drafted in such a way that they may be unilaterally amended by the Seller. The terms and conditions are governed by the legislation of the Republic of Estonia.

2. The Seller reserves the right to unilaterally amend the terms and conditions at any time, by notifying the Application User one (1) month in advance via the Application or the Seller’s website www.maxima.ee.

3. If the Application User does not agree to the amendments to the terms and conditions made by the Seller, the Application User may opt out of using the Application, delete the application account, and terminate the contract in accordance with points 5 and 6 of this Chapter.

4. If the Application User does not exercise the right to terminate the contract referred to in point 1 of Chapter II of the terms and conditions before the date of entry into force of the terms and conditions and continues to use the Application after its date of entry into force, the Application User is assumed to have accepted the amendments to the terms and conditions.

5. The Application User can always stop using the Application by deleting the Application from their smart device.

6. In order to close the application account and terminate the contract referred to in Chapter I, point 1 of the terms and conditions, the Application User must submit a written request to that effect to the Seller. After closing the application account and cancelling the contract, the data of the Application User will be retained in accordance with the privacy policy.

7. The Seller has the right to unilaterally terminate the use of the Application by the Application User in the following cases:

 7.1. if the Seller has been notified of the loss, theft or misappropriation of the smart device;

 7.2. if the seller has received a contract termination request from the Application User in accordance with the procedure set out in Chapter VIII, point 3, of the terms and conditions;

 7.3. if the Seller has ceased to provide services through the Application;

 7.4. if the Seller is defending his legitimate interests;

 7.5. in other cases as set out in these terms and conditions and the Privacy Policy of the Application.

8. All disputes that arise from or are related to these terms and conditions shall be settled by negotiations. Failing agreement, the disputes will be resolved in the courts of the Republic of Estonia.

9. If the Application User does not agree with the content of the Seller’s response to the written complaint submitted by the Application User, the Application User (natural person/consumer) may submit a petition/complaint regarding the goods purchased through the Application to the Consumer Protection and Technical Surveillance Authority at Endla 10a, Tallinn 10142, or electronically. Helpline: 667 2000.

PRIVACY POLICY OF THE MAXIMA APPLICATION

Last updated on: 27.05.2024

 

By downloading the MAXIMA application and registering or logging in to your AITÄH account, you entrust MAXIMA Eesti OÜ with your personal data and give MAXIMA Eesti OÜ the right to process your personal data to the extent, in the manner and for the purposes set out in this Privacy Policy.

If you do not want the application to have access to the personal data outlined in the privacy policy or do not agree to the terms of use, please do not download the application to your smart device (if you did not read the policy through the platform mentioned in the terms and conditions before downloading the application, delete the application from your smart device immediately and stop using it). Without the personal data outlined in the privacy policy, you will not be able to use the application, as the seller has no way of ensuring that the application works on your smart device.

The company is not able to verify the accuracy or veracity of the data you provide. MAXIMA assumes that the user of the AITÄH Loyalty Programme is a natural person at least 14 years of age, whose personal data provided are accurate and correct, and all consents have been given voluntarily, specifically, knowingly and unambiguously, having thoroughly read the Privacy Policy and the terms of use, and who understand the consequences of the consent and the possibilities and consequences of withdrawing consent.

In this Privacy Policy, you will find all the information about the personal data we collect and process, what we use them for, how long we retain them, etc. This information is important, so we hope you will read it carefully.

We respect your privacy and the security of your personal data is our priority. We take appropriate organisational and technical measures to ensure that your personal data is protected at all times and that data processing operations comply with data protection legislation and the requirements of our internal policies.

 Please note that MAXIMA Eesti OÜ may amend, supplement or update this Privacy Policy.

The terms used in this Privacy Policy are the same as the terms used in the Terms of Use, unless otherwise provided in this Privacy Policy.

 

1.  General provisions

1.1. The Privacy Policy describes why and how the MAXIMA EESTI OÜ (hereinafter MAXIMA) processes the personal data of a use of the AITÄH application (hereinafter the User). The Privacy Policy is part of the Terms of Use of the AITÄH application of Maxima.

1.2.  MAXIMA is the controller of the personal data of the User.

1.3. Personal data are any information on identified or identifiable natural persons. Personal data processing includes any procedure performed with personal data or sets of personal data, such as collecting, documenting, systematising, retaining, querying, reading, using, distributing and erasing personal data.

1.4. In personal data processing, MAXIMA proceeds from the applicable legal acts related to data protection, above all Regulation (EU) 2016/679 of European Parliament and of the Council (hereinafter the GDPR).

