1. Processing of personal data
The personal data controller of the remedybaltic.eu webshop is RemedyBaltic OÜ (registration code 16419184), tel +372 53484300 and e-mail info@remedybaltic.eu.
What personal data is processed
* name, phone number and e-mail address;
* delivery address;
* bank account number;
* the cost of goods and services and payment details (purchase history);
* customer support details.
Purposes for which personal data is processed
* Personal data is used for the management of customer orders and delivery of goods.
* Purchase history data (date of purchase, goods, quantity, customer details) is used to create an overview of goods and services purchased and to analyse customer preferences.
* The bank account number is used to return payments to the customer.
* Personal data such as e-mail, telephone number, customer name, are processed to resolve issues related to the provision of goods and services (customer support).
* The IP address or other network identifiers of the user of the online shop are processed for the purpose of providing the online shop as an information society service and for the purpose of web usage statistics.
2. Legal basis
The processing of personal data is carried out for the purposes of the performance of a contract with a customer.
Processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting and consumer dispute resolution).
Recipients to whom personal data are disclosed
Personal data will be transferred to the online shop’s customer support for the purpose of managing purchases and purchase history and resolving customer issues.
The name and telephone number will be forwarded to the transport service provider chosen by the customer and/or to the supplier of the goods if the supplier is the sender of the goods. In the case of goods to be delivered by courier or if the customer orders the goods to a post office, the customer’s address will be transmitted in addition to the contact details.
If the accounting of the online shop is carried out by the service provider, the personal data will be transferred to the service provider for the purpose of carrying out accounting operations.Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality or data availability of the online shop.
3. Security and access to data
Personal data is stored on the servers of Veebimajutus.ee, which are located in the territory of a Member State of the European Union or in the territory of a country that has joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to companies that have signed up to the Privacy Shield framework.
Access to personal data is granted to the employees of the online shop, who can access personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services.
The online shop implements appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
The online shop is the controller of the personal data, the online shop forwards the personal data necessary for the processing of payments to the processor Montonio Finance OÜ.The transfer of personal data to the processors of the online shop (e.g. the transport service provider and data storage) is based on the agreements between the online shop and the processors. The processors are obliged to ensure appropriate safeguards when processing personal data.
4. Access and rectification of personal data
Personal data can be accessed and corrected in the online shop’s user profile. If a purchase has been made without a user account, the personal data can be accessed via customer support.
5. Withdrawal of consent
If the processing of personal data is based on the consent of the customer, the customer has the right to withdraw the consent by informing Customer Support by e-mail.
6. Storage
Personal data will be deleted when you close your online shop account, unless such data needs to be stored for accounting purposes or to resolve consumer disputes.
If a purchase is made in an online shop without a customer account, the purchase history is kept for three years.
In the case of disputes relating to payments and consumer disputes, personal data will be kept until the claim is settled or the limitation period expires.
Personal data necessary for accounting purposes are kept for seven years.
7. Deletion
In order to delete personal data, you must contact customer support by e-mail. A reply to the deletion request will be sent within one month at the latest, specifying the period of deletion.
8. Transfer
Requests for transfer of personal data made by e-mail will be answered within one month at the latest. Customer Support will verify the identity and notify the personal data to be transferred.
9. Direct marketing communications
The email address and telephone number will be used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, he/she should select the appropriate reference in the footer of the e-mail or contact customer support.
Where personal data is processed for the purposes of direct marketing (profiling), the customer has the right to object at any time to both the initial and further processing of his or her personal data, including profiling in relation to direct marketing, by informing Customer Support by e-mail (this information must be provided clearly and separately from any other information).
10. Dispute settlement
Disputes relating to the processing of personal data can be resolved through customer support (e-mail: info@remedybaltic.eu). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).