PERSONAL DATA PROCESSING
The controller of personal data of the online store amiicandles.ee is Rico OÜ (registry code 11562267) located at Jaama 15, Haapsalu 90507, phone 56673724 and e-mail info@amiicandles.ee.
What personal data is processed
- name, telephone number and e-mail address;
- address of delivery of goods;
- bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support details.
- IP address
For what purpose is personal data processed?
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, product, quantity, customer data) is used to compile an overview of purchased goods and services, to analyze customer preferences, and for the purpose of resolving consumer disputes, among other things.
The bank account number is used to return payments to the customer.
Personal data such as e-mail, telephone number, customer name are processed in order to resolve issues related to the provision of goods and services (customer support). The e-mail is also used to send invoices, and the phone number is used to inform about the goods that have arrived at the parcel machine.
The online store user’s IP address or other network identifiers are processed for the provision of the online store as an information society service and for online usage statistics.
Legal basis
Personal data is processed for the purpose of fulfilling the contract concluded with the customer (management of customer orders, delivery, return of goods and payments).
Isikuandmete töötlemine toimub seadusjärgse kohustuse täitmiseks (nt raamatupidamine).
The processing of personal data is necessary due to the legitimate interest of the data controller, which consists in collecting purchase history data for the purpose of resolving possible consumer disputes.
Recipients to whom personal data is transferred
The name, phone number and e-mail address will be forwarded to the transport service provider chosen by the customer. If the goods are delivered by courier, the customer’s address is also transmitted in addition to the contact details.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
Security and data access
Personal data is stored on Veebimajutus.ee servers, which are located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to a company in a third country.
Employees of the online store have access to personal data, who can access personal data in order to solve technical issues related to the use of the online store and to provide customer support services.
Transfer of personal data from authorized processors of the online store to recipients (e.g. transport service provider and data hosting) takes place on the basis of contracts concluded with the online store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures in the processing of personal data in accordance with Article 28 of the General Regulation on the Protection of Personal Data.
Viewing and correcting personal data
Personal data can be viewed and corrected in the user profile of the online store or through customer support. If the purchase has been made without a user account, you can view your personal data through customer support. If the request for access to personal data is submitted electronically, the information is also submitted via publicly available electronic means.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent under the customer account settings or by notifying the customer support by e-mail.
Storage
When the customer account of the online store is closed, personal data will be deleted, except for personal data (purchase history data) that needs to be kept for accounting purposes or to resolve consumer disputes.
In case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or the expiry period ends
Personal data contained in the original accounting documents are stored for seven years.
Restriction
The customer has the right to request the restriction of the processing of his personal data if the data is incorrect or incomplete or if his personal data is processed illegally.
Objections
The customer has the right to object to the processing of his personal data if he has reason to believe that there is no legal basis for the processing of his personal data.
Erasure
To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the data deletion period will be specified. In the response to the request, the personal data that will not be deleted and on what legal basis and reason will also be highlighted.
Transfer
The request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies the identity and informs about the personal data that is subject to transfer.
Direct marketing messages
The e-mail address and phone number are used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, he must select the corresponding reference in the footer of the e-mail or contact customer support.
If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including profile analysis related to direct marketing, by notifying him (the relevant information must be provided clearly and separately from all other information).
Dispute Resolution
Disputes related to the processing of personal data are resolved through customer support. The supervisory authority is the Estonian Data Protection Inspectorate.