2. Composition of personal data

2.1. Management of the MAXIMA application account and ensuring functionality

Personal dataThe data provided at the time of registration of the application (e.g. name, age, email address, phone number, etc.), account login details (email address, phone number and password), application account activity and technical browsing details (login and technical browsing details, smart device operating system, smart device factory model code).
Legal basis for processingArticle 6(1)(b) of the GDPR
Data retention period

The entire time you participate in the AITÄH Loyalty Programme.

If you leave the loyalty programme, your personal data will be anonymised.

How and for what purpose do we use your personal data?

If you use the application and you have created an AITÄH account upon registration, we will process your personal data to ensure the proper functioning of the application and the AITÄH account, to improve, monitor and manage the features of the application and the application account, as set out in the terms of use of the application and the privacy policy of the application. We also process these personal data so that we can contact you in related to your use of the application, provide answers to your questions, as well as provide you with necessary information about the operation of the application, changes, updates, etc., and perform other activities necessary to ensure the proper functioning of the application.

When the application is downloaded on a smart device, the application gains access to the following data of your smart device: the operating system and the factory code of the smart device. In order to ensure the functionality of the application, the application must have access to the information and functionalities specified in this paragraph.

Please be advised that if you have enabled access to the application on your smart device, the application will have access on your smart device to text messages, notifications, camera, biometric data (e.g. fingerprint if you have chosen to log in to your application account in this way), smart device recordings, your smart device location, etc.

If you do not want the application to access this data or send you notifications, please check your smart device settings and make the necessary changes to restrict access to your smart device. Unfortunately, if you do so, we cannot guarantee that some or all of the following features will work, e.g.:

  • if the application does not have access to notifications on your smart device’s operating system, we will not be able to send notifications to your smart device through the application;
  • if the application does not have access to text messages on your smart device, you must enter the code you received via text message manually when registering the app;
  • if the application does not have access to your smart device’s memory, you will not be able to use the application’s help and feedback forms to post photos or videos of points of sale (MAXIMA stores) or to ask us questions or make complaints about points of sale and the goods or services we offer;
  • if the application does not have access to your smart device’s location data, you will not be able to use the application to find the nearest point of sale (MAXIMA store) and you will have to manually specify which store you are shopping at (by searching the list of points of sale);
  • if the application does not have access to the camera on your smart device, you will not be able to scan purchases at the point of sale, use the payment (settlement) feature of the application (i.e. you will not be able to link your payment card to the application, scan the QR code at the point of sale (in-store) or pay for your purchase using the application by making a payment at the time of purchase);
  • if there is no access to biometric data (e.g. fingerprints, facial recognition, etc.), you will not be able to use your biometric data to protect the application or to confirm payment for purchases through the application, but you must use a four-digit security code as set out in the terms and conditions.

Please note that we do not collect or store your biometric data (such as fingerprints or facial images), even if you use them to protect access to the application. If you have chosen the authentication type described in the terms and conditions above, this data will only be stored on your smart device. It is also important to note that if you give us access to text messages, camera, and memory of your smart device, we will not have access to any text messages or photos received/stored on your smart device (except those you choose to submit to us and send to the application in connection with a feedback or complaint) or any other data on your smart device.

 

2.2.        Management of AITÄH account with MAXIMA application and AITÄH Loyalty Programme

Personal dataThe information provided during the creation of the AITÄH card (including login data, AITÄH card and AITÄH account generation data), information about the functioning of the MAXIMA application (type of mobile device, operating systems and their versions), information about the use of the AITÄH card in the MAXIMA application (e.g. login data, changes to data, settings, permissions, options, other operations).
Legal bases of the processingArticle 6(1)(b) of the GDPR
Data retention period
 

The entire time you participate in the AITÄH Loyalty Programme.

In addition, we retain certain personal data after your participation in the programme has ended and solely to enable us to defend ourselves in the event of claims, complaints or actions brought against us.

How and for what purpose do we use your personal data?

If you link your AITÄH card using the application and sign in to your existing AITÄH account, or create an AITÄH account for an existing AITÄH card, or create a virtual AITÄH card using the MAXIMA application, an AITÄH account will be automatically generated, for the purposes of the administration of the application and your use of the AITÄH card/AITÄH account in the application, we will additionally process the data we have received from the operation of linking your AITÄH Card to the application or from the operation of creating and using the virtual AITÄH card. Therefore, the above personal data are processed in order to seamlessly link the AITÄH account in the application and the Loyalty Programme.

