Privacy policy and data protection
PROCESSING OF CUSTOMER PERSONAL DATA
The Ostlemine24 website, hereinafter referred to as the “Online Store,” is committed to protecting the privacy of its customers and users of the e-store and has developed a privacy policy that covers the collection, use, disclosure, transfer, and storage of customer data.
The controller of personal data in the Online Store is
Memas oü, registration code 16030440
| Address: Kungla tn 12, Jõhvi linn, 41531 Jõhvi vald, Ida-Viru maakond |
| tel: +372 56844529, e-mail: info@ostlemine24.ee |
Personal data processed by the online store
- customer’s name, phone number, and email address;
- customer’s gender and date of birth;
- delivery address or place of delivery;
- customer’s bank account number;
- cost of goods and services and payment-related data (customer’s purchase history);
- data related to customer support services.
In addition to the above, the data processor has the right to collect data about the customer that is available in public registers.
The legal basis for the processing of personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
f) the processing of personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
For the purposes of the privacy policy, a data subject is a customer or other natural person whose personal data is processed by the data controller. For the purposes of the privacy policy, a customer is anyone who purchases goods or services from the data controller’s website.
The online store complies with the data processing principles set out in legislation, including processing personal data lawfully, fairly, and securely. The data processor is able to confirm that personal data has been processed in accordance with legislation.
Purpose of processing personal data
Personal data collected, processed, and stored by the online store is collected electronically, mainly through the website and e-mail.
By sharing their personal data, the data subject grants the online store the right to collect, organize, use, and manage personal data for the purposes specified in the privacy policy, which the data subject shares with the data processor directly or indirectly when purchasing goods or services on the website.
The data subject is responsible for ensuring that the data they provide is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject is obliged to immediately notify the online store of any changes to the data provided. The online store is not liable for any damage caused to the data subject or third parties by the data subject providing false data.
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to refund payments to the customer.
Personal data such as e-mail, phone number, gender, date of birth, and customer name are processed in order to resolve issues related to the provision of goods and services (customer support). It is also used to make promotional offers to customers or send them information.
The IP address or other network identifiers of online store users are processed by the online store for the purpose of providing information society services and compiling web usage statistics.
Legal basis
Personal data is processed for the purpose of fulfilling the contract concluded with the customer and for fulfilling legal obligations (accounting, resolving consumer disputes).
Recipients to whom personal data is transferred
Personal data is forwarded to the online store’s customer support for the management of purchases and purchase history and for the resolution of customer issues. Personal data is forwarded to the finance department for accounting purposes.
Personal data may be transferred to IT service providers if this is necessary to ensure the functionality of the online store or data storage.
The necessary personal data is transferred to the authorized processor Montonio finance oüle for the management of online store payments.
Security and access to data
Personal data is stored on servers located in the territory of a Member State of the European Union or a country that has joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that have joined the Privacy Shield framework.
Access to personal data is granted to online store employees, who may view personal data in order to fulfill online store orders, resolve technical issues related to the use of the online store, and provide customer support.
The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the online store (e.g., payment service providers and data hosting providers) is based on agreements concluded between the online store and the authorized processors. Authorized processors are required to ensure appropriate safeguards when processing personal data.
Accessing and correcting personal data
The data subject has the right to access and review their personal data.
The data subject has the right to receive information about the processing of their personal data.
The data subject has the right to supplement or correct inaccurate data.
Since the online store processes the data subject’s personal data on the basis of the data subject’s consent, the data subject has the right to withdraw their consent at any time.
To exercise their rights, the data subject can contact the online store’s customer support at info@ostlemine24.ee
The data subject may also lodge a complaint with the Data Protection Inspectorate to protect their rights.
Withdrawal of consent
If personal data is processed on the basis of the customer’s consent, the customer has the right to withdraw their consent by notifying customer support via email (info@ostlemine24.ee).
Storage, deletion, and transfer of personal data
When a customer account is closed in the online store, personal data is deleted, except for data that needs to be retained for accounting purposes or for resolving consumer disputes.
If a purchase has been made in the online store without a customer account, the purchase history will be retained for three years.
In the event of disputes related to payments and consumer disputes, personal data will be retained until the claim is fulfilled or the limitation period expires.
Personal data required for accounting purposes is retained for seven years.
To delete personal data, please contact customer support by email at info@ostlemine24.ee. Requests for deletion will be responded to within one month at the latest, specifying the period for which the data will be deleted.
Requests for the transfer of personal data submitted by e-mail will be responded to within one month at the latest. Customer support will verify your identity and inform you of the personal data to be transferred.
The online store has the right to share customers’ personal data with third parties, such as authorized data processors, accountants, transport and courier companies, and companies providing transfer services. The online store is the controller of personal data. The online store forwards the personal data necessary for making payments to the authorized processor Montonio finance oü.
When processing and storing the personal data of data subjects, the online store implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
Direct marketing communications
Your email address and phone number may be used to send direct marketing messages if you have given your consent. If you do not wish to receive direct marketing messages, please select the appropriate link in the footer of the email or contact customer support.
Dispute resolution
Disputes related to the processing of personal data are resolved through customer support (e-mail info@ostlemine24.ee, phone +372 56844529). The supervisory authority is the Data Protection Inspectorate (info@aki.ee).