When processing personal data, we are guided by the applicable legislation concerning the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter “GDPR”) and the Estonian Law on Data Protection.
TERMINOLOGY AND DEFINITIONS
A data subject is an identified or identifiable natural person whose data is processed;
Personal data is any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, personal identification number, location information, network identifier or one or more physical, physiological, genetic, mental, economic, cultural or social characteristics of that natural person;
Processing of personal data is an automated or non-automated operation or set of operations on personal data or sets thereof, such as collecting, documenting, organizing, structuring, storing, adapting and modifying, querying, reading, using, transmitting, disseminating or otherwise making available or merging, restricting, deleting or destroying;
Profile analysis is any automated processing of personal data which involves the use of personal data to assess certain personal aspects relating to a natural person. In particular, to analyze or predict aspects relating to the performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement of the natural person concerned;
The controller is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by union or national law, the controller or the specific criteria for its designation may be laid down in union or national law;
A controller is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
A data set is any structured set of personal data from which data can be retrieved according to specified criteria, whether that set is centralized, decentralized or dispersed on a functional or geographical basis;
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. Recipients shall not be considered to be public bodies which, in accordance with union or national law, may receive personal data in connection with a specific request; these public authorities shall process such data in accordance with the applicable data protection rules in accordance with the purposes of the processing;
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who may process personal data under the direct authority of the controller or the processor;
The “consent” of the data subject is a voluntary, specific, informed and unambiguous statement of intent by which the data subject consents to the processing of personal data concerning him or her, either in the form of a statement or by an act expressly giving consent.
Name of the company: Kodukäsitöö OÜ
Address: Pikk 22, Tallinn, 10133, Eesti
Phone: +372 6 314 076
WHAT PERSONAL DATA DOES KODUSKÄSITÖÖ WEBSITE COLLECT AND HOW IS IT USED?
Website browsing statistics
In order to collect and analyze the above data, Kodukäsitöö website uses the automated tool Google Analytics. You may opt out of the collection of your data by Google Analytics at any time.
The server hosting Kodukäsitöö website can also store the queries you make to the server (the web address you open, the web browser and device you use, the IP address, the access time). This data is used for technical purposes only – to ensure the proper functioning and security of the website and to investigate possible security incidents.
Kodukäsitöö website can use website visitor statistics to analyze website visitor trends and demographics, but no individual profiles of visitors are created.
If you wish to buy products or get more information about them through the www.crafts.ee website, then it is necessary to share personal data with us. Inquiries can be submitted by filling in the corresponding contact form or sending an e-mail to email@example.com. In order for us to respond to your inquiry, we collect the following personal information: your name, contact information (email and / or phone number).
The legal basis for such processing of personal data is the processing of personal data for the performance of a contract concluded with the participation of the data subject or for taking pre-contractual measures at the request of the data subject (GDPR Art 6 (1) (b)).It is possible to access the above personal data by Kodukäsitöö employees. If the provider is a contact person through an inquiry, it may be related to the IT provider. We will implement appropriate technical and organizational relationships and ensure that they need to be protected.
Processing of personal data in customer relations
We process the personal data of our customers primarily for the preparation, conclusion and execution of customer contracts and offers. To fulfill this purpose, we process the following personal data: the names, contact details and positions of the company’s representatives and the information about the company and its representatives obtained from the credit information request. We process the listed personal data during the customer relationship and for 7 years after the end of it, and they are accessed by the employees of the Kodukäsitöö online store. The legal basis for such processing of personal data is the processing of personal data for the performance of a contract concluded with the participation of the data subject or for taking pre-contractual measures at the request of the data subject (GDPR Art 6 (1) (b)).
During the customer relationship and 7 years after the end of the customer relationship, we process the personal data of our customers for statistical purposes (sales statistics) and for archiving customer contracts. Koduskäsitöö Online Store has a legitimate interest (GDPR Art 6 (1) (f)) in compiling sales statistics to better plan its business and maintain records related to its customers.
Should your business be in arrears, please know that we will process your personal information to manage your debts until the debt is paid. If the invoice exceeds the payment deadline by more than two months, we may transfer the debt to a third party for pre-trial collection (eg Julianus Inkasso OÜ, etc.). Koduskäsitöö Online Store has a legitimate interest (GDPR Art 6 (1) (f)) in collecting debts from its customers should the debts arise in connection with the sale of services or products provided to customers.
We process the personal data of our current customers during the customer relationship and the personal data of former customers 7 years after the end of the customer relationship also for potential sales, i.e. to prepare for direct marketing of similar services. Koduskäsitöö online store has a legitimate interest (GDPR Art 6 (1) (f)) in maintaining a business relationship with its current and former customers.
