Processing of personal data
Online shop www.evender.ee The data controller is Evender Nordic OÜ (registration number 11035912), located at Tuleviku tee 2, Peetri village, 75312 Rae Municipality, Harjumaa, tel. 67 15 746 and email evender@evender.ee.
What personal data is processed:
- name, phone number and email address;
- delivery address for goods;
- Bank account number;
- Cost of goods and services and payment-related data (purchase history);
- Customer data.
For what purpose is personal data processed
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, item, quantity, customer details) is used to compile an overview of goods and services purchased and to analyse customer preferences.
The account number is used to refund payments to the customer.
Personal data such as e-mail address and phone number are processed to resolve issues related to the provision of goods and services (customer support).
Eesti keeles:
Veebipoe kasutaja IP-aadressi või teisi võrguidentifikaatoreid töödeldakse veebipoe kui infoühiskonna teenuse osutamiseks ning veebikasutusstatistika tegemiseks.
Inglise keeles (UK):
The user's IP address or other network identifiers are processed to provide the e-shop as an information society service and to create web usage statistics.
Legal basis
Personal data processing is carried out for the purpose of fulfilling the contract concluded with the client. Personal data processing is carried out for the purpose of fulfilling a legal obligation (e.g. accounting and consumer dispute resolution).
Recipients to whom personal data are transmitted
Personal data will be provided to the online shop's customer support for the management of purchases and purchase history, and for resolving customer issues.
The name, phone number, and email address will be forwarded to the transport service provider chosen by the customer. If the item is delivered by courier, the customer's address will also be forwarded in addition to the contact details.
If the e-shop's accounting is carried out by a service provider, personal data will be transferred to the service provider for the purpose of carrying out accounting activities.
Personal data may be transferred to IT service providers when necessary to ensure the functionality of the online shop or data hosting.
Security and data access
Personal data is held on zone.ee servers located within the territory of a Member State of the European Union or a country affiliated with the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission, and to US companies that have joined the Privacy Shield framework.
Access to personal data is available to online shop employees, who can view personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services.
The online shop implements appropriate physical, organisational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorised access and disclosure.
The transfer of personal data to authorised processors of the online shop (e.g., transport service provider and data hosting) is carried out on the basis of agreements concluded between the online shop and the authorised processors. Authorised processors are obliged to ensure appropriate security measures when processing personal data.
Viewing and processing personal data
Personal data can be viewed and amended in the online shop's user profile. If a purchase was made without a user account, personal data can be accessed through customer support.
Withdrawal of consent
If personal data processing takes place on the basis of the client's consent, then the client has the right to withdraw their consent by informing customer support via email.
Storage
When a web shop customer account is closed, personal data will be deleted, unless such data needs to be retained for accounting purposes or for dispute resolution. If a purchase has been made in the web shop without a customer account, the purchase history will be retained for three years.
In the event of disputes related to payments and consumer disputes, personal data shall be retained until the claim is settled or the statute of limitations expires.
Personal data required for accounting is retained for seven years.
Deletion
To have your personal data deleted, you need to contact customer support via email. Your deletion request will be responded to no later than one month, and the period for data deletion will be specified.
Transfer
Requests for the transfer of personal data submitted via email will be answered within one month.
Customer support identifies the identity and informs about the personal data to be transferred.
Dispute resolution
Disputes relating to the processing of personal data are resolved through customer support: tel. 67 15 746 and e-mail evender@evender.ee. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).