The protection of personal data is very important to us and we take it very seriously. This Privacy Policy, which is the policy of Home Handicrafts, provides you with detailed information about what personal data Home Handicrafts collects about you, what we use it for and who has access to it. Please take the time to read this Privacy Policy and contact Home Handicrafts if you have any questions or suggestions.
When processing personal data, we are guided by the applicable legislation on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter "GDPR") and the Estonian Personal Data Protection Act.
The privacy policy of Kodukäsitöö website (legal name Kodukäsitöö OÜ) is based on GDPR. Our privacy policy must be understandable and comprehensible to visitors of the website as well as to our contractual customers and partners. In order to ensure that all parties understand their rights unambiguously, we will explain the most important terms here.
Data subject is an identified or identifiable natural person whose data are processed;
Personal data is any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification code, location data, a network identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing of personal data is an automated or non-automated operation or set of automated or non-automated operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation and alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Profile analysis is any automated processing of personal data which involves the use of personal data for the purpose of evaluating certain personal aspects relating to a natural person. In particular, for the purpose of analysing or predicting aspects relating to the performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of the natural person concerned;
Data Controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, Union or Member State law may lay down the specific criteria for the determination of the controller or the controller;
Data processor is the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
Data set is any structured set of personal data from which data can be retrieved on the basis of certain criteria, regardless of whether the data set is centralised, decentralised or dispersed on a functional or geographical basis;
Receiver is the natural or legal person, public authority, agency or any other body to whom or which personal data are disclosed, whether a third party or not. The recipient shall not be deemed to be public sector bodies which, in accordance with Union or Member State law, may receive personal data in the context of a specific request; those public sector bodies shall process the data in question in accordance with the applicable data protection standards for the purposes for which they are processed;
Third person is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who may process personal data under the direct authority of the controller or processor;
Data subject "consent" is a freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject consents, either by means of a statement or by an explicit act of consent, to the processing of personal data relating to him or her.
Data controller
Company name: Kodukäsitöö OÜ
Address: Pikk 22, Tallinn, 10133, Estonia
Telephone: +372 6 314 076
E-mail: info@crafts.ee
Website: www.craft.ee
Website browsing statistics
In order to collect and analyse the data mentioned above, the Home Handicrafts website uses an automated tool called Google Analytics. You can opt out of the collection of your data by Google Analytics at any time.
Log in
The server that hosts the Home Handicrafts website may also record the queries you make to the server (the web address you open, the browser and device you use, IP address, access time). This data is used for technical purposes only - to ensure the proper functioning and security of the website and to investigate possible security incidents.
Profiling
The website may use statistical data about visitors to the website to analyse trends and demographics of visitors to the website, but no individual profiles of visitors are compiled.
Enquiries
If you wish to purchase products or receive more information about products through www.crafts.ee, it is necessary to share personal data with us. Enquiries can be made by filling in the contact form or by sending an e-mail to info@crafts.ee. In order to be able to respond to your request, we collect the following personal data: your name, contact details (e-mail and/or telephone number).
The legal basis for such processing of personal data is the processing of personal data for the performance of a contract entered into with the data subject or for pre-contractual measures at the request of the data subject (GDPR Art 6(1)(b)). The aforementioned personal data can be accessed by the employees of the Home Office. If you submit a request via the contact form, the personal data may also be accessed by a partner providing IT services to us. We implement appropriate technical and organisational measures to ensure the security of personal data.
Processing of personal data in customer relations
We process personal data of our customers primarily for the preparation, conclusion and performance of customer contracts and offers. For this purpose, we process the following personal data: names, contact details and positions of the company's representatives, and data on the company and its representatives obtained from credit enquiries. The personal data listed above are processed during the customer relationship and for 7 years after the end of the relationship and are accessible by the staff of the Homemade Handicrafts website. The legal basis for such processing of personal data is the processing of personal data for the performance of a contract entered into with the data subject or for pre-contractual measures at the request of the data subject (GDPR Art 6(1)(b)).
During the customer relationship and for 7 years after the end of the relationship, we process personal data of our customers for statistical purposes (sales statistics) and for archiving customer contracts. The online shop for home handicrafts has a legitimate interest (GDPR Art 6(1)(f)) to collect sales statistics to better plan its business and to keep records of its customers.
If your company is in arrears, please be aware that we will process your personal data for the purposes of debt management until the debt is paid. If the invoice is more than two months overdue, we may hand the debt over to a third party (e.g. Julianus Inkasso OÜ etc.) for pre-court recovery. A DIY online shop has a legitimate interest (GDPR Art 6(1)(f)) to collect debts from its customers, should the debts arise from the sale of services or products provided to customers.
