The controller of the personal data of the
online store www.personapro.ee is Personapro OÜ (registry code 14810197,
address Liimi 1 Tallinn, Harju County, 10621, tel +372 5259057 and e-mail
What kinds of personal data are processed:
– name, phone number and email address;
– delivery address;
– bank account number;
– price of goods and services and data related to payments (purchase history);
– customer support data.
For what purpose personal data are processed?
Personal data are used to manage the client’s orders and deliver goods. Purchase history details (date of purchase, goods, quantity, client’s details) are used for preparing an overview of the goods and services purchased and for analysing client preferences. The bank account number is used to refund payments to the client. Personal data such as email, phone number and the client’s name are processed to handle any issues relating to the provision of goods and services (customer support). The IP address or other online identifiers of users of the Online Store are processed for the provision of the Online Store in order to provide an information society service and for web use statistics.
The objective of processing personal data is to perform the contract entered into with the client. Personal data are processed to perform legal obligations (such as accounting and the settlement of consumer complaints).
Personal data are transmitted to the customer support of the Online Store to manage purchases and purchase history and settle any problems that the clients may have. The name, telephone number and e-mail address are transmitted to the transport service provider selected by the client. If the goods are delivered by a courier, the client’s address is transmitted along with their contact details. If an outside service provider handles the accounting for the Online Store, the personal data are transmitted to that service provider to perform accounting operations. Personal data may be transmitted to IT service providers if this is necessary to ensure the functionality of the Online Store or to host data.
Security and access to data
Personal data are stored in veebimajutus.ee servers located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the US who have joined the Privacy Shield framework. Personal data may be accessed by the staff of the Online Shop in order to settle technical or substantive issues related to the use of the Online Shop and to provide customer support. The Online Shop takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Personal data are transmitted to the data processors of the Online Shop (such as the providers of transport and data hosting services) and processed under contracts concluded between the Online Shop and the processors. The processors are obliged to ensure appropriate protective measures upon processing personal data.
Access to and correction of personal data
Personal data can be accessed and corrected in the user profile of the Online Shop. If a purchase is made without a user account, personal data can be accessed via customer support. The controller of the personal data Personapro OÜ forwards the personal data needed to execute payments to the processor, Maksekeskus AS.
Withdrawal of consent
If personal data are processed on the basis of the client’s consent, the client has the right to withdraw their consent by informing customer support thereof via e-mail.
Personal data are erased upon the closure of a client account of the Online Store, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes. For online purchases made without a client account, the purchase history is stored for three years. In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period. Personal data needed for accounting purposes are stored for seven years.
For the erasure of personal data, customer support must be contacted via e-mail. Requests for erasure are responded to within one month and the period of erasure is specified.
Requests to transmit personal data submitted via e-mail are responded to within one month.
Customer support identifies the person and indicates what personal data are to be transmitted.
Direct marketing messages
The email address and telephone number are used for sending direct marketing messages if the client has given their consent to receiving such messages.
If the client does not wish to receive direct marketing messages, the client should select the relevant link at the footer of the e-mail or contact customer service. Where personal data are processed for the purposes of direct marketing (profiling), the client has the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time by notifying customer support thereof via email.
Disputes concerning the processing of personal data are settled via customer support (tel. +372 525 9057 or e-mail firstname.lastname@example.org). The supervisory authority is the Estonian Data Protection Inspectorate (email@example.com).