 

2.3.        Transmission of loyalty programme offers and information

Personal dataThe number of you AITÄH Card, your name, email address and/or phone number; information on your consent to received push notifications in the MAXIMA Application; information on your consent to received geolocalised notifications in the MAXIMA Application.
Legal basis for processingThe User has given their consent to the processing of their personal data for this purpose (Art. 6 (1) (a) of the GDPR).
Data retention period

The entire time you participate in the AITÄH Loyalty Programme and have not withdrawn your consent.

In addition, we will retain your consent and the proof that it was given after your participation in the programme has ended and solely to enable us to defend ourselves in the event of claims, complaints or actions brought against us.

How and for what purpose do we use your personal data?

If you give your consent, we will send you offers, account offers and partner offers through the communication channels of your choice (by telephone (text message) and/or by telephone and/or by email) (hereinafter Communication Channels).

In your AITÄH account, you will always see offers, account offers and partner offers. We can also present these offers to you on the receipt.

If you do not have an AITÄH account and/or if you have not opted in to receive them through our communication channels, you can also find offers and partner offers on our company’s website www.maxima.ee, in at the checkouts in MAXIMA store, price lists and in our newsletter (if you subscribe to it). You can see the account offers and get them at the checkouts of MAXIMA stores by asking the cashier.

You can opt out of or modify the offers, account offers and partner offers at any time through the communication channels of your choice. Please inform us of your opt-out by sending an email to klienditugi@maxima.ee or by calling us on 800 2121. Your opt-out does not prevent you from participating in the AITÄH Loyalty Programme and enjoying its other benefits.

If you opt out of the AITÄH Loyalty Programme, you will continue to receive MAXIMA’s general offers and information on your receipts, which are presented to shoppers in MAXIMA stores without processing any personal data.

 

2.4.        Paying for purchases using the MAXIMA Application

Personal dataPayment card details (first six and last four digits of the card number, expiry date, issuing country of the bank, CVC code, issuing bank, other technical information).
Legal basis for processingArticle 6(1)(b) of the GDPR
Data retention periodYour data will be retained for seven (7) years from the date of receipt.

How and for what purpose do we use your personal data?

If you participate in the AITÄH Loyalty Programme and choose to link the application to your payment card, we will process your payment data so that you can pay for your purchases through the application.

Initially, a request for the initiation of the use of this feature will be sent to the Mobapp backend API (hereinafter Processor 1) without any of the personal data mentioned above. Processor 1 forwards the request to the Loyalty Card API (hereinafter Processor 2). Processor 2 will further interact with the Gateway service intermediary (Swedbank) – Gateway is a service that can be used to enable seamless payments through the application. Swedbank sends the Gateway internet address and references, which the MAXIMA application can use to communicate directly with the Gateway. The MAXIMA application only transmits the card data entered by the customer directly with the corresponding parameters of the internet address transmitted by Gateway. Gateway confirms that the card has been added and the MAXIMA application sends a confirmation to Processor 1 that the customer has added the card. The data set that moves between processors is the Gateway reference number. Processor 1 transmits the request to Processor 2. Processor 2 communicates with Gateway via Swedbank and confirms that the card was added and MAXIMA stores in its Loyalty Base the last 4 digits of the added card, its expiry date and the recurring payment token, which can then be transmitted for payment card identification when purchases are made with the MAXIMA application.

The data collected in the AITÄH account application under the AITÄH Loyalty Programme will be retained for the periods or according to the criteria set out in the Privacy Policy of the AITÄH Loyalty Programme.

 

2.5.        Receiving and viewing digital receipts in the MAXIMA application

Personal dataThe application user’s details of the purchases made (date and time of purchase, name of the item, quantity, total purchase price, amount of discounts given with the AITÄH card).
Legal basis for processingArticle 6(1)(c) of the GDPR
Data retention period

Digital receipts are stored in the application account and the AITÄH account of the loyalty programme for two (2) years from the date of purchase.

Your purchase data will be kept for seven (7) years from the date of purchase.

In addition, we retain certain personal data after your participation in the programme has ended and solely to enable us to defend ourselves in the event of claims, complaints or actions brought against us.

How and for what purpose do we use your personal data?

If you have agreed to opt-out of paper receipts in accordance with the terms and conditions of the applications and have thereby consented to receive digital receipts, you will be able to access the digital receipts in your application account and in your AITÄH loyalty programme account.