We also process personal data of our current customers during the customer relationship and of former customers 7 years after the end of the customer relationship for potential resale purposes, i.e. to prepare direct marketing of similar services. The DIY online shop has a legitimate interest (GDPR Art 6(1)(f)) to maintain a business relationship with its current and former customers.
Marketing
The DIY website wants to bring relevant news to its customers and partners who are interested in receiving direct marketing communications. By subscribing to our newsletter via e-mail info@crafts.ee, we will send you future news about the company, new safety solutions and products, and sales campaigns by e-mail. We will process your name and email to send you marketing communications by email.
In certain cases, when dealing with natural persons, we need to ask for the data subject's consent to send marketing communications by e-mail. If you have not consented to such processing of your personal data, we will not process your personal data for this purpose. Consent does not expire, but if you no longer wish to receive marketing communications, you can conveniently unsubscribe from the mailing list.
When the Home Handicrafts website sends you an email, we may collect statistical information about your interaction with that communication, such as whether you opened the email, which links you clicked on, what devices you used to access it and their technical features. Such information will be stored in the history of the contact.
Sometimes we assess the behaviour of our contacts (data from their contact history) before sending a newsletter. This is necessary to enable us to send you more personalised communications by email. The Homeworking Online Head has a legitimate interest (GDPR Art 6(1)(f)) in understanding the needs and preferences of its contacts in order to provide them with more relevant information.
For the purposes of the processing of personal data listed in this subsection, access to the data is granted to the employees of the Home Office. Personal data may also be accessed by a partner providing IT services to us. We implement appropriate technical and organisational measures to ensure the security of personal data.
By contacting the Home Handicrafts online shop by e-mail info@crafts.ee, you may exercise the following rights:
In certain cases, you have the right to request the restriction of the processing of personal data relating to you and the right to object to the processing of personal data relating to you.
You may exercise your rights in accordance with the conditions set out in the GDPR and other local legislation.
If you believe that your privacy has been violated, please contact us at info@crafts.ee. You also have the right to lodge a complaint with the data protection supervisory authority in the country where you are resident. In Estonia, this is the Estonian Data Protection Inspectorate.
What personal data is processed
Purposes for which personal data is processed
Legal basis
The processing of personal data is carried out for the purpose of the performance of a contract concluded with a customer. Processing of personal data for the performance of a legal obligation (e.g. accounting and consumer dispute resolution).
Recipients to whom personal data are disclosed
Personal data will be transferred to the online shop's customer support for the purpose of managing purchases and purchase history and resolving customer issues.
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods to be delivered by courier, the customer's address will be transmitted in addition to the contact details. In the case of the accounting of the online shop by the service provider, the personal data will be transmitted to the service provider for the purpose of accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality or data availability of the online shop. Kodukäsitöö OÜ is the controller of personal data.
Security and data access
Personal data is stored on the servers of Veebimajutus.ee, which are located in the territory of a Member State of the European Union or in the territory of a country that has joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to companies in the United States of America that have signed up to the Privacy Shield framework.
Access to personal data is granted to the employees of the online shop, who can access personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services. The website implements appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
The transfer of personal data to the online shop's processors (e.g. transport service provider and data aggregator) is based on contracts between the online shop and the processors. The processors are obliged to ensure appropriate safeguards when processing personal data.
Accessing and correcting personal data
Personal data can be accessed via the clinditoe.
Withdrawal of consent
If the processing of personal data is based on the consent of the customer, the customer has the right to withdraw the consent by informing Customer Support by e-mail.
Storage
Personal data will be deleted when you close your online shop account, unless such data needs to be stored for accounting purposes or to resolve consumer disputes.
If a purchase is made in an online shop without a customer account, the purchase history is kept for three years.
In the case of disputes relating to payments and consumer disputes, personal data will be kept until the claim is settled or the limitation period expires.
Personal data necessary for accounting purposes are kept for seven years.
Deletion
In order to delete personal data, you must contact customer support by e-mail. A reply to the deletion request will be sent within one month at the latest, specifying the period of deletion.
Transfer to
Requests for transfer of personal data made by e-mail will be answered within one month at the latest. Customer Support will verify the identity and notify the personal data to be transferred.
Direct marketing communications
The email address and telephone number will be used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, he/she should select the appropriate reference in the footer of the e-mail or contact customer support.
Where personal data is processed for the purposes of direct marketing (profiling), the customer has the right to object at any time to both the initial and further processing of his or her personal data, including profiling in relation to direct marketing, by informing Customer Support by e-mail (this information must be provided clearly and separately from any other information).
Dispute resolution
Disputes relating to the processing of personal data can be resolved through the Customer Support (info@crafts.ee). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).