Kodukäsitöö website wants to bring relevant news to its customers and partners who are interested in receiving direct marketing notifications. By subscribing to our newsletter via e-mail firstname.lastname@example.org, we will send you e-mail news about the company’s activities, new occupational safety solutions and products, and sales campaigns. We process your name and email in order to send you marketing communications via email.
In certain cases, if in the case of natural persons, we need to seek the consent of the data subject in order to send marketing communications by e-mail. If you have not consented to the processing of such personal data, we will not process your personal data for this purpose. The consent does not expire, but if you no longer wish to receive marketing communications, you can conveniently remove yourself from the mailing list.
When Kodukäsitöö website sends you an email, we may collect statistics about your interactions with that communication, such as whether you opened the email, what links you clicked, what devices you used for it, and what their technical features are. Such information is stored in the contact history.
Sometimes we evaluate the behavior of our contacts (contact history data) before sending the newsletter. This is necessary so that we can send you more personalized email notifications. There is a legitimate interest (GDPR Art 6 (1) (f)) in understanding the needs and preferences of your contacts in order to provide them with more relevant information.
For the purposes of processing personal data listed in this subsection, the data is accessed by Kodukäsitöö employees. Personal data can also be accessed by a cooperation partner who provides us with IT services. We implement appropriate technical and organizational measures to ensure the security of personal data.
YOUR RIGHTS AND HOW YOU CAN EXERCISE YOUR RIGHTS
By contacting Kodukäsitöö online store by e-mail email@example.com, you can exercise your following rights:
- the right to access personal data about you;
- the right to rectify personal data;
- the right to delete personal data;
- the right to transfer personal data;
- the right not to be judged on the basis of automated processing alone;
- the right to withdraw consent.
In certain cases, you have the right to request a restriction on the processing of personal data about you and the right to object to the processing of personal data about you.
You may exercise your rights in accordance with the terms of the GDPR and other local laws.
If you think that your privacy has been violated, please contact us at firstname.lastname@example.org. You also have the right to complain to the data protection supervisory authority of the country where you are domiciled. In Estonia, this is the Estonian Data Protection Inspectorate.
PROCESSING OF PERSONAL DATA
What personal data is processed?
- name, phone number ja e-mail address;
- delivery address of the goods;
- bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support information.
For what purposes is personal data processed?
- Personal data is used to manage customer orders and deliver goods
- Purchase history data (date of purchase, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyze customer preferences.
- The bank account number is used to return payments to the customer
- Personal data, such as e-mail, telephone number, customer name, is processed to resolve issues related to the provision of goods and services (customer support).
- The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and to compile online usage statistics.
Personal data is processed for the purpose of fulfilling the contract entered into with the customer. The processing of personal data is carried out in order to fulfill a legal obligation (e.g. accounting and settlement of consumer disputes).
Recipients to whom personal data are transmitted
Personal data is passed on to the online store’s customer support to manage purchases and purchase history and to solve customer problems.
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer’s address will also be provided. If the Online Store is accounted for by the service provider, the personal data will be transferred to the service provider for accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the Online Store or data hosting. Kodukäsitöö OÜ is the chief processor of personal data: Kodukäsitöö OÜ forwards the personal data necessary for making payments to the authorized processor Maksekeskus AS.
Security and access to data
Personal data is stored on Veebimajutus.ee servers located in the territory of a member state of the European Union or countries that have joined the economic area of the European Union. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to USA companies that are affiliated to the Privacy Shield framework.
The employees of the online store have access to personal data, who can access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services. The website implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to the authorized processors of the online store (e.g. transport service provider and data hosting) takes place on the basis of agreements concluded with the online store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
Access to and correction of personal data
Personal data can be accessed via customer support.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.
When closing the customer account of the online store, personal data will be deleted, unless such data needs to be kept for accounting or for resolving consumer disputes.
If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years.
In the case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires. Personal data required for accounting purposes shall be kept for seven years.
To delete personal information, please contact customer support via email. A request for erasure shall be answered no later than one month and the period for erasure of data shall be specified.
A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of the personal data that is to be transferred.
Direct marketing communications
The e-mail address and telephone number will be used to send direct marketing messages if the customer has given his consent. If the customer does not wish to receive direct marketing communications, please select the appropriate link in the footer of the email or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including direct marketing profiling, by notifying customer support by e-mail (this must be clearly and separately from any other information).
Disputes related to the processing of personal data are resolved through customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).