The data collected in the AITÄH account application under the AITÄH Loyalty Programme will be retained for the periods or according to the criteria set out in the Privacy Policy of the AITÄH Loyalty Programme.

 

2.6.        Scan & Walk service

Personal dataYour AITÄH card number, your name, information about the use of this service (how many times, where and how you have used the service, how many times a full or partial check has been applied, number of shopping made after the check, whether you agree to the terms and conditions of this MAXIMA application, category of shopper, information about whether the products have been scanned correctly).
Legal basis for processingArticle 6(1)(b) of the GDPR
Data retention period

The entire time you use the MAXIMA application

In addition, we retain certain personal data after your participation in the programme has ended and solely to enable us to defend ourselves in the event of claims, complaints or actions brought against us.

How and for what purpose do we use your personal data?

If you have given your consent for the use the Scan & Walk service of the MAXIMA app, we will process your data to ensure the regular functioning of this feature.

We will also analyse the statistics on the use of this service in order to anticipate possible technical problems as well as to improve the experience of using the service.

 

2.7.        Statistics, market and application user activity research

Personal dataThe application user’s age group, region, other data from the application user’s Google or Apple account (you will find information on data of the given category in the privacy policies of (https://policies.google.com/privacy) or Apple (https://www.apple.com/privacy/), the data viewed in the application (points of sale, promotions and other offers), details of the purchases made with the application (date and time of purchase, name of the item, quantity, total purchase price, amount of discounts given with the AITÄH card).
Legal basis for processing

The processing of personal data is necessary on the basis of legitimate interest (Article 6(1)(f) of the GDPR)

It is in our legitimate interest to analyse data and produce the reports needed to assess our performance and create value for you as a customer and for the company’s business.

Data retention periodYour purchase data will be kept for seven (7) years from the date of purchase.
We use the data received as a result of automated data processing (e.g. survey results, reports, statistics) only until the objective of the given surveys/reports. is achieved. Once the objective is achieved, and if there is no other legal justification for retaining them, we destroy them.

How and for what purpose do we use your personal data?

The application is designed to bring benefits and added value to both you and our company. We make every effort to ensure that our points of sale, product and service selection, product sales promotions and discounts on goods and services best meet the needs of our customers, that goods and services can be accessed simply and easily, that the customers of our points of sale feel comfortable and that users of the application can access the information about goods and services and points of sale they need through the application.

We use automated data processing to for the purposes of statistics, market and application user activity research, as well as to prepare reports for our company. When analysing statistics, market and application user activity, we use non-personalised data and do not process your name, contact details or any other information that could identify you.

During the analysis of statistics, market and application user activity, we only see general data about all application users (e.g. the application user’s age group, region, other data from the user’s Google or Apple account (this data comes from the Google Play or App Store platform or from Google and/or Apple as operating system provider, platform provider respectively). You will find the privacy policies of Google and Apple and information on data processing on the respective websites: https://policies.google.com/privacy; https://www.apple.com/privacy/.

Analysing data for statistics, market and app user behaviour research helps us to make important business decisions about the needs of our application users regarding product selection, pricing of goods and services, development of points of sale based on the location and needs of our application users, etc.

We may also use Google Analytics, an analytics service provided by Google, to collect and analyse this information. If we use an analytics service (e.g. Google Analytics), your pseudonymised data may be shared with third parties. You can read more about how Google collects and uses this information in the Google Privacy Policy (https://policies.google.com/privacy).

Unfortunately, you will not be able to continue using the application if you do not want such information to be collected. You can stop using the application by deleting it from your smart device.

 

2.8.        Commercial notifications and personalised offers on the application

Personal data

The application user’s age group, region, other data from the application user’s Google or Apple account (you will find information on data of the given category in the privacy policies of (https://policies.google.com/privacy) or Apple (https://www.apple.com/privacy/), the points of sale, promotions and other offers viewed in the application, details of the purchases made with the application (date and time of purchase, name of the item, quantity, total purchase price, amount of discounts given with the AITÄH card).

Technical information about the use of your smart device and the application (e.g. information about the operating system of your smart device, the last time you connected to the application, the number of all connections, etc.), your location (geolocation with the accuracy provided by your phone), personalised offers made to you, history and usage information.

Legal basis for processingThe User has given their consent to the processing of their personal data for this purpose (Art. 6 (1) (a) of the GDPR).
Data retention periodUntil you delete your application account or withdraw your consent to receive commercial communications and personalised offers.
We will retain your consent and proof of your consent until the application account is deleted or longer to defend ourselves against claims, complaints or actions against us.

