The controller of the personal data of the online shop is www.helliston.eu (registry code 10837744), located at Peetri 1B, 80029, Estonia, phone +37253457161 and email firstname.lastname@example.org
What personal data we process?
We process only personal data that is necessary for the processing the orders and contacting the customer if needed:
- name, phone number and email address;
- delivery address;
- bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support data.
What are the legal grounds for the processing the personal data?
We process personal data for the purpose of performing a contract concluded with you (Terms and Conditions).
We process personal data for performing legal obligations (such as accounting and the settelment of consumer complaints).
We use the bank account number to reimburse payments to the customer.
We process your personal data (like your e-mail, phone number, name) in order to handle any issues relating to the provision of goods and services (customer support).
We process also the IP-address or other web identifiers of a user of the online shop for the web use statistics.
What purpose the personal data is used for?
We use your personal data in order to perform the orders and delivery.
We use the purchase history details (date of purchase, goods, quantity, customer’s data) for preparing summaries of goods and services purchased and for analyzing customers preferences.
What personal data we see?
If you have an account in our e-shop, we see your name, address, phone number and e-mail address. This is information that we need for performing the orders.
The same applies for the customers who are ordering products from our e-shop without creating an account.
Additionally we see the information about the ordered goods.
To whom have we a right to transmit your personal data?
We have a right to transmit your phone number, e-mail and name to the transport service providers selected by you. If the order is made in Estonia, Finland, Latvia and Lithuania and the order must be delivered to the parcel terminals, we transmit only the name, phone number and e-mail address. When the goods are delivered by the courier or by the universal postal service, the customer’s address is also transmitted together with the contact details.
Additionally we can transmit your personal data seen on the invoices to the service provider for performing the accounting operations.
We could transmit your personal data to IT service providers only when it is necessary for ensuring the functionality of our online shop or for data hosting.
How long we retain your personal data?
If you have an account in our online shop, we retain your data until you have deleted or requested us deleting the account.
If you make an order without creating an account, we see your purchase history for 3 years.
We store your personal data needed for accounting purposes according to Estonian law for 7 years.
In the event of disputes concerning the payments and consumer disputes, we store the personal data until the end of the limitation period.
What rights you have over your data?
If you have an account in our online shop or you have made an order through our online shop, you have a right to ask for the proof what kind of data we hold about you.
If you have an account in our online shop, you have a right to change your data in the personal profile.
If you have an account in our online shop, you have a right to delete it or request through the e-mail deleting the account. After deleting your account, your personal data does not stay in our system, except the data needed for the accounting according to the Estonian laws.
Do we collect also other data?
Yes. As for many other websites, we also use Google Analytics for the observation of the web traffic in our online shop. The data we receive from Google Analytics is impersonal and it can’t be connected with any individual person.
How do we protect the personal data?
Personal data is stored in the servers of www.veebimajutus.ee, which are located on the territory of a member state of European Union or states of the European Economic Area. Data may be transferred to the countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the USA who have joined the Privacy Shield framework.
We take appropriate physical, organizational and IT security measures to protect the personal data against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
In case of any doubt of the unlawful usage of your personal data, we encourage you to contact us as soon as possible.
Our access to the personal data is related only to the fulfillment of the orders and to provide the customer support.
We transmit the personal data to the data processors of the online shop (such as the providers of the transport, data hosting services and providers of the accountant services) and we process them under the contracts concluded between the online shop and the processors. The processors must ensure appropriate safeguards when processing personal data.
Do we send marketing messages?
Yes, but only if you have givens us the right to do so.
We try to send the e-mails as little as possible and the e-mails containing the relevant information about our products are not personal, i.e. we do not analyze your purchase individually and we do not send you personal advertisement.
We do not contact you by phone in order to do marketing.
If you do not want to receive direct marketing messages, the customer should select the relevant link at the footer of the email or contact customer service.
When does our responsibility end?
We might use in our website embedded content (photos, media, webpages) from and references to other websites. We do not take any responsibility for the content and the processing the personal data of other websites.
How to resolve disputes?
You have always right to turn to us or to the Estonian Data Protection Inspectorate if you have any questions about processing the personal data.
Disputes concerning the processing of personal data are settled through customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).