To provide information to a natural person (data subject) about the goals, volume, protection and security of the processed data. Also, provide other information about the processing of data.
Any information relating to an identified or identifiable natural person is considered personal data.
Processing of Personal Data
The controller of the personal data of the web store Bambuskeskus.ee is BAMBUSKESKUS OÜ (registry code 12925890), located at: TERVISE 30, KEILA 76607, HARJU COUNTY, ESTONIAN REPUBLIC. tel +372 5895 0720 and e-mail firstname.lastname@example.org. BAMBUSKESKUS OÜ transfers the personal data necessary for the execution of payments to the authorized processor Maksekeskus AS.
Which Personal Data Is Processed:
− name, telephone number and e-mail address;
− delivery address of the goods;
− bank account number;
− cost of goods and services and data related to payments (purchase history);
− customer support information.
For What Purpose Personal Data Is Processed
Personal data is used to manage customer orders and deliver goods. Purchase history data (date of purchase, goods, quantity, customer details) are used to compile an overview of purchased goods and services and to analyze customer preferences. Bank account number is used to refund payments to the customer. Personal data such as e-mail address, phone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support). The web store user's IP address or other network identifiers are processed to provide the services of the web store as an information society service, and for web usage statistics.
The processing of personal data is performed for the purpose of filling the contract with the customer. Processing of personal data takes place in order to comply with a legal obligation (eg accounting and consumer dispute settlement).
Recipients to Whom Personal Data Is Forwarded
Personal data is forwarded to the web store customer support for managing purchases and purchase history and solving customer problems. The name, telephone number and e-mail address are forwarded to the delivery service provider selected by the customer. In the case of goods delivered by a courier, customer's address is also forwarded in addition to contact details. If the accounting of the web store is done by a service provider, personal data is forwarded to the service provider for accounting purposes. Personal data may be forwarded to IT service providers if this is necessary to ensure the functionality of the web store or data storage.
Security and Access to Data
Personal data is stored on www.zone.ee servers located in the territory of a Member State of the European Union or a country of the European Economic Area. Data may be forwarded to countries whose data protection level has been assessed by the European Commission to be adequate and to US companies that are members of the Privacy Shield framework. Web store employers have access to personal data in order to resolve technical issues related to the use of the web store and to provide customer support services. The web store implements appropriate physical, organizational and informational security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure. Transfer of personal data to the authorized processors of the web store (e.g., delivery service providers and data storage companies) takes place based on signed contracts between the web store and authorized processors. Authorized processors are required to ensure appropriate safeguards for the processing of personal data.
Reviewing and Rectifying Personal Data
Personal data can be viewed and rectified in the web store user profile. If the purchase was made without a user account, personal data can be accessed through customer support.
Withdrawal of Consent
If the processing of personal data takes place in the basis of customer’s consent, the customer has the right to withdraw the consent by informing customer support via e-mail.
Personal data will be erased upon closing of the customer account, unless such data is required to be kept for accounting purposes or for resolving consumer disputes. If a web store purchase was made without a customer account, purchase history is retained for three years. In the event of payment and consumer disputes, personal data is retained until the claim is executed or until the expiration date. Personal data needed for accounting purposes is retained for seven years.
Deletion of personal data can be requested by contacting customer support by email. The request for deletion will be replied to within a month and the deadline for the deletion of the data will be specified.
Personal data transfer requests submitted by email will be answered within a month. Customer support makes the identification and informs of the personal data which is subject to transfer.
Direct Marketing Messages
E-mail address and telephone number is used to send direct marketing messages, provided the customer has given their consent. If the customer does not want to receive direct marketing messages, the appropriate reference in the footer of the email can be selected or customer support contacted. When personal data is processed for direct marketing purposes (profiling), the customer has the right to object to the initial and further processing of their personal data, including direct marketing profiling analysis, at any time by notifying customer support by email.
Disputes relating to the processing of personal data are settled through customer support (CONTACT DATA). The Supervisory Authority is the Estonian Data Protection Inspectorate (email@example.com).