Processing of personal data
The chief processor of personal data of the online store amanitaeesti.ee is the registry code of SOLVE ET COAGULA OÜ 14879875 located at Haapsalu mnt 39, Pärnu, Estonia, phone +372 56647656 and e-mail firstname.lastname@example.org.
Protection of personal data
SOLVE ET COAGULA OÜ processes personal data that has become known to it only for the purpose intended for it and does not disclose it to third parties, except in cases prescribed by law.
1. What personal data do we process:
- name, telephone number and e-mail address;
- delivery address of the goods;
- Bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support information.
2. For what purposes is personal data processed:
- The purpose of processing personal data is to process orders and deliver goods.
- Purchase history data (purchase date, goods, quantity, customer data) is used for the internal reporting of SOLVE ET COAGULA OÜ.
- The bank account number is used to return payments to the customer, if necessary.
- Personal data, such as e-mail, telephone number, customer name, is processed to resolve issues related to the provision of goods and services (customer support).
- The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and to compile online usage statistics.
3. Legal basis:
- The processing of personal data takes place for the purpose of fulfilling the contract entered with the customer.
- SOLVE ET COAGULA OÜ retains the customer’s personal data until the termination of the loyalty contract.
- The data that SOLVE ET COAGULA OÜ is obliged to keep pursuant to legislation (e.g., accounting data) shall be stored by SOLVE ET COAGULA OÜ in accordance with the requirements provided by legislation.
4. Recipients to whom personal data are transmitted
- SOLVE ET COAGULA OÜ forwards the personal data necessary for making payments to the following authorized processors: Paypal. Card payments are processed in a secure environment of Stripe Inc.
- Personal data is passed on to online customer support to manage purchases and purchase history and to resolve customer issues.
- The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer’s address will be provided in addition to the contact details.
- Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
5. Security and access to data
- Personal information is stored on TimeWeb Company Limited’s servers located in St. Petersburg, Russian Federation. The server service provider ensures the security of personal data through the transmission of data over a secure channel, using the SSL protocol.
- The data may be transferred to countries whose level of data protection has been assessed by the Russian government as adequate.
- Employees of the online store have access to personal data, who can access personal data in order to resolve technical issues related to the use of the online store, provide customer support services and perform internal reporting.
- The Online Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
- The transfer of personal data to the authorized processors of the online store (e.g., transport service provider and data hosting) takes place based on agreements concluded with the online store and the authorized processors. Authorized processors are required to ensure appropriate safeguards for the processing of personal data.
6. Access to and correction of personal data
- Personal data can be accessed, and corrections can be made to the user profile of the online store. If the purchase has been made without a user account, personal data can be accessed via customer support by writing to email@example.com.
7. Withdrawal of consent
- If the processing of personal data takes place based on the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support by writing to firstname.lastname@example.org..
- When closing the customer account of the online store, personal data will be deleted, unless such data needs to be kept for accounting or resolving consumer disputes.
- If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years.
- In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is fulfilled or the limitation period expire.
- The personal data required for accounting purposes shall be kept for seven years.
- To delete personal information, contact customer support via email. A request for erasure shall be answered within a month at the latest and the period for erasure shall be specified.
- A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of personal information that is subject to transfer.
11. Settlement of Disputes
- The customer always has the right to apply to the Data Protection Inspectorate or a court to protect their data. The Data Protection Inspectorate is a state agency that can also be contacted for advice or assistance on personal data protection issues.
When using a card payment:
After placing the order, the customer will be directed to Stripe Inc.’s secure environment for payment. There is a pre-filled payment order stating the amount due. After entering the card number, security code (3-digit code on the back of the card) and the expiry date of the card, Stripe authorizes the transaction at the customer’s bank. Card data is requested using the SSL security protocol and MasterCard SecureCode and Verified by Visa security programs, which ensure that the information exchanged cannot be intercepted or altered by unauthorized persons.