The online store processes personal data for the purpose of concluding a contract, performing the contract and resolving legal disputes arising from the contract (Article 6 (1) (f) of the General Data Protection Regulation).
With the consent of the data subject, the online store processes personal data for the purposes of direct marketing and for the development of products and new products (Article 6 (1) (a) of the General Data Protection Regulation). The data subject may withdraw his or her consent to the processing of personal data for this purpose at any time.
In the case provided by law, the online store processes personal data for the purpose of collecting official statistics or other legal obligations (incl. Accounting obligations, settlement of consumer disputes, tax accounting obligations, etc.) (Article 6 (1) (e) of the General Personal Data Protection Regulation). In the case provided by law, the online store issues personal data at the request of a court, investigative body, extra-judicial body conducting proceedings or a law enforcement body.
The online store processes the following personal data:
(a) the name, telephone number and e-mail address of the buyer;
(b) the address for delivery of the goods;
(c) the name and number of the payer’s bank account holder;
(d) cost of goods and services and details of payments (purchase history);
(e) contact details for customer support;
- f) the user’s default language choice;
(g) the equipment and software used to visit the user’s online store and the history of the visit;
(h) a list of purchase requests;
(i) the e-mail address for delivery of the purchase notification.
Personal data is used to manage customer orders, deliver goods, manage purchase requisitions, make purchase recommendations and as a general input for the further development of the online store.
Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyze customer preferences.
The name and number of the bank account holder are used to return payments to the customer.
Personal data, such as e-mail, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support).
The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and to compile online usage statistics.
Personal data may be used for customer profile analysis only with the prior consent of the data subject.
Publication and disclosure of personal data
In addition to the cases specified in clause 6, personal data is transmitted (published) to the online store’s customer support for the management of purchases and purchase history and for resolving customer problems. The online store forwards the personal data necessary for making payments to the authorized processor Maksekeskus AS for making payments.
The customer’s name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer’s address and the data provided by the customer shall also be forwarded to the deliverer of the goods.
The client’s data is forwarded to the accounting service provider for the preparation of accounting documents,
to keep the accounts and to fulfill the legal obligations relating to the accounts.
The online store may transfer the customer’s personal data to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
Security and access to data
Personal data is stored on the servers of service providers located in the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated to the Privacy Shield framework.
The employees of the online store have access to personal data, who can access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.
The Online Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure. A confidentiality agreement is concluded with all persons who have access to personal data.
The transfer of personal data to the authorized processors of the online store (eg transport service provider and data hosting) takes place on the basis of agreements concluded with the online store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
Access to and correction of personal data
Personal data can be accessed and corrections made to the online store’s user profile. The personal information of users is entered into the legal information system by the customer’s contact person, but all users can see their personal data and change or supplement it.
If the purchase has been made without a user account, personal data can be accessed via client support. In this case, only the personal data provided by the buyer himself when making the purchase and the data of the purchased products will be processed.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.
Retention of personal data
When closing the customer account of the online store, personal data will be deleted, unless such data needs to be kept for accounting, official statistics or for resolving consumer disputes.
If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years.
In the case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires.
Personal data required for accounting purposes shall be kept for seven years.
Deletion and transfer
To delete personal information, contact customer support via email. A request for erasure shall be answered no later than one month and the period for erasure of data shall be specified.
A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of the personal data that is to be transferred.
Direct marketing communications
The e-mail address and telephone number will be used to send direct marketing messages if the customer has given his consent. If the customer does not wish to receive direct marketing communications, please select the appropriate link in the footer of the email or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including direct marketing profiling by notifying customer support by e-mail (this must be clearly and separately from any other information).
Complaints and questions related to the processing of personal data can be sent to the online store at email@example.com;
In order to resolve disputes related to the processing of personal data, the data subject may apply to the Estonian Data Protection Inspectorate (Tatari 39, 10134 Tallinn, tel. +372 5620 2341) or to a Estonian Court.