PROCESSING OF PERSONAL DATA

The chief processor of personal data submitted to the online store is PILT OÜ (registry code 12939202), located at Kadaka tee 3a, Tallinn, Estonia, phone number (+372) 59 000 101 and e-mail address info@piltjaraam.ee.  

Types of processed personal data:

– name, phone number and e-mail address;

– delivery address;

– bank account number;

– cost of goods and services, and payment-related data (purchase history);

– customer support details.  

Purposes for the processing of personal data

Submitted personal data are used for managing the customer’s orders and delivering the goods. Purchase history data (date of the purchase, goods, quantity, customer’s details) are used for preparing an overview of the purchased goods and services and for analysing customer preferences. The bank account number is used for making refunds to the customer. Contact details such as the customer’s e-mail address, phone number and name are processed for resolving any issues related to the provision of the goods and services (customer support). The IP address and other network identifiers of the user of the online store are processed for providing the online store service as an information society service as well as for producing web usage statistics.  

Legal basis

Submitted personal data are processed for the performance of the contract concluded with the customer. Submitted personal data are processed for compliance with legal obligations (for example, accounting and settlement of consumer disputes).  

Recipients of transmitted personal data

Submitted personal data are transmitted to the customer support team of the online store for managing purchases and purchase histories as well as resolving any customer issues. The customer’s name, phone number and e-mail address are transmitted to the selected delivery service provider. In the case of delivery of the goods by courier service, in addition to contact details, transmitted data shall also include the customer’s address. Personal data may be transmitted to information technology service providers, if it is necessary for the functionality or data hosting of the online store.  

Security and access to data

Submitted personal data are stored on private and virtual servers located within the territory of the member states of the European Union or countries that have joined the European Economic Area. The data may be transmitted to countries wherein the level of data protection has been deemed sufficient by the European Commission as well as to U.S. companies which have joined the Privacy Shield framework. Access to submitted personal data is granted to the employees of the online store for resolving technical issues related to the use of the online store and for providing customer support. The online store shall implement appropriate physical, organisational and information technology security measures to protect the personal data against accidental or unlawful destruction, loss and alteration as well as unauthorised access and disclosure. Personal data are transmitted to the online store’s authorised processors (for example, transport and data hosting service providers) under agreements concluded between the online store and the authorised processors. Authorised processors are required to ensure that appropriate security measures are taken when processing the personal data.  

Accessing and amendment of personal data

Personal data shall be available for accessing and amendment in the user profile in the online store. Personal data related to purchases made without a user account shall be accessible via customer support.  

Withdrawal of consent

In cases where the processing of personal data is carried out on the basis of the consent of the customer, the customer has the right to withdraw their consent by notifying customer support by e-mail.  

Retention

Upon closure of a customer account in the online store, any personal data shall be deleted, unless the retention of the data is required for accounting purposes or for the resolution of consumer disputes. Histories of purchases made without a customer account shall be retained for three years. In the event of disputes relating to payments or consumer disputes, related personal data shall be retained until the settlement of the claim or the end of the validity period. Personal data which are necessary for accounting shall be retained for seven years.  

Deletion

If you wish to have your personal data deleted, please contact our customer support by e-mail. Requests for deletion shall be answered no later than within one month and shall include a specification of the data deletion period.  

Transfer

Requests submitted by e-mail for the transfer of personal data shall be answered no later than within one month. In such cases, customer support shall verify the requester’s identity and notify the requester about the personal data to be transferred.  

Direct marketing messages

The customer’s e-mail address and phone number may be used for sending direct marketing messages. If the customer does not wish to receive direct marketing messages, they may opt out by using the link in the footer of such e-mails or by contacting customer support. In the case of the processing of personal data for direct marketing purposes (profiling), the customer has the right to object to the prior as well as the further processing of their personal data, including for profile analysis related to direct marketing, at any time by notifying customer support by e-mail (the notification must be presented clearly and separately from any other information).  

Settlement of disputes

Disputes relating to the processing of personal data may be resolved via customer support at info@piltjaraam.ee. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).  

We wish you a pleasant shopping experience!