Processing of personal data
Protection and processing of personal data
The data controller of the Online Store Meliorabeautyshop.ee is the company Grandman Group OÜ, registration number 14332191, telephone +372 55553474, e-mail email@example.com (hereinafter the Seller).
Types of personal data the company processes:
• name and surname
• telephone number, address, e-mail address
• payer and the delivery address
• bank account number
• cost of the products; information about payments (history of purchases)
• other information related to customer survey and/or offers for customers.
Purposes of the collection and processing of personal data:
• Personal data are processed for the purpose of the performance of the sales and purchase contract with the customer.
• Personal data are processed for the purpose of the performance of such legal obligations as maintenance of accounting records and resolution of consumer disputes.
• Personal data are used for the processing of the customer’s orders and delivery of goods to the client.
• The data about the client’s history of purchases (date of the purchase, purchased items, their quantity, the customer’s details) are used for preparing overviews of the products bought by the customer and for preference analysis.
• The bank account number is used in case a refund is to be made to the customer.
• Such personal data as the customer’s name, surname, telephone number and e-mail are processed in case issues concerning the products need to be solved (customer support).
• The IР address and other network identifiers of the user are processed by the Online Store in the provision of information society services by the Online Store and in gathering user statistics about the web page.
Transfer of the data to the data processor
The Seller shall maintain the confidentiality of the customer’s personal data obtained by the former upon the registration of the customer’s account and use of the web page and shall only disclose these to third parties with the customer’s consent except for the cases when the obligation or right to disclose personal data arises from legal acts. The user of the Online Store shall agree that the Seller has the right to process the user’s data for the adaptation of the web page’s services for the customer, including the transfer of the data to the person connected to the provision of the Seller’s services.
List of the data processors:
• Grandman Group OÜ shall forward the data necessary for making the payment for the purchase to the data processor Maksekeskus AS.
• Grandman Group OÜ shall forward personal data to the company Itella Smart Post, which is to make the delivery, for the goods to be delivered to the customer.
• Grandman Group OÜ shall forward the data necessary for making the payment for the purchase to the banks Swedbank, SEB, Coop, LHV, Luminor.
• Grandman Group OÜ shall forward the data necessary for collecting statistics to Google Analytics, Facebook.
Viewing and correcting personal data
The personal data stored by the Online Store may be viewed and changed in the Account Management section of the Online Store. If a purchase has been made without creating an account (as a guest), a request for personal data can be made through the data request form.
Withdrawal of consent
In case personal data are processed on the basis of the customer’s consent, the latter shall have the right to withdraw the consent in the Account Management section of the Online Store.
In case the customer’s account is terminated, the customer’s personal data shall be deleted except for cases when these are necessary for accounting purposes or resolution of consumer disputes.
If a purchase in the Online Store has been made without creating an account (as a guest), personalised history of purchases shall be stored for three years.
In case of consumer or payment-related disputes, personal data shall be stored until the relevant claim is satisfied or until the end of the limitation period for claims (three years).
The personal data necessary for accounting purposes shall be stored for seven years.
The personal data stored in the Online Store and the customer’s account can be deleted in the Account Management section of the Online Store.
For the deletion of other data, a request shall be made, using the data request form. The request for data deletion shall be answered within one month; the period during which the data will be deleted shall be specified if necessary.
The personal data stored in the Online Store and the customer’s account can be downloaded in the Account Management section of the Online Store.
For the transfer of other data, a request shall be made, using the data request form. The request for data transfer shall be answered within one month, during which the customer support service shall confirm the customer’s identity and inform them about the personal data to be transferred.
Direct marketing newsletters
The customer’s e-mail address and telephone number shall be used for direct marketing newsletters if the customer has given the relevant consent. If the customer does not want to receive direct marketing newsletters, he or she needs to follow the relevant link in the message or contact the customer support service.
In case personal data are processed for direct marketing purposes (profiling), the customer may, at any time, state an objection against the (start of the) processing of their data, including the processing for direct marketing purposes, by informing the customer support service of the fact by e-mail.
Resolution of disputes
The resolution of disputes concerning the processing of personal data shall be performed thorough the customer support service. Data processing is supervised by the Estonian Data protection Inspectorate (firstname.lastname@example.org).