How and for what purpose do we use your personal data?

If you have consented to and allow your smart device to receive commercial communications and personalised offers and you have set up access to location data (geolocation with the accuracy as provided by your smart device), we will process your personal data through the application, providing (including by sending in the manner you choose in the application): text message, email, mobile (WhatsApp, Viber, Messenger, etc.), information notifications in the application) to you with commercial notifications (such as information about your nearest MAXIMA store, changes in MAXIMA store opening hours, etc., as well as general information about promotions, discounts and news on MAXIMA store goods and services, but also other useful and up-to-date information about ongoing activities and personalised offers. We believe that this information is useful, important and relevant for all users of the application.

If you have consented to receiving up-to-date and valuable notifications and personalised offers through the application, we will process your personal data in an automated manner and provide you with commercial notifications and personalised offers through the application (profiling). It is important to emphasise that our data analysis activities do not in any way affect your individual rights or interests.

You can withdraw your consent to receive commercial communications and personalised offers through profiling at any time.

Unfortunately, if you do not consent to receive commercial offers (in the form of hyperlinks and/or geolocation notifications) or withdraw your consent, we will not be able to provide you with all the benefits of the application (for example, if the application does not have access to your location data on your smart device (geolocation)), we will not be able to provide you with information about your nearest point of sale (MAXIMA store) or changes to its opening hours, or any other information relevant to you as a user of the application by means of other benefits or offers provided by geolocation), nor those related to ensuring the features of parts of the application and sending you relevant information (such as changes to this policy or terms and conditions).

If you connect the application to the AITÄH Loyalty Programme and choose to accept AITÄH Loyalty Programme offers and/or individual offers (in the form of pop-up messages and/or geolocation notifications) in your AITÄH account, we will send you AITÄH Loyalty Programme offers and individual offers in the ways you choose. You may at any time opt-out or withdraw your consent to receive personalised offers, or change the means (channels) you choose to receive notifications by making the relevant changes to the settings in the application. Unfortunately, if you do not consent or withdraw your consent to receive personalised offers, we will not be able to provide you with all the benefits of the application (e.g. personalised offers based on your shopping habits).

 

2.9.        Identity and age verification with Mobile-ID and Smart-ID

Personal dataWe process your phone number and personal identification code when you use Mobile-ID for age verification.
We process your personal identification code and country of located when you use Smart-ID for age verification.
Legal basis for processingThe legitimate interest of the controller in ensuring that customers comply with the age limit (Article 6(1)(f) of the GDPR).
Data retention periodIdentification data are retained for the period the person is a customer. When age verification is carried out, your data will be retained for 90 days from the date of age verification.

How and for what purpose do we use your personal data?

We are constantly working to improve the features of the application, create innovative solutions and make it more convenient for users.

If you are an application user and you want to get a birthday discount or sign in to your AITÄH account, and you choose the option of age verification via Mobile-ID or Smart-ID when purchasing age-restricted goods, we will process your personal data necessary for authentication and age verification via Mobile-ID or Smart-ID.

If you do not want us to process the above data, you always have the option of having age verification carried out by a customer service representative in the store when you purchase an age-restricted product.

 

2.10.    Preparation and submission of birthday discounts

Personal dataDate of birth, name, personal identification code.
Legal basis for processingThe User has given their consent to the processing of their personal data for this purpose (Art. 6 (1) (a) of the GDPR).
Data retention periodUntil you delete your application account or withdraw your consent to receive commercial communications and personalised offers.
We will retain your consent and proof of your consent until the application account is deleted or longer to defend ourselves against claims, complaints or actions against us.

How and for what purpose do we use your personal data?

If you have given your consent and allowed us to send you a birthday voucher that gives you 10% off your shopping cart, you will receive birthday congratulations and the offer on the channel of your choice. See more HERE.

 

3. Form which sources do we collect personal data?

We receive almost all of your personal data only from you. You give your personal data to us directly (e.g. by completing the registration form) and your purchase data by using the AITÄH card at MAXIMA points of sale, at the points of sale or service establishments of the partners of the AITÄH Loyalty Programme, as well as by using the application.

The data we receive from other sources than directly from you are data about your use of your AITÄH card at the points of sale or service establishment of the partners of the AITÄH Loyalty Programme. Such data are received from you and given to us by the relevant partner of the AITÄH Loyalty Programme. We need this information to properly administer the AITÄH Loyalty Programme, the AITÄH card, the associated benefits and other advantages. For more detailed information on the partners of our AITÄH Loyalty Programme, please see http://aitah.maxima.ee/.

