General Principles for Data Processing
1. Data controller
1.1 Data controller is VIIRASTUS OÜ Reg. code 14181330; Harjumaa, Tallinn, Võistluse street 1-A10, 10132; phone number +372 556 524 30.; E-mail: email@example.com.
1.2 VIIRASTUS OÜ will transmit the necessary personal data for the payment process to the data processor Maksekeskus AS.
2. Personal data processed
2.1 First and last name;
2.2 Phone number;
2.3 E-mail address;
2.4 Postal address;
2.5 Value of goods and services;
2.6 Bank account number.
3. Purposes of processing
3.1 Personal data is processed to manage client orders, for shipping and delivery;
3.2 Purchase history data (date of purchase, goods purchased, quantity, client data) will be used to compose overviews of purchased products and for client-preference analysis;
3.3 Bank account number will be processed in order to make payments;
3.4 Personal data such as e-mail aadress, phone number and client’s name will be processed in order to resolve disputes or answer questions regarding goods and services;
3.5 The IP address or other web identifiers of a user of the web-shop are processed for the provision of the web-shop as an information society service and for web use statistics.
4. Legal basis
4.1 Data will be processed in order to create and enforce sale contract.
4.2 Data will be processed in order to comply with law (e.g. for bookkeeping purposes and in order to resolve customer disputes);
5. Transfer of data to the processors
5.1 Personal data will be forwarded to webshop customer support in order to manage purchases and purchase history, and in order to resolve customer disputes;
5.2 Name, phone number and e-mail address will be forwarded to transport and/or shipping service provider chosen by the customer. If order is being transported via courier service, the address provided will be forwarded aswell.
5.3 Personal data will be forwarded to a bookkeeping service provider chosen by the data controller.
5.4 Personal data may be transmitted to IT service providers if this is necessary for ensuring the functionality of the online shop or for data hosting.
6. Security and access to data
6.1 Personal data is stored on Viirastus OÜ data carriers and servers (including backups stored on cloud hosting company servers) which are located in the territories of countries that belong to the European Union or EU economic region.
6.2 Data may be forwarded to countries whose data-protection level has been assessed as adequate by the European Comission and to USA based companies, who have joined the Privacy Shield framefork.
6.3 Personal data is made accessible to customer support of the online shop for managing purchases and purchase history and to provide customer support;
6.4 The web-shop takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
6.5 Personal data is transmitted to the data processors of the web-shop (such as the providers of transport and data hosting services) and processed under contracts concluded between the online shop and the processors.
6.6 The processors must ensure appropriate safety measures when processing personal data.
7. Access and rectification of personal data
Personal data can be accessed and rectified in the user profile of the online shop. When a purchase has been made without a user account, personal data can be accessed through customer support.
8. Withdrawl of consent
8.1 When personal data is processed on the basis of the customer’s consent, the customer has the right to withdraw his/her consent by notifying customer support by email.
8.2 Withdrawl of consent does not have retroactive effect and it does not have affect on data which was legally processed during the time before the withdrawl of consent.
9.1 Personal data is erased upon the closure of a customer account of the web-shop, unless the storage of the data is necessary for bookkeeping purposes or for the settlement of customer disputes.
9.2 If purchases are made without a customer account, the purchase history is stored for three years.
9.3 In the event of disputes concerning payments and customer disputes, the personal data will be stored until the claim is satisfied or until the end of the limitation period.
9.4 Personal data needed for bookkeeping purposes is stored for seven years.
10.1 In order to erase personal data, customer support must be contacted via e-mail.
10.2 Requests to erase persoal data will be responded to no later than within one month and the period of erasure will be specified.
11. Transmission of data
Requests to transmit personal data submitted via email are responded to within one month. Customer support identifies the person and indicates what personal data is possible for transmission.
12. Direct marketing messages
12.1 Email address and phone number are used for sending direct marketing messages if the customer has given the respective consent. If the customer does not want to receive direct marketing messages, the customer should select the link at the footer of the email or contact customer service.
12.2 If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support via email firstname.lastname@example.org
13. Settling disputes
13.1 Disputes concerning the processing of personal data are settled through customer support. (VIIRASTUS OÜ Reg. nr. 14181330; Harjumaa, Tallinn linn, Võistluse tn 1-A10, 10132; phone number +372 556 524 30. ; Email: email@example.com).
13.2 In order to settle disputes conserning data protection, or if the customer finds that data processing does not comply with data protection laws and general rules, the customer has the right to turn to the state supervision authority. The monitoring agency for data protection in Estonia is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).