HANDLING OF PERSONAL DATA
Responsible for handling personal data in webshop Hiigelmullid.ee is Nutisahver OÜ (registry code 12970077), located in Estonia, Harjumaa, Saue county, Laagri, Selleri 13/3. Phone +372 56643394, e-mail email@example.com
What personal data is handled
- name, phone number, e-mail address;
- goods delivery address;
- bank account number;
- cost related to goods and services and data related to payments (sales history);
- customer support data.
Aim for handling personal data
Personal data is used to handle orders and deliver goods.
Sales data (date, goods, quantity, customer data) is used to create summary of sold goods and services and to research customer preferences..
Bank account number is used for return payments.
Personal data, such as e-mail, phone, name, are handled to solve issues arising out of the ordering of goods (customer support).
IP address of webshop user or other network identificators are handled for webshop as information society service provider and taking out usage statistics of internet.
Handling of personal data takes place to fulfil agreement signed with the customer.
Handling of personal data, takes place to fulfil legal responsibilities (book-keeping, customer complaints management).
Receivers, getting to know about personal data
Name, phone, e-mail address are forwarded to the delivery service provider. In case courier is supposed to deliver goods, additionally customer address is forwarded
If book-keeping is handled by sub-contractor, personal data is forwarded there to take care of book-keeping activities.
Personal data may be forwarded to IT service provider in case it is nescessary to assure functionality or data storage needs.
Access to data and security
Personal data is kept in the servers of Roller Äritarkvara OÜ, which are located in the territory of EU or Europe´s economic area. Data may be forwarded to countries, which´s personal data handling level has been confirmed to be sufficient and to USA companies being members of Privacy Shield framework.
Access to perosonal data, is granted for the employees of webshop, who can get aqcuinted with personal data in order to solve issues arising out of the usage of webshop and to offer customer support.
Webshop is applying relevant physical, organizational and IT technical security measures, to protect personal data from being accidentally or illegally destroyed, lost, altered, accessed without consent or published.
Forwarding of personal data to the authorized handler ( ex. delivery partner, data storage) takes place based on the agreements between webshop and authorized handler. Upon handling personal data, authorized person must assure proper security measures..
Getting acquinted with personal data and updating
Personal data can be seen and corrected in webshop´s user profile. Once sales takes place without user profile creation, personal data can be get acquinted with the help of customer support.
Taking back consent
Once personal data handling takes place according to customer consent, latter may give up consent by informing customer support via e-mail.
Upon closing of customer account, customer data is erased, except in case data is needed to be stored for the sake of book-keeping or to solve customer complaints.
In case purchase in webshop took place without customer profile creation, sales history is stored for 3 years.
Complaints related to payments and customer complaints´ , customer data is stored until requirements are fulfilled or till the end of expiration deadline.
Data needed for book-keeping is stored for 7 years.
In order to delete personal data, one has to contact customer support via e-mail. Deletion request is replied during the month latest and data deletion period is clarified.
Request to transfer personal data, received via e-mail, are replied within one month. Customer support is identifying person´s identity and informs about personal data being object for transfer.
Direct marketing messages
E-mail address and phone is used to send direct marketing messages, once customer has submitted his/her consent beforehand. In case customer do not want to receive direct marketing messages, proper reference in bottom of e-mail must be chosen or customer support contacted.
In case personal data is handled to profile for direct marketing, customer has right to appeal regarding handling of personal data (including profiling for direct marketing) regarding handling of it in the first place and in the futuure via sending his/her appeal to customer support by e-mail.