When you pay for your purchases in MAXIMA stores using the application, we will receive your payment card details from the bank (first six and last four digits of the payment card number, expiry date, issuing bank, issuing country and other technical information related to the payment card).

Information about the sources of your personal data when using the application can be found in the terms of use and privacy policy of the application.

4. In which cases and to which third parties do we disclose your data?

We may transmit your data for processing to third parties who help us implement and administer the AITÄH Loyalty Programme. Such persons may include mobile application creators, mobile application data libraries, database software providers, database administration service providers, providers of data centre, hosting and cloud services, mobile application maintenance service providers, direct marketing service providers (including internet and mobile application), advertising (including internet and mobile application), market research or business analytics, security service providers, other service providers, etc. In all cases, we will only give the data processor as much data as is necessary for the fulfilment of a specific order or the provision of a specific service. The data processors working for us may process your personal data only in accordance with our instructions. In addition, they undertake to ensure the security of your data in accordance with applicable law and written agreements with us.

Based on your consent to participate in the AITÄH Loyalty Programme, we may also exchange your data (see Chapter 1.5 of the Privacy Policy) with AITÄH Loyalty Programme partners for the purposes of applying discounts or promotions at the points of sale or service establishments of the partners of the AITÄH Loyalty Programme and for the administration of the AITÄH Loyalty Programme.

For more detailed information on the partners of our AITÄH Loyalty Programme, please see our website http://aitah.maxima.ee/.

The data may also be submitted to competent authorities or law enforcement authorities, such as the police or supervisory institutions, but only if they request this and only if required by applicable law or in cases and procedures provided for by law, in order to safeguard our rights and the security of our shoppers, employees and resources and to disclose, bring and defend legal claims.

Information about the recipients of your personal data when you use the application is set out in the terms of use and privacy policy of the application.

5. What rights do data protection laws give you and how can you exercise them?

Data protection legislation gives you many rights that you are free to exercise, and we have to ensure that you have the option to do that. Information about your specific rights and how to exercise them is set out below in this Privacy Policy, please read it carefully.

Detailed information about your rights and how to exercise them when using the application can be found in the terms of use and privacy policy of the application.

 5.1. Right to access your personal data that we process

You have the right to obtain our confirmation as to whether we are processing your personal data, as well as the right to access the personal data processed and information about the purposes of the processing, the categories of data processed, the categories of data recipients, the period of data processing, the sources from which data are received, automated decision making, including profiling, and its meaning and consequences for you.

We provide most of this information to you in this Privacy Policy and we believe it is useful to you.

If you have an AITÄH account, you can access the personal data we process (e.g. check your current registration information, your consents), view your personal offers, get the history of your AITÄH CARD transactions (MAXIMA money earned and spent) for the last two years (except for purchases made in the BARBORA e-shop) and check your MAXIMA money balance at any time in your AITÄH account. Please note that the AITÄH account is linked to a specific AITÄH Card, therefore only the history of a valid AITÄH card will be presented on the account. If you have changed tour AITÄH Card, the usage history of the old card will not be displayed in the AITÄH account even if you have linked the cards.

If the information provided in this Privacy Policy and in your AITÄH account is not sufficient for you, you can always contact us.

 5.2. Right to rectify personal data

If the information you provided to us on your registration form has changed, or if you believe that the information we are processing about you is inaccurate or incorrect, you have the right to request that it be amended, clarified or corrected.

You can correct your data yourself on your AITÄH account or by submitting an updated registration form to the AITÄH Loyalty Programme. You can also contact us and ask us to correct or clarify your information by sending an email to klienditugi@maxima.ee or by calling us on 800 2121.

 5.3. The right to withdraw your consent

If we process your data on the basis of your consent, you have the right to withdraw your consent at any time and the processing based on your consent will be stopped.

For example, you have the option at any time to withdraw your consent to receive programme offers and information, as well as your consent to the profiling of data to provide you with personalised programme offers. Withdrawal of these consents does not prevent you from continuing to participate in the Loyalty Programme and to take advantage of its other benefits, but it does mean that we will not be able to send you any useful offers. If you do not agree to receive programme offers and information, you will still be able to view general information, MAXIMA store promotions, discounts and news, as well as general programme offers and promotions and offers and promotions for AITÄH account holders on your AITÄH account.6.

