PROCESSING OF PERSONAL DATA
The controller of the personal data of the online shop is Bane Roco OÜ registry code 10506203 located at Tallinn, Betooni 11E, tel +372 600 7764, +372 6007763 and e-mail email@example.com
- What kind of personal data is processed
- name, phone number and email address;
- delivery address;
- bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support data.
- Why is the personal data processed
- Personal data is used to manage the Customer’s orders and to deliver goods.
- Details regarding the purchase history (date of purchase, goods, quantity, customer’s data) are used for preparing summaries of goods and services purchased and for analyzing Customer preferences.
- The bank account number is used to reimburse payments to the customer.
- Personal data such as email, phone number and the customer's name are processed to handle any issues relating to the provision of goods and services (customer support).
- The IP address or other web identifiers of a user of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.
- Legal grounds
- Personal data is used to fulfill the Sales Contract between Bane Roco OÜ a and the Customer.
- Personal data is retained until the repeat customer contract is concluded.
- Personal data that Bane Roco is required by law to retain (i.e bookkeeping), Bane Roco shall retain as stated and required by legislation.
- Recipients of personal data
- Personal data is transmitted to the customer support of the online shop for managing purchases and purchase history and for settling any problems that the customers may have.
- The name, phone number and email address are transmitted to the delivery service provider selected by the Customer. When the goods are delivered by a courier, the Customer’s address is also transmitted along with other contact details.
- Personal data my be transmitted to any service providers that are needed for ensuring the functionality of the webshop (i.e webhosting).
- Bane Roco OÜ transmits personal data needed to process payments for orders to authorized company Maksekeskus AS.
- Security and access to data
- Personal data is stored in the servers of zone.ee, which are located on the territory of a member state of the European Union or states of the European Economic Area.
- Data may be transferred to the countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the USA who have joined the Privacy Shield framework.
- Personal data can be accessed by the staff of the online shop in order to settle technical issues related to the use of the online shop and to provide customer support.
- The webshop takes appropriate physical, organizational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
- Personal data are transmitted to the data processors of the online shop (such as the providers of transport and data hosting services) and processed under contracts concluded between the online shop and the processors. The processors must ensure appropriate safeguards when processing personal data.
- Access to and modification of personal data
- Personal data can be accessed and modified in the user profile of the online shop. When a purchase has been made without a user account, personal data can be accessed through customer support.
- Withdrawal of consent
- Where personal data is processed on the basis of the Customer’s consent, the customer has the right to withdraw his/her consent by notifying customer support by email.
- Personal data is erased upon the closure of a customer account of the online shop, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.
- For online purchases made without a customer account, the purchase history is stored for three years.
- In the event of disputes concerning payments and consumer disputes, personal data is stored until the claim is satisfied or until the end of the mandatory time period.
- Personal data needed for accounting purposes is stored for seven years.
- For the erasure of the personal data, customer support must be contacted via email. Requests of erasure are responded to no later than within one month and the period of erasure shall be specified.
- Requests to transmit personal data submitted via email are responded to within one month. Customer support identifies the person and indicates what personal data is to be transmitted.
- Direct marketing messages
- Email address and phone number are used for sending direct marketing messages if the Customer has given their consent. If the Customer does not want to receive direct marketing messages, the Customer should select the relevant link at the footer of the email or contact customer service.
- Where personal data are processed for direct marketing purposes (profiling), the customer has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support thereof via email (the respective information must be submitted clearly and separately from any other information).
- Resolving disputes
- The Customer has a right to turn to the Estonian Data Protection Inspectorate (firstname.lastname@example.org) for the protection of their personal data. Estonian Data Protection Inspectorate is a governmental establishment to whom Customers may turn to in case of questions regarding protection of personal data.
- In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.