PROCESSING OF PERSONAL DATA
Data controller of the online store EGGPOOD.EE is Big Green Egg Eesti OÜ (registry code 14763233), seat Maasiku, Adra Village, Harku Rural Municipality, Harju County, phone +372 501 7303, e-mail email@example.com. The online store transmits personal data necessary for making payments to the data processor Maksekeskus AS.
PERSONAL DATA THAT IS PROCESSED
- Phone number and e-mail address
- Delivery address
- Bank account number
- Cost of goods and services and payment details (purchase history)
- Customer support details
PURPOSE OF PROCESSING PERSONAL DATA
Personal data is used for managing the customer’s orders and delivering goods.
Purchase history data (purchase date, goods, quantity, customer data) is used for preparing an overview of the purchased goods and services and for analysing customer preferences.
Bank account number is used for refunding payments to the customer.
Personal data such as e-mail address, phone number, customer name is processed to resolve issues related to the provision of goods and services (customer support).
IP address or other network identifiers of the online store user are processed for providing the online store as an information society service and for compiling online usage statistics.
Personal data is processed for the purpose of performing the contract entered into with the customer.
Personal data is processed for performing a legal obligation (e.g. accounting and resolving consumer disputes).
Recipients to whom personal data is transmitted
Personal data is transmitted to the online store customer support to manage purchases and purchase history and to resolve customer problems.
Name, phone number and e-mail address are transmitted to the transport service provider chosen by the customer. In case of goods to be delivered by a courier, the customer’s address is also transmitted in addition to contact details.
If online store accounting is carried out by a service provider, personal data is transmitted to the service provider for accounting operations.
Personal data may be transmitted to information technology service providers if this is necessary for ensuring the functionality of the online store or data hosting.
SECURITY AND ACCESS TO DATA
Personal data is stored in zone.ee servers located in the territory of a member state of the European Union or state that has joined the European Economic Area. Data may be transmitted to states whose level of personal data protection has been assessed to be adequate by the European Commission and to US companies that are members of the Privacy Shield framework.
Access to personal data is provided to online store employees who can access personal data to resolve technical issues concerning the use of the online store and to provide customer support services.
The online store implements relevant physical, organisational and information technological security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Transmission of personal data to online store data processors (e.g. transport service provider and data hosting) takes place pursuant to contracts entered into between the online store and data processors. Data processors are obligated to ensure relevant protective measures when processing personal data.
ACCESS TO AND RECTIFICATION OF PERSONAL DATA
Personal data can be accessed and rectified in the online store user profile. If the purchase was made without a user account, personal data can be accessed via customer support.
WITHDRAWAL OF CONSENT
If personal data is processed pursuant to the customer’s consent, the customer has the right to withdraw their consent by notifying customer support by e-mail.
Personal data is deleted when the online store customer account is closed unless such data needs to be stored for accounting or for resolving consumer disputes.
If the purchase was made in the online store without a customer account, the purchase history is stored for three years.
In case of disputes related to payments and consumer disputes, personal data is stored until the claim is fulfilled or the limitation period expires.
Personal data required for accounting is stored for seven years.
To erase personal data, contact customer support by e-mail. A request for erasure is responded to no later than within one month and the period of erasing data is specified.
A request for the transmission of personal data submitted by an e-mail is responded to no later than within one month. Customer support identifies the person and notifies them of personal data subject to portability.
DIRECT MARKETING MESSAGES
E-mail address and phone number are used for sending direct marketing messages if the customer has given the respective consent. If the customer does not wish to receive direct marketing messages, they need to select the respective option in the e-mail footer or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to contest both the original and subsequent processing of their personal data, including profiling related to direct marketing, at any time by notifying customer support by e-mail.
Disputes related to the processing of personal data are resolved through customer support (firstname.lastname@example.org). The supervisory authority is the Estonian Data Protection Inspectorate (email@example.com).