The owner of the online store babotallinn.ee (hereinafter referred to as the "Web Store") is Beautyspa Baltic OÜ (registration code 14348310), located at Pärnu mnt. 18, Tallinn, 10141, Harjumaa, email@example.com; +372 5680 5550.
WHAT PERSONAL DATA IS PROCESSED:
- Name, telephone number, and email address;
- Delivery address of the goods;
- Bank account number;
- Information regarding the cost of goods and services and related payment data (purchase history);
- Customer support data.
FOR WHAT PURPOSES PERSONAL DATA IS PROCESSED:
Personal data is used for managing customer orders and delivering the goods.
Purchase history data (purchase date, product, quantity, customer information) is used for compiling an overview of purchased goods and services and analyzing customer preferences.
The bank account number is used for refunding payments to the customer.
Personal data such as email, phone number, and customer name are processed to resolve issues related to the provision of goods and services (customer support).
The user's IP address or other network identifiers are processed for providing the Web Store as an information society service and for generating web usage statistics.
The processing of personal data is carried out for the performance of a contract with the customer.
The processing of personal data is carried out for compliance with a legal obligation (e.g., accounting and consumer dispute resolution).
RECIPIENTS TO WHOM PERSONAL DATA IS DISCLOSED:
Personal data is disclosed to the Web Store's customer support for managing purchases and purchase history and resolving customer issues.
Name, telephone number, and email address are disclosed to the transportation service provider chosen by the customer. If the goods are delivered by a courier, the customer's address is also disclosed.
If the Web Store's accounting is conducted by a service provider, personal data is disclosed to the service provider for accounting purposes.
Personal data may be disclosed to information technology service providers if necessary for ensuring the functionality of the Web Store or data hosting.
Beautyspa Baltic OÜ is the data controller of personal data, and it transfers the necessary payment data to the authorized processor Maksekeskus AS for payment processing.
SECURITY AND ACCESS TO DATA:
Personal data is stored on zone.ee servers located within the territory of European Union member states or countries belonging to the European Economic Area. Data may be transferred to countries with a data protection level assessed as adequate by the European Commission and to U.S. companies that adhere to the Privacy Shield framework.
Access to personal data is limited to Web Store employees who need to access the data to resolve technical issues related to the Web Store's usage and provide customer support.
The Web Store implements appropriate physical, organizational, and technical security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.
The transfer of personal data to authorized processors (e.g., transportation service providers and data hosting) is based on contracts between the Web Store and the authorized processors. The authorized processors are obligated to implement appropriate security measures in the processing of personal data.
ACCESSING AND CORRECTING PERSONAL DATA:
Customers can access and make corrections to their personal data in their Web Store user profile. If a purchase is made without a user account, customers can access their personal data through customer support.
WITHDRAWAL OF CONSENT:
If the processing of personal data is based on the customer's consent, the customer has the right to withdraw the consent by notifying customer support via email.
When the customer's Web Store account is closed, personal data is deleted unless such data needs to be retained for accounting or consumer dispute resolution purposes.
If a purchase is made in the Web Store without a customer account, the purchase history is retained for three years.
In case of payment and consumer dispute-related claims, personal data is retained until the claim is settled or the statute of limitations expires.
Personal data required for accounting purposes is retained for seven years.
To have personal data deleted, customers must contact customer support via email. The deletion request will be responded to within one month, and the data deletion period will be specified.
Requests for the transfer of personal data submitted via email will be responded to within one month. Customer support will verify the identity of the person making the request and inform about the data subject to be transferred.
DIRECT MARKETING NOTIFICATIONS:
The email address and phone number are used for sending direct marketing notifications if the customer has given consent for such communication. If the customer does not wish to receive direct marketing notifications, they can use the link provided in the email footer or contact customer support.
If personal data is processed for direct marketing purposes (profiling), customers have the right to object to the processing, including profiling related to direct marketing, at any time by notifying customer support via email (the information must be provided clearly and separately from any other information).
Dispute resolution related to the processing of personal data is carried out through customer support (CONTACT DETAILS). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).