You can correct your consents (revoke or re-grant them) by submitting an updated registration form for of the AITÄH Loyalty Programme, by changing the consent settings in your AITÄH account or by contacting us as set out in Chapter 6 of this Privacy Policy. If you withdraw your consent to receive programme offers and information as well as your consent to receive personalised offers and to be profiled, we will stop sending offers from the programme within 10 working days.

However, if you withdraw your consent to participate in the AITÄH Loyalty Programme, you will no longer be able to participate in the AITÄH Loyalty Programme or the its respective part.

If your consent is no longer valid, or if it is revoked or withdrawn, we will destroy the data processed during your consent and, in the cases set out in the Privacy Policy, anonymise that data in a reliable and irreversible way.

We may retain your consent and the proof that it was given also longer after your participation in the programme has ended to enable us to defend ourselves in the event of claims, complaints or actions brought against us.

 5.4. Right to lodge a complaint

If you believe that we are breaching data protection law by processing your data, please always contact us first. We believe that with our goodwill efforts, we will be able to dispel any doubts you may have, answer your questions, satisfy your requests and correct the mistakes we have made, if any. You will find our contact details in point 8 of the Privacy Policy.

If you are not satisfied with our proposed solution to the problem, or if you believe that we are not taking the necessary steps in response to your request, you have the right to lodge a complaint with the Data Protection Inspectorate. You will find the contact details of the Data Protection Inspectorate at www.aki.ee.

 5.5. Right to object if processing is based on legitimate interests, including to profiling

You have the right to object to the processing of your personal data where it is processed in our legitimate interests and for profiling purposes. However, taking into account the objectives of the AITÄH Loyalty Programme and the balance of legitimate interests of both parties (you as the data subject and us as the controller), this may mean that by ceasing to process your data based on our legitimate interests, we will not be able to offer you the opportunity to participate in the AITÄH Loyalty Programme in the future.

If you wish to exercise the right referred to in this chapter, please submit a written request to our data protection officer.

 5.6. Right to data erasure (“right to be forgotten”)

If certain circumstances set out in the data protection legislation (unlawful processing of personal data, loss of the basis for processing, etc.) arise, you have the right to request that we erase your personal data. If you wish to exercise this right, please submit a written request to our data protection officer.

If your data are erased at your request, you will no longer be able to participate in the AITÄH Loyalty Programme or its respective part.

Please note that your registration data will be deleted without your separately submitted request and other data will be erased or anonymised in a trustworthy manner if you cease to be a member of the AITÄH Loyalty Programme or if your membership is terminated in the cases provided for in the rules.

However, we will not be able to erase your data if we are required to retain them by law (for example, we are required to retain the accounting spruce documents for seven (7) years (your purchase data)).

 5.7. Right to restrict data processing

You also have the right to restrict the processing of your personal data in certain circumstances set out in the data protection legislation (if the personal data is processed unlawfully, if you contest the accuracy of the data, if you do not consent to the processing on the basis of our legitimate interest, etc.).

If you wish to exercise the right referred to in this chapter, please submit a written request to our data protection officer.

 5.8. Right to data portability

You have the right to transfer to another data controller the data that we process with your consent and that are processed by automated means in a structured, commonly used format and in machine-readable format in accordance with the procedures set out in the GDPR. We will submit to you the data you wish to transfer in the usual computer-readable format used in our systems and, if you request it and we have the technical capacity, we will send the data directly to another data controller indicated by you.

If you wish to exercise the right pf data transfer, please submit a written request to our data protection officer.

 5.9. Procedure for processing requests

If we receive a request from you regarding the submission of data or the exercise of your other rights, we have a duty to ensure that the AITÄH Card has been issued to you to protect the data of all of our shoppers from unlawful disclosure. For this purpose, we may ask you to provide us with the most up-to-date information from your registration form (e.g. name, date of birth, email address or phone number) – we will check whether the information you provide matches the corresponding information in the registration form. As part of this verification, we may also send a verification message to the contact detail (text message or email) indicated on the registration form of the AITÄH card, asking you to undergo the authorisation process, and we may request additional documents or data. If the verification procedure fails (e.g. the information you gave in the registration form does not match the information provided in the registration form of the AITÄH Card or you do not pass authorisation by the text message or email message you received), we are forced to conclude that you are not the subject of the requested data and reject the request you have submitted.

