1. The owner of the e-Lõheäri online store and controller of personal data thereof is Eksfisk OÜ (registry code 10198606, legal address Neeme tee 68, Käsmu, Lääne-Viru County; phone +372 55538581; e-mail firstname.lastname@example.org), whose online store can be accessed at www.loheari.ee.
Purpose and scope of personal data processing
2. E-Lõheäri processes personal data for the purpose of entering into a contract, performing the contract and resolving legal disputes arising from the contract.
3. With the customer’s consent, e-Lõheäri processes personal data for the purpose of direct marketing, product development and elaboration of new products. The customer can withdraw their consent to personal data processing for the above purposes at any time.
4. In the case provided by law, e-Lõheäri processes personal data for the purpose of collecting official statistics or for the purpose of any other obligation (incl. the obligation to maintain accounts, resolution of consumer disputes, obligation to keep accounting for taxation purposes, etc.) arising from law. In the case provided by law, e-Lõheäri issues personal data at the request of courts, investigative bodies, bodies conducting extra-judicial proceedings or law enforcement bodies.
5. E-Lõheäri processes the following personal data:
a) the customer’s name, phone number and e-mail address;
b) the delivery address;
c) the name of the purchaser’s bank account holder and the number of the purchaser’s bank account;
d) the value of goods and services as well as payment-related information (purchase history);
e) the information on queries made to the customer support;
f) the user’s default language option;
g) the equipment and software used by the user when visiting the online store as well as the history of visits;
h) the list of purchase requests;
i) the e-mail address for delivering the notification of purchase recommendations.
6. Personal data are used to manage the customer’s orders, deliver goods, manage purchase requests, make purchase recommendations and as an overall input for further development of e-Lõheäri.
7. Purchase history details (date of purchase, goods, quantity, customer data) are used to prepare summaries of goods and services purchased and analyse customer preferences.
8. The name of the bank account holder and the bank account number are used to refund payments to the customer.
9. Personal data such as e-mail address, phone number and the customer’s name are processed to resolve issues related to the provision of goods and services (customer support).
10. The IP address or other online identifiers of users of e-Lõheäri are processed for the provision of the online store as an information society service and for web use statistics.
11. Personal data may be used for customer profiling only with the customer’s prior consent.
Communication and disclosure of personal data
12. In addition to the cases specified in clause 4, personal data are transmitted (communicated) to the customer support of e-Lõheäri to manage purchases and purchase history and resolve any problems that the customers may have. E-Lõheäri transmits the personal data necessary for making payments to banks and/or to Maksekeskus AS for making payments.
13. The customer’s name, phone number and e-mail address are transmitted to the transport service provider selected by the customer. If the goods are delivered by a courier, the customer’s address as well as the data provided by the customer are transmitted along with their contact details to the person delivering the goods.
14. Customer data are transmitted to the economic operator who provides accounting service for preparing accounting documents, keeping accounts and performing legal obligations related to accounting.
15. E-Lõheäri may transmit the customer’s personal data to IT service providers if this is necessary to ensure the functionality of the online store or to host data.
Security and access to data
16. Personal data can be accessed by the staff of e-Lõheäri in order to resolve technical issues related to the use of the online store and to provide customer support.
18. E-Lõheäri takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
19. If personal data are transmitted to data processors of the online store (such as the providers of transport and data hosting services), the data processors are required to ensure the application of appropriate safeguards when processing the personal data.
Access to and rectification of personal data
20. Personal data can be accessed and rectified in the user profile of e-Lõheäri. All users can see their personal data and alter or supplement these.
21. If a purchase is made without a user account, personal data can be accessed via customer support. In such a case the processing involves only the personal data provided by the purchaser when making the purchase as well as the data of the products purchased.
Withdrawal of consent
22. If personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw their consent by notifying customer support thereof by e-mail.
Retention of personal data
23. Personal data are erased upon the closure of a customer account of e-Lõheäri unless the storage of the data is necessary for accounting purposes, for official statistics or for the resolution of consumer disputes.
24. For purchases made in e-Lõheäri without a customer account, the purchase history is stored for three years.
25. In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period.
26. Personal data needed for accounting purposes are stored for seven years.
27. For the erasure of personal data, customer support must be contacted by e-mail.
Direct marketing messages
28. The e-mail address and phone number are used for sending direct marketing messages if the customer has given their consent to receiving such messages. If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the e-mail or contact customer service.
Resolution of disputes
29. Complaints and questions related to the processing of personal data may be sent to the online store address email@example.com.
30. To resolve disputes related to the processing of personal data, the data subject may have recourse to the Data Protection Inspectorate (Tatari 39, 10134 Tallinn; +372 627 4135; firstname.lastname@example.org; www.aki.ee) or a court.