Data protection conditions
The controller of personal data of the nordicdiy.ee webshop is Goldelse OÜ (registration code 14361316) with the location Lootuse tee 3, Metsakasti village Viimsi municipality Harjumaa 74019. Phone +372 5167996 and e-mail epood@nordicdiy.ee.
Goldelse OÜ transfers the personal data necessary for the execution of payments to the processor Montonio Finance UAB.
What personal data is processed
- name, telephone number and e-mail address
- delivery address
- bank account number
- the cost of goods and services and payment details (purchase history).
- customer support details
- IP address
Purposes for which personal data is processed
Personal data is used for the management of customer orders and for the delivery of goods.
Purchase history data (date of purchase, goods, quantity, customer data) is used to compile an overview of the goods and services purchased, to analyse customer preferences and, among other things, for the purpose of resolving consumer disputes.
The bank account number is used to return payments to the customer.
Personal data, such as e-mail, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support). In addition, e-mail is used to send invoices and the telephone number is used to notify the arrival of the goods at the parcel machine.
The IP address or other network identifiers of the user of the webshop are processed for the purposes of providing the webshop as an information society service and for web usage statistics.
Legal basis
The processing of personal data is carried out for the purposes of the performance of the contract with the customer (management of customer orders, delivery, return of goods and payments).
Processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting and consumer dispute resolution).
The processing of personal data is necessary for the purposes of the legitimate interest pursued by the controller in collecting the purchase history for the settlement of possible consumer disputes.
Recipients to whom personal data are disclosed
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer’s address will be transmitted in addition to the contact details.
If the accounting of the online shop is carried out by a service provider, personal data will be transmitted to the service provider for the purpose of carrying out accounting operations.
Personal data may be transmitted to information technology service providers if this is necessary to ensure the functionality or data availability of the online shop.
Security and data access
Personal data is stored on servers located in the territory of a Member State of the European Union or in the territory of countries that have acceded to the European Economic Area. The data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to a third country company for which a safeguard measure as referred to in Article 46 has been applied.
Personal data may be accessed by the staff of the online shop for the purposes of resolving technical issues related to the use of the online shop and providing customer support services.
The online shop implements appropriate physical, organisational and information technology security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
The transfer of personal data to the online shop’s processors (e.g. transport service providers and data aggregators) takes place on the basis of contracts between the online shop and the processors. The processors are obliged to ensure appropriate safeguards when processing personal data.
Accessing and correcting personal data
Personal data can be accessed and corrected in the online shop’s user profile. If the purchase has been made without a user account, the personal data can be accessed via the login. If the request for access to personal data has been made electronically, the information will also be provided by commonly used electronic means.
Withdrawal of consent
If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw the consent in the customer account settings or by informing customer support by e-mail.
Storage
When you close your online shop customer account, your personal data will be deleted, except for personal data (purchase history data) that need to be stored for accounting purposes or to resolve consumer disputes. In the case of disputes relating to payments and consumer disputes, personal data will be kept until the claim is settled or the limitation period expires. Personal data contained in the original accounting documents are kept for seven years.
Restriction
You have the right to request the restriction of the processing of your personal data if the data is inaccurate or incomplete or if your personal data is processed unlawfully.
Objections
The customer has the right to object to the processing of his/her personal data if he/she has reason to believe that there is no lawful basis for the processing of his/her personal data.
Deletion
In order to delete personal data, you must contact customer support by e-mail. A response to the erasure request will be provided within one month at the latest, specifying the period for which the data will be erased.
The response to the request will also specify which personal data will not be erased and on what legal basis and for what reason.
Transfer to
Requests for the transfer of personal data submitted by e-mail will be answered within one month at the latest.
Customer Support will verify the identity and inform about the personal data to be transferred.
Direct marketing communications
The email address and telephone number will be used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, he/she should select the appropriate reference in the footer of the e-mail or contact customer support.
Where personal data are processed for the purposes of direct marketing (profiling), the customer has the right to object at any time to both the initial and further processing of his/her personal data, including profiling in relation to direct marketing, by informing customer support by e-mail.
Dispute resolution
Disputes regarding the processing of personal data can be resolved through customer support by sending an e-mail to epood@nordicdiy.ee or by calling +372 5167996.
The supervisory authority is the Estonian Data Protection Inspectorate(info@aki.ee).
