PROCESSING OF PERSONAL DATA
ERDMAN OÜ’s personal data processor is itashop.ee (reg. N 16289285), located at Välja tee 6-3, Tiskre, 76916, Harjumaa, telephone (+372) 58 58 50 46 and e-mail email@example.com. The processor has appointed a data protection officer whose contact details are: (+372) 58 58 50 46 and e-mail firstname.lastname@example.org
What personal data is processed
– name, phone number and email address,
– delivery address;
– Bank account number;
– the cost of goods and services and payment information (purchase history);
– information about customer support.
Purpose for which personal data is processed
Personal information is used to manage customer orders and deliver goods.
Purchase history data (date of purchase, position, quantity, customer information) is used to compile an overview of purchased goods and services and analyze customer preferences.
The bank account number is used to return payments to the customer.
Personal information, such as email, phone number, customer name, is processed to resolve issues related to product and service (customer support).
The IP address of the user of the online store or other network identifiers are processed by the online store in order to provide information society services and statistics on the use of the network.
Personal data is processed for the purpose of fulfilling a contract with a client.
The processing of personal data takes place in order to fulfill a legal obligation (for example, accounting and settlement of consumer disputes).
Data processing is carried out with the consent of the client for the following actions: marketing, notification of new products and campaigns of interest to the client.
Recipients to whom personal data is transferred
Personal information is transferred to the online store’s customer support to manage purchases and purchase history, as well as to solve customer problems.
The name, phone number and email address will be forwarded to the transport provider of your choice. In the case of goods delivered by courier, the buyer’s address must be provided in addition to the online information.
If the online store is operated by a service provider, personal data will be transferred to the service provider for accounting purposes.
Personal information may be transferred to information technology service providers if it is necessary to provide the functionality of an online store or data hosting.
Security and data access
Personal data is stored on the servers of VIRTUAAL.COM OÜ located in the territory of a member state of the European Union or countries that have entered the European Economic Area. Data can be transferred to countries that have been assessed by the European Commission as having an adequate level of data protection, and to US companies that are affiliated with the Privacy Shield structure.
Access to personal information is available to employees of the online store, who can access personal information to resolve technical issues related to the use of the online store and to support customers. The online store implements appropriate physical, organizational and information security measures to protect personal information from accidental or illegal destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to trusted processors of the online store (for example, transport service provider and data hosting) is governed by agreements with the online store and trusted processors. Processors are required to provide appropriate guarantees for the processing of personal data.
ERDMAN OÜ is a personal data processor and transfers personal data necessary for making payments to a trusted processor PaySera.com.
Access and rectification of personal data
You can familiarize yourself with personal data and make changes in the profile of the online store. If a purchase was made without a user account, personal information can be accessed through support.
Withdrawal of consent
If personal data is processed with the consent of the client, the client has the right to revoke the consent by notifying the support service by e-mail.
Closing the customer account of the online store will result in the deletion of personal information, unless it is necessary to retain such data for accounting purposes or for resolving disputes with consumers.
If a purchase is made without a customer’s online store account, the purchase history is retained for three years.
In the event of disputes regarding payments and consumer disputes, personal data is retained until the claim is satisfied or until the expiration of the limitation period.
Personal data required for accounting purposes is stored for seven years.
You must contact support via email to delete your personal information. A request for deletion must be answered within no more than one month and a period for deletion must be indicated.
Requests for the transfer of personal data by e-mail must be answered within a maximum of one month.
The support service identifies and informs you of the personal data to be transferred.
The email address and phone number will be used to send marketing communications subject to the customer’s consent. If a customer does not want to receive marketing notifications, please select the appropriate link at the bottom of the email or contact customer service.
If personal data is processed for marketing purposes (profiling), the customer has the right at any time to object to the initial and further processing of his personal data, including profiling analysis related to direct marketing, by notifying the support service by e-mail.
Disputes related to the processing of personal data are resolved through the support service (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).