1. Personal data processor
The controller of personal data of the online store vegetein.com is AS Vegetein (registry code 10743216) located in Tehasenurga, Painküla küla, Jõgeva vald, 48422 and e-mail email@example.com
AS Vegetein transfers the personal data necessary for making payments to the authorized processor Montonio Finance OÜ.
2. What personal data is processed?
- Name, telephone number and email address
- delivery address in the case of ordering by courier
- bank account number
- cost of goods and data related to payments (purchase history)
- customer support details.
3. For what purpose are personal data processed?
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, product, quantity, customer data) is used to create an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to return payments to the customer.
Personal data such as e-mail, phone number, customer name are processed in order to resolve issues related to the provision of goods and services (customer support).
The online store user’s IP address or other network identifiers are processed to make online store usage statistics.
4. Legal basis
Personal data is processed for the purpose of fulfilling the contract concluded with the customer.
Personal data is processed to fulfill a legal obligation (e.g. accounting and consumer dispute resolution).
5. Recipients to whom personal data is transmitted
Personal data is transferred to the customer support of the online store to manage purchases and purchase history and to solve customer problems.
In order to make payments, the necessary personal data is sent to the authorized processor Montonio Finance OÜ.
If the goods are delivered by courier, in addition to the contact details (phone number, e-mail address), the customer’s address is also transmitted.
If the accounting of the online store is performed by the service provider, then personal data is transferred to the service provider for accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
6. Security and data access
Personal data is stored on servers located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Anonymous visitor statistics may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that have joined the Privacy Shield framework (e.g. Google Analytics).
Employees of the online store have access to personal data, who can access personal data in order to solve technical issues related to the use of the online store and to provide customer support services.
The online store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or illegal destruction, loss, modification or unauthorized access and disclosure.
Transfer of personal data to authorized processors of the online store (e.g. transport service provider and data hosting) is carried out on the basis of contracts concluded with the online store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.
7. Viewing and correcting personal data
Personal data can be consulted through klintote.
8. Withdrawal of Consent
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.
Purchase history is stored for five years.
In the case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or the expiry period ends.
Personal data necessary for accounting are stored for seven years.
To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the data deletion period will be specified.
The request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies the identity and informs about the personal data that is subject to transfer.
12. Direct Marketing Communications
The e-mail address and phone number are used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, he must select the corresponding reference in the footer of the e-mail or contact customer support.
13. Dispute Resolution
Disputes related to the processing of personal data are resolved through customer support, contact details. The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).
The website visitor has the option to set his web browser to notify about cookies, refuse them and delete them. You can find more information about cookies on the website https://www.aki.ee/en