PERSONAL DATA PROCESSING
The data controller for the online store Käekellad.ee is MP Kaubandus OÜ (registry code 12686155) located at Tulika 19, 10613 Tallinn, phone number 5656 2491 and e-mail firstname.lastname@example.org.
What personal data is processed
The name, phone number and email address of the data subject;
bank account number;
cost of goods and services and data related to payments (purchase history);
customer support data.
Why personal data is processed
Personal data is used to manage the customer’s orders and to deliver goods.
Purchase history details (date of purchase, goods, quantity, customer’s details) are used for preparing summaries of goods and services purchased and for analysing customer preferences
The bank account number is used to reimburse payments to the customer. Personal data such as e-mail address, telephone number, customer’s name are processed in order to resolve issues relating to the provision of goods and services (customer support).
The IP addresses or other online identifiers of users of the online store are processed for the store as an information society service provider and for web use statistics.
Personal data is processed for the purpose of fulfilling a contract entered into with the customer.
Personal data is processed to perform legal obligations (such as accounting and the resolution of client complaints).
Data is processed with the customer’s consent for the following purposes: direct marketing
Recipients of personal data
Personal data is forwarded to the customer support of the online store to manage purchases and purchase history and to resolve any problems that customers may have.
Name, telephone number and e-mail address are forwarded to the transport service provider selected by the customer.
If the goods are delivered by a courier, the customer’s contact details, as well as their address, are forwarded to the courier.
If an outside service provider handles the accounting for the online store, the personal data is forwarded to that service provider to perform the accounting operations.
Personal data may be forwarded to IT service providers if this is needed to ensure the functionality of the online store or to host data.
Security and access to data
Personal data is stored in the servers, which are located on the territory of a member state of the European Union or states of the European Economic Area.
Data may be transferred to countries whose data protection levels have been assessed as adequate by the European Commission and to companies in the United States that have joined the Privacy Shield framework.
The staff of the online store has access to personal data in order to resolve technical issues related to the use of the online store and to provide customer support.
The online store takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Personal data is transmitted to data processers of the online store (such as the providers of transport and data hosting services) and processed under contracts entered into between the online store and the processers.
The processers must ensure appropriate safeguards when processing personal data.
Access to and correction of personal data
Personal data can be accessed and corrected in the user profile of the online store.
If a purchase is made without a user account, personal data can be accessed via customer support.
Withdrawal of consent
If personal data is processed on the basis of the customer’s consent, the customer has the right to withdraw their consent by informing customer support thereof via e-mail.
Personal data is erased upon the closure of a customer account in the online store, unless the storage of the data is necessary for accounting purposes or for the resolution of client disputes.
For online purchases made without a customer account, the purchase history is stored for a term of three years.
In the event of disputes concerning payments and client disputes, the personal data is stored until the meeting of the claim or until the end of the limitation period (three years).
Personal data needed for accounting purposes is stored for seven years.
For the erasure of personal data, customer support must be contacted via e-mail. Requests for erasure are responded to within one month and the period of erasure is specified.
Transfer of data
Portability requests submitted by e-mail are responded to within one month. Customer support identifies the person and informs them of the personal data subject to portability.
Direct marketing messages
The e-mail address is used for sending direct marketing messages if the customer has consented to receiving such messages. If the customer does not want to receive direct marketing messages, the customer must select the relevant link at the header of the e-mail message or contact customer service.
Where personal data is processed for the purposes of direct marketing (profiling), the customer has the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time by notifying customer support thereof via e-mail.
Resolution of disputes
Disputes concerning personal data processing are settled through customer support (email@example.com).
The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).