PROCESSING OF PERSONAL DATA
The controller of the personal data of the online shop is OÜ Renegade Tea Artisans (registry code 14365627), located at Lodjapuu tee 8-1, Karla küla, Rae vald, Estonia, email firstname.lastname@example.org.
What personal data is processed
- name, phone number and email address;
- delivery address;
- bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support data.
Why personal data is processed
Personal data is used to manage the customer’s orders and to deliver the goods.
Purchase history details (date of purchase, goods, quantity, customer’s data) are used for preparing summaries of goods and services purchased and for analysing customer preferences.
The bank account number is used to reimburse payments to the customer.
Personal data such as email, phone number and the customer's name are processed to handle any issues relating to the provision of goods and services (customer support).
The IP address or other web identifiers of a user of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.
Personal data is processed for the purpose of performing a contract concluded with the customer.
Personal data is processed for performing legal obligations (such as accounting and the settlement of consumer complaints).
Data is processed only with customer's consent for performing the following operations: direct marketing (newsletters), personalized advertisement (Google and Facebook ads).
Recipients of personal data
Personal data is transmitted to the customer support of the online shop for managing purchases and purchase history and for settling any problems that the customers may have.
Personal data are transmitted to the transport service provider (Omniva, DPD) in order to make the shipment.
Personal data are transmitted to the payment service provider (PayPal, Maksekeskus) in order to make the payment.
The personal data are transmitted to an accounting company (Numeri OÜ) for performing accounting operations.
Personal data may be transmitted to IT service providers if this is necessary for ensuring the functionality of the online shop or for data hosting.
Security and access to data
Personal data connected to the orders are stored in Shopify Inc. Whereas a Data Subject is located in the European Economic Area, that Data Subject’s Personal Data will be processed by Shopify’s Irish affiliate, Shopify International Ltd. As part of providing the Services, this Personal Data may be transferred to other regions, including to Canada and the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation.
Personal data given by the customer for marketing purposes (newsletters) is stored in Mailchimp Inc.which complies with the EU-US and US-Swiss Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.
Personal data can be accessed by the staff of the online shop in order to settle technical issues related to the use of the online shop and to provide customer support.
The online shop takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
Personal data are transmitted to the data processors of the online shop (such as the providers of transport and data hosting services) and processed under contracts concluded between the online shop and the processors. The processors must ensure appropriate safeguards when processing personal data.
Cookies are kind of text files stored in a browser of a website visitor that include information on pages a website visitor opens. Some cookies can collect data from different websites and then display a specific content or adverts for the website visitor.
Access to and rectification of personal data
Personal data can be accessed bu request, the link to request is in the footer of the webpage as "My Personal Data".
Withdrawal of consent
Where personal data is processed on the basis of the customer’s consent, the customer has the right to withdraw his/her consent by notifying customer support by email or via the "My Personal Data" link..
Personal data is erased upon the closure of a customer account of the online shop, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.
For online purchases made without a customer account, the purchase history is stored for three years.
In the event of disputes concerning payments and consumer disputes, the personal data is stored until the claim is satisfied or until the end of the limitation period.
Personal data needed for accounting purposes is stored for seven years.
For the erasure of personal data, customer support must be contacted via email. Requests of erasure are responded to no later than within one month and the period of erasure shall be specified.
Requests to transmit personal data submitted via email are responded to within one month. Customer support identifies the person and indicates what personal data is to be transmitted.
Direct marketing messages
Email addresses are used for sending direct marketing messages if the customer has given the respective consent. If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the email or contact customer service.
Where personal data is processed for direct marketing purposes, the customer has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support thereof via email.
Disputes concerning the processing of personal data are settled through customer support email@example.com. The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).