CLIENT PRIVACY AND DATA PROTECTION
The owner of the e-store and the data controller is Neli Elu OÜ. Registration number 11362060, located at Tehnika St. 20, Kuressaare 93815.
The duties of the data protection officer are performed by a member of the board, whose email is info@jahimees.ee and phone number is +372 45 38459.
Purpose and scope of personal data processing
The online store processes personal data for the purpose of concluding a sales contract, fulfilling the contract, and resolving legal disputes arising from the contract (Article 6(1)(f) of the General Data Protection Regulation).
With the consent of the data subject, the online store processes personal data for direct marketing purposes and for the development and creation of new products (Article 6(1)(a) of the General Data Protection Regulation). The data subject may withdraw their consent to the processing of personal data for this purpose at any time.
In cases provided by law, the online store processes personal data for the purpose of collecting national statistics or fulfilling other obligations arising from the law (such as accounting obligations, resolution of consumer disputes, tax accounting obligations, etc.) (Article 6(1)(e) of the General Data Protection Regulation). In cases provided by law, the online store discloses personal data at the request of a court, investigative authorities, extra-judicial proceedings, or law enforcement agencies.
The online store processes the following personal data:
a) the buyer's name, phone number, and email address;
b) the delivery address of the goods;
c) the name and number of the account holder;
d) the cost of goods and services and payment-related data (purchase history);
e) customer support contact details;
f) the default language selection of the user;
g) the devices and software used by the user when visiting the online store, as well as the visit history;
h) wishlist;
i) the email address for receiving purchase recommendation notifications.
Personal data is used for managing customer orders, delivering goods, managing wishlists, making purchase recommendations, and as general input for the further development of the online store.
Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyze customer preferences.
The name and number of the account holder are used to refund payments to the customer.
Personal data such as email, phone number, and customer name are processed to resolve issues related to the provision of goods and services (customer support).
The IP address of the online store user or other network identifiers are processed for providing the online store as an information society service and for compiling web usage statistics.
Personal data may be used for customer profiling only with the prior consent of the data subject.
Disclosure and sharing of personal data
In addition to the cases mentioned in paragraph 6, personal data is transmitted (disclosed) to the online store's customer support for managing purchases and purchase history and resolving customer issues. The online store transmits the personal data necessary for making payments to the authorized processor Maksekeskus AS for making payments.
The customer's name, phone number, and email address are transmitted to the transportation service provider selected by the customer. If the goods are delivered by courier, the customer's address and the data provided by the customer to the delivery service provider are also transmitted in addition to the contact details.
Customer data is transmitted to the company providing accounting services for the preparation of accounting documents, bookkeeping, and the fulfillment of legal obligations related to accounting.
The online store may transmit the customer's personal data to information technology service providers if this is necessary to ensure the functionality or hosting of the online store.
Security and access to data
Personal data is stored on the servers of service providers located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose data protection level has been recognized as adequate by the European Commission, as well as to US companies that have joined the Privacy Shield framework.
Access to personal data is available to employees of the online store who can access personal data to resolve technical issues related to the use of the online store and to provide customer support services.
The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or illegal destruction, loss, alteration, unauthorized access, and disclosure. Confidentiality agreements are concluded with all persons who have access to personal data.
The transfer of personal data to the authorized processors of the online store (e.g., the transportation service provider and data hosting) is carried out based on agreements concluded between the online store and the authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.
Access to and correction of personal data
Access to and correction of personal data is possible in the user profile of the online store. The personal data of users is entered into the legal information system by the client's contact person, but all users can see their personal data and change or supplement it.
If a purchase was made without a user account, access to personal data is possible through customer support. In this case, only the personal data provided by the buyer at the time of purchase and the data of the purchased products are processed.
Withdrawal of consent
If the processing of personal data is based on the client's consent, the client has the right to withdraw their consent by notifying customer support by email.
Retention of personal data
Upon closing the online store customer account, personal data is deleted, except in cases where such data needs to be retained for accounting purposes, national statistics, or resolving consumer disputes.
If a purchase was made in the online store without a customer account, the purchase history is retained for three years.
In the case of disputes related to payments and consumer disputes, personal data is retained until the claim is fulfilled or the statute of limitations expires.
Personal data necessary for accounting purposes is retained for seven years.
Deletion and transfer of personal data
To delete personal data, contact customer support by email. A response to the deletion request will be provided no later than one month and the data deletion period will be specified.
A response to the request for the transfer of personal data submitted by email will be provided no later than one month. Customer support will identify the person and inform them of the personal data to be transferred.
Direct marketing notifications
The email address and phone number are used for sending direct marketing notifications if the client has given their consent. If the client does not wish to receive direct marketing notifications, they must select the appropriate link in the footer of the email or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the client has the right to object to the initial and further processing of their personal data, including profiling related to direct marketing, at any time by notifying customer support by email (this information must be provided clearly and separately from any other information).
Dispute resolution
Complaints and questions related to the processing of personal data can be sent to the online store address info@jahimees.ee.
For resolving disputes related to the processing of personal data, the data subject can contact the Data Protection Inspectorate (Tatari 39, 10134 Tallinn; +372 627 4135; info@aki.ee; www.aki.ee) or the court.
