PROCESSING OF PERSONAL DATA
The chief processor of personal data of the online store Hiigelmullid.ee is Nutisahver OÜ (registry code 12970077) located at Selleri 13/3, Laagri, Saue, Harjumaa, phone 56643394 and e-mail firstname.lastname@example.org.
1. What personal data is processed
- name, phone number and email address
- delivery address
- Bank account number
- cost of goods and services and data related to payments (purchase history)
- customer support information
2. For what purpose is personal data processed?
- Personal data is used to manage customer orders and deliver goods.
- Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyze customer preferences.
- The bank account number is used to return payments to the customer.
- Personal data, such as e-mail, telephone number, customer name, is processed to resolve issues related to the provision of goods and services (customer support).
- The IP address or other network identifiers of the online store user are processed to provide the online store’s information society service and to compile online usage statistics.
3. Legal basis
- Personal data is processed for the purpose of fulfilling the sales / service agreement concluded with the customer.
- The processing of personal data is carried out in order to fulfill a legal obligation (eg accounting and settlement of consumer disputes).
4. Recipients to whom personal data are transmitted
- The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer.
- In the case of goods delivered by courier, the customer’s address will be provided in addition to the contact details.
- Personal data is passed on to the service provider for accounting purposes.
- Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
5. Security and access to data
- Personal data is stored on Veebmajutus.ee servers located in the territory of a Member State of the European Union or countries that have joined the European Economic Area.
- Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated to the Privacy Shieldframework.
- Employees or subcontractors of the online store have access to personal data, who can access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.
- The Online Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
- The transfer of personal data to the authorized processors of the online store (eg transport service provider, data hosting, provision of customer support) takes place on the basis of agreements concluded with the online store and the authorized processors. Authorized processors are required to ensure appropriate safeguards for the processing of personal data.
6. Access to and correction of personal data
- Personal data can be accessed and corrections made to the user profile of the online store. If the purchase has been made without a user account, personal data can be accessed via customer support.
7. Withdrawal of consent
- If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.
- When closing the customer account of the online store, personal data will be deleted, unless such data needs to be kept for accounting or resolving consumer disputes.
- If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years.
- In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is fulfilled or the limitation period expires.
- The personal data required for accounting purposes shall be kept for seven years.
- To delete personal information, contact customer support via email. A request for erasure shall be answered within a month at the latest and the period for erasure shall be specified.
- A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of personal information that is subject to transfer.
11. Direct marketing announcements
- The e-mail address and telephone number will be used to send direct marketing communications if the customer has given their consent.
- If the customer no longer wishes to receive direct marketing communications, please select the appropriate link in the footer of the email or contact customer support.
- If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including profiling related to direct marketing, by notifying the customer support by e-mail.
12. Solving arguments
- Disputes related to the processing of personal data are resolved through customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).