Translated via Google Translate
PROCESSING OF PERSONAL DATA
The controller of personal data of the online store ROSES.EE is ONE MANAGEMENT OÜ (registration number: 14770859, VAT No.: EE102363069), location: Ao 2, Kesklinn, Tallinn, Harju maakond, 10127, tel .: +372 57 87 61 69 and e-mail address: [email protected]. ONE MANAGEMENT OÜ transfers the personal data necessary to make payments to the authorized partner Montonio Finance UAB.
What personal data is processed
name, phone number and email address;
delivery address of the goods;
Bank account number;
the cost of goods and services and data related to payments (purchase history);
data required to provide customer support.
For what purpose personal data are processed
Personal data is used to manage customer orders and to deliver goods.
Purchase history data (date of purchase, product, quantity, customer data) is used to compile an overview of purchased goods and services, as well as to analyze customer preferences.
The bank account number is used to return funds to the client.
Personal data such as email address, telephone number, customer name are processed in order to resolve issues related to goods and services (customer support).
The IP address of the user of the online store or other network identifiers are processed for the provision of services by the online store as part of the information society, as well as for maintaining statistics on Internet use.
Legal basis
The processing of personal data is carried out in order to fulfill the contract concluded with the client.
The processing of personal data is carried out in order to fulfill a legal obligation (for example, accounting and resolving consumer disputes).
Recipients to whom personal data is transferred
Personal data is shared with the online store’s customer support service to manage purchases and purchase history and to resolve customer problems.
The name, phone number and e-mail address are sent to the transport provider chosen by the customer. If we are talking about goods delivered by courier, then in addition to contact details, the customer’s address is also transmitted.
If the accounting of the online store is maintained by the provider of the corresponding service, then the personal data will be transferred to the provider of the corresponding service for carrying out the accounting transactions.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data storage.
Security and data access
Personal data is stored on the servers of EU countries, which are located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data can be transferred to countries where the European Commission has assessed the level of data protection as sufficient, as well as to US companies that have joined the general concept of the Privacy Shield.
Employees of the online store have access to personal data, who can get acquainted with personal data in order to resolve technical issues related to the use of the online store and provide customer support services.
The online store applies appropriate physical, organizational and information technology security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the online store (for example, a transport service provider and data storage) is carried out on the basis of contracts concluded with the online store and authorized processors. When processing personal data, authorized processors are required to ensure appropriate protection measures.
Acquaintance with personal data and their correction
You can get acquainted with personal data and make corrections to them in the user profile of the online store. If the purchase was made without creating a user account, personal data can be found by contacting customer support.
Withdrawal of consent
If the processing of personal data is carried out on the basis of the client’s consent, the client has the right to withdraw consent by notifying the customer support service by e-mail.
Storage
When a client’s account in the online store is closed, personal data is deleted, unless such data must be retained for accounting purposes or for resolving consumer disputes.
If a purchase in an online store was made without creating a client account, the purchase history is stored for three years.
In the event of disputes related to payments and consumer claims, personal data is retained until the relevant requirement is fulfilled or until the expiration of the limitation period upon request.
Personal data required for accounting purposes is stored for seven years.
Direct Marketing Messages
The email address and telephone number are used to send messages in the framework of direct marketing, if the customer has given the appropriate consent. If the customer does not want to receive direct marketing communications, then click on the appropriate link at the bottom of the email or contact customer service.
If personal data is processed for direct marketing purposes (profiling), the client has the right at any time to object to both the initial and subsequent processing of his personal data, including with respect to profile analysis related to direct marketing, for which it is necessary to inform the service customer support by email.
Security and data access
CCTV cameras :
In order to ensure security at the ROSES.EE store at Tartu mnt. 24 video surveillance with audio recording function is carried out. The purpose of data collection is to prevent and resolve disputable situations related to customer service, as well as to ensure the protection of property and safety of employees.
- Data processor: ONE MANAGEMENT OÜ.
- Data retention period: Video recordings are stored for a maximum of 7 days, after which they are automatically deleted if there is no reason for further use (e.g. incident investigation).
- Access: Video recordings, including audio data, can only be accessed by authorized company employees. If necessary, recordings may be shared with law enforcement agencies or used to resolve disputes with customers.
All recordings are processed in accordance with applicable data protection laws and are used only for the purposes specified.
Dispute Resolution
Disputes related to the processing of personal data are resolved through the customer support service ([email protected], +372 54 50 12 19). The supervisory authority is the Estonian Data Protection Inspectorate ([email protected]).
Translated via Google Translate