If we receive a request from you to exercise any of your rights and the verification referred to above is successful, we are obliged to provide you with information about the action we have taken on the basis of your request, without giving any reason, without undue delay and in any case no later than one month from the date of receipt of your request and the completion of the verification. Due to the complexity and volume of requests, we have the right to extend the one-month period for a further two months, by notifying you before the end of the first month and stating the reasons for such an extension.

If you submit a request electronically, we will also respond to you electronically, unless this is not possible (e.g. because of excessive data volume) or if you ask us to respond to you in another way.

We will refuse to respond to your request with a reasoned reply (if the circumstances set out in the legislation are found to exist) by informing you thereof in writing.

6. Security of personal data

The secure retention of personal data is a priority for MAXIMA. MAXIMA makes every effort to prevent unauthorised access to and the disclosure and other unlawful processing of personal data. MAXIMA protects the confidentiality and inviolability of the personal data and ensures access to personal data in line with legal acts in force.

MAXIMA does not process personal data outside the European Economic Area and does not forward them to countries outside the European Economic Area.

In order to protect the data subject’s personal data, MAXIMA applies appropriate protective measures against (i) accidental or unlawful destruction or (ii) accidental loss, modification, unauthorized disclosure or access and (iii) any unlawful processing.

MAXIMA consistently adheres to the principle of minimising personal data and does not collect any data that can be used to directly identify a natural person (e.g. surname, address).

7. Retention of personal data

MAXIMA retains personal data for as long as the User participates in the AITÄH Loyalty Programme and has not withdrawn their consent. MAXIMA keeps the consent given by the User and the proof of consent even after the withdrawal of consent in order to defend itself against claims, complaints or actions, if necessary.

As a legal obligation, MAXIMA retains your purchase data for seven years from the date of the purchase transaction.

Purchase data are retained in the system for seven years from the date of the purchase transaction and at the end of this period, we will delete the data and/or anonymise it in a way that does not allow further processing of personal data. We will therefore irrevocably cancel the link between your AITÄH card number, the User’s registration data and the User’s other personal information.

If the User’s participation in the AITÄH Loyalty Programme is terminated earlier than the seven-year retention period of the purchase data, all of the User’s registration data and other personal information and the purchase data will be irretrievably and reliably deleted and pseudonymised.

If the User loses, blocks or replaces the card issued to them, the User has the option to link the data of the old and the new card (see the terms of use for how to do this). If the linking is successful, the purchase data of the User’s old AITÄH CARD will be linked to the purchase data of the new AITÄH Card and the processing of your purchase history will continue, subject to the seven-year processing limit.

If the User blocks their AITÄH card via their account, a temporary block will initially be applied, which is currently valid for up to three (3) months. During this period, the User will be able to unblock their account and restore it. If the User does not unblock the card within three (3) months, the card will be permanently blocked.

If MAXIMA no longer needs the personal data and their retention is not required by legal acts, the personal data are erased. MAXIMA may continue using personal data for statistical and market research purposes but only in anonymised form.

8. Contact details

MAXIMA’s address is Aiandi 13/2, 12918 Tallinn, Estonia. The email address is info@maxima.ee.

Contact details of the data protection officer:

Email address: dpo@maxima.ee

Postal address: Aiandi 13/2, 12918 Tallinn

In the case of notices or questions about personal data processing, please contact the data protection officer.

The communication between the data subject and MAXIMA is confidential and MAXIMA will seek to resolve all complaints and problems as soon as possible and in a fair manner.

9. Cookies

When you visit our website, you will be exposed to cookies (small information files sent to your computer or other device (such as your mobile phone), as well as similar analytical, functional and technical tools that can be stored in your browser. A cookie is sent to your computer or other device in order for it to store data and for us to be able to identify you as a participant in the AITÄH Loyalty Programme on our website. The information collected by the cookies allows us to provide you with a more convenient browsing experience, to present you with attractive offers and to learn more about the behaviour of our website users, to analyse trends and to improve both the website and your service and the AITÄH Loyalty Programme.

Our website also uses third party cookies and other similar technologies. These cookies are used to create a browsing history for each visitor, so that we can show you targeted advertising and ensure you have the best experience when browsing our website. If your browser allows third-party cookies to be saved, our chosen partner will have the option to save their cookies on your browser.

For more information about cookies, their use and opting out, please see the Cookie Policy.

10. Application of the Privacy Policy

The Privacy Policy does not apply to other services provided by us or our group companies, such as the www.maxima.ee website, payment services, issue of invoices, helpline or otherwise to the management of your questions, requests and/or complaints.