1. Processing personal data
1.1 The controller of the personal data of the online store Estorganics.eu is Estorganics PLC (registry code: 14259902), located at Solo, Maltsa küla, Viljandi vald, Viljandimaa, Estonia.
phone.: +372 5885 3439 and e-mail: firstname.lastname@example.org.
2. What personal data is processed:
– name, phone number and e-mail address
– delivery address
– bank account number
– price of goods and services and data related to payments (purchase history)
– customer support data
3. Why personal data is processed:
3.1 Personal data is used to manage the customer’s orders and deliver goods.
3.2 Purchase history details (date of purchase, goods, quantity, customer data) are used to prepare summaries of goods and services purchased and analyse customer preferences.
3.3 The bank account number is used to refund payments to the customer.
3.4 Personal data such as e-mail address, phone number and the customer’s name are processed to handle any issues relating to the provision of goods and services (customer support).
3.5 The IP address or other online identifiers of users of the online store are processed for the provision of the online store as an information society service and for web use statistics.
4. Legal basis
4.1 Personal data are processed for the purpose of performing a contract concluded with the customer.
4.2 Personal data are processed to perform legal obligations (such as accounting and the settlement of consumer complaints).
5. Recipients of personal data
5.1 Personal data are transmitted to the customer support of the Web Store to manage purchases and purchase history and settle any problems that customers may have.
5.2 The name, telephone number and e-mail address are transmitted to the transport service provider selected by the customer.
5.3 If the goods are delivered by a courier, the customer’s address is transmitted along with their contact details.
5.4 Personal data may be transmitted to IT service providers if this is necessary to ensure the functionality of the online store or to host data.
6. Security and access to data
6.1 Personal data may be accessed by the staff of the online store in order to settle technical issues related to the use of the online store and provide customer support.
6.2 Personal data are transmitted to the data processors of the online store (such as the providers of transport and data hosting services) and processed under contracts concluded between the online store and the processors.
6.3 The processors must ensure appropriate safeguards when processing personal data.
6.4 Personal data are stored in the servers of the service provider, which are located on the territory of a member state of the European Union or states of the European Economic Area.
6.5 Data may be transferred to countries whose data protection levels have been assessed as adequate by the European Commission and companies in the USA that have joined the Privacy Shield framework.
7. Withdrawal of consent
7.1 If personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw their consent by informing customer support thereof via e-mail.
8.1 Personal data are erased upon the closure of a customer account of the online store, unless the storage of the data is necessary for accounting purposes or the settlement of consumer disputes.
8.2 For online purchases made without a customer account, the purchase history is stored for three years.
8.3 In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period.
8.4 Personal data needed for accounting purposes are stored for seven years.
9.1 For the erasure of personal data, customer support must be contacted via e-mail.
9.2 Requests for erasure are responded to no later than within one month and the period of erasure is specified.
10. Direct marketing messages
10.1 The e-mail address and telephone number are used for sending direct marketing messages if the customer has given their consent to receiving such messages.
10.2 If the customer does not wish to receive direct marketing messages, the customer should select the relevant link at the footer of the e-mail or contact customer service.
10.3 Where personal data are processed for the purposes of direct marketing (profiling), the customer has the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time by notifying customer support thereof via e-mail.
11. Resolution of disputes
11.1 Disputes concerning the processing of personal data are settled via customer support. The supervisory authority is the Estonian Data Protection Inspectorate (email@example.com).