PERSONAL DATA PROCESSING
The responsible processor of personal data online store dilari.ee is DILARI OÜ (registration number: 14698808), location: Salu tn 4-22 Kohtla-Järve Ida-Virumaa 31024, phone: +372 5575613 and e-mail address: firstname.lastname@example.org.
What personal data is processed
• name, phone number and email address;
• shipping address;
• bank account number;
• cost of goods and services and data related to payments (purchase history);
• data needed to support customers.
For what purpose are personal data processed
Personal data is used to manage customer orders and to deliver the goods.
Purchase history data (purchase date, product, quantity, customer data) is used to compile an overview of purchased goods and services, as well as to analyze customer preferences.
The Bank account number is used to return funds to the client.
Personal data such as e-mail address, phone number, customer name are processed in order to resolve issues related to goods and services (customer support).
The IP-address of the user of the online store or other network identifiers are processed for the provision of the service by the online store as part of the information society, as well as for the maintenance of Internet usage statistics.
Processing of personal data is carried out in order to fulfill the contract concluded with the client.
The processing of personal data is carried out to fulfill a legal obligation (for example, accounting and consumer dispute resolution).
Receiving persons to whom personal data is transferred
Personal data is transferred to the online store customer support service to manage purchases and purchase history and to resolve customer problems.
Personal information required for payment, is sent to a trusted handler Maksekeskus AS.
The name, telephone number and e-mail address are transmitted to the transport service provider selected by the customer. If we are talking about the goods delivered by courier, in addition to contact information, the address of the client is also transmitted.
If accounting Internet store is the provider of the corresponding service, the transfer of personal data to vendor services for the implementation of accounting operations.
Personal data may be transferred to information technology service providers if it is necessary to ensure the functionality of the online store or data storage.
Security and data access
Personal data is stored on servers located in the territory of a member state of the European Union or countries that have joined the European economic area. Data can be transferred to those countries where the European Commission has assessed the level of data protection as sufficient, as well as to US enterprises that have joined the General concept of “data protection shield” (Privacy Shield).
Access to personal data is available to employees of the online store, who can get acquainted with personal data in order to solve technical issues related to the use of the online store, and provide customer support services.
The online store applies appropriate physical, organizational and information technology security measures to protect personal data from an accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data by the authorized processor of the online store (for example, the provider of transport services and data storage) is carried out on the basis of contracts concluded with the online store and authorized processors. When processing personal data, authorized processors are obliged to provide appropriate protection measures.
Familiarization with personal data and their correction
You can read and correct your personal data in the user profile of the online store. If the purchase is made without creating a user account, personal data can be found by contacting customer support.
Withdrawal of consent
If the processing of personal data is carried out on the basis of the client’s consent, the client has the right to withdraw the consent by notifying the customer support service by e-mail.
When you close a customer account in the online store, personal data is deleted, except when such data must be stored for accounting purposes or to resolve consumer disputes.
If the purchase in the online store is made without creating a customer account, the purchase history is stored for three years.
In the case of disputes related to payments and consumer claims, personal data is retained until the relevant requirement is met, or until the expiration of the limitation period on demand.
Personal data required for accounting are kept for seven years.
To delete your personal data, please contact customer service via email. The response to the request for deletion is sent no later than within a month, and the period of data deletion is also specified.
The response to the application for transfer of personal data submitted by e-mail is sent no later than within a month. The customer support service verifies the identity and reports the transfer of personal data.
Direct marketing communications
The email address and phone number are used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, click the appropriate link at the bottom of the email or contact customer service.
Technical cookies are necessary for the General navigation of the user on the web page and the use of the functions of the website. Analytics cookies collect information about how a web page is used. The purpose of third-party Analytics cookies is to optimize marketing communication. In addition to analytical cookies, the online store uses pixels that track the use of the web page. In carrying out these actions, data that can identify a person is not processed. Cookies that allow authentication help remember the settings made by the user on the web page (for example, the name and the selected language). Advertising cookies are used by web pages to show the user advertisements that are tailored to his interests. Cookies regulate how many times the user will be shown this or that information, and help to understand the effectiveness of the advertising campaign.
Resolution of disputes related to the processing of personal data carried out through the customer service (email@example.com). The Supervisory authority is the data protection Inspectorate Estonia (firstname.lastname@example.org).