These Privacy Terms regulate, on the one hand, Our actions as the controller of Your personal data and, on the other hand, Our actions as the data processor in the meaning of the General Data Protection Regulation (EU) 2016/679. We confirm that when processing any data, We comply with the requirements arising from the General Data Protection Regulation (EU) 2016/679.
The company Prime Line OÜ, registry code 12430378, address Suurvälja tee 5, Vaela küla, Kiili vald, Harjumaa, telephone +372 655 9750, and e-mail firstname.lastname@example.org serves as data controller for the website at aiakaup.ee.
WHAT PERSONAL DATA ARE PROCESSED?
- Name, telephone number and e-mail address;
- Billing address and delivery address;
- Bank account number;
- Prices of goods and services and data related to payments (purchase history);
- Customer support details;
- Other information related to customer surveys and/or offers.
WHAT ARE THE PURPOSES OF THE PROCESSING OF PERSONAL DATA?
Personal data are processed for the purpose of performing contracts concluded with customers. Personal data are processed in order to fulfil legal obligations (e.g. accounting and resolution of consumer disputes).
Personal data are used for managing customers’ orders and delivering the goods.
Purchase history data (purchase date, goods, quantity, customer data) are used for preparing an overview of goods and services purchased and for analysing customer preferences.
The bank account number is used to refund payments to the customer.
Personal data, such as e-mail address, telephone number and customer’s name, are processed in order to resolve any issues related to the provision of goods or services (customer support).
The IP addresses or other online identifiers, of the users of the Order Centre are processed for the provision of the Order Centre as an information society service and for compilation of website use statistics.
TRANSMISSION OF PERSONAL DATA TO PROCESSORS
The Merchant maintains confidentiality of the persona data that it has received in the course of the registration and use of user accounts, and discloses them to third parties only with the customer’s consent, except where the obligation or entitlement to disclosure of data arises from legislation. A user of the Order Centre accepts that, in order to provide the customer with suitable services, the Merchant has the right to process their data, including transmit the customer’s data to the parties related to the provision of a service to the customer on behalf of the Merchant.
SECURITY AND ACCESS TO DATA
Personal data are stored on the servers located within the territory of a Member State of the European Union or a country that has acceded to the European Economic Area. Data may be transmitted to the countries recognised by the European Commission as providing an adequate level of data protection or to companies in the United States that have signed up for the Privacy Shield framework.
The Order Centre uses appropriate physical, organisational and information technology security measures to protect personal data from accidental or unlawful destruction, loss, modification or unauthorised access or disclosure.
Transmission of personal data to processors authorised by the Merchant – personal data are processed under the contracts concluded between the Merchant and the processors. The processors are required to ensure appropriate safeguards in the processing of personal data.
ACCESS TO AND RECTIFICATION OF PERSONAL DATA
Customers can access and rectify their personal data stored in the Order Centre via the account management section of the Order Centre.
WITHDRAWAL OF CONSENT
If personal data are processed based on the customer’s consent, the customer is entitled to withdraw their consent via the account management section of the Order Centre.
When a customer account is closed in the Order Centre, the respective personal data are deleted, except where such data need to be retained for accounting or for resolution of consumer disputes.
Personal data required for accounting are retained for seven years.
Personal data stored in the Order Centre can be deleted together with the respective user account via the account management section of the Order Centre.
You can submit a query on deletion of other personal data using the query form. A response to a request for the deletion of data is given within one month of receipt, and the period affected by deletion may be clarified, if necessary.
You can submit a query on transfer of other personal data using the query form. A response to a request for the transfer of data is given within one month of receipt, with customer support establishing identity and providing notification of the personal data subject to transfer.
DIRECT MARKETING MESSAGES
An e-mail address or a telephone number may be used for sending direct marketing messages if the customer has provided relevant consent. If you do not wish to receive direct marketing messages, please select the respective link in the e-mail header or contact customer support.
If personal data are processed for the purposes of direct marketing (profiling), the customer has the right to object to the initial or subsequent processing of their personal data, including profiling related to direct marketing, at any time by notifying customer support thereof via e-mail.
RESOLUTION OF DISPUTES
Disputes related to the processing of personal data are resolved through customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).