The chief processor of personal data of the online store https://kriandkri.ee is Kri & Kri OÜ (registry code 14356344), located in Harju county, Viimsi parish, Randvere village, Kadri tee 1, 74016, phone 556 116 27 and e-mail info@kriandkri.ee .
1. What personal data is processed
1.1. name, telephone number and e-mail address;
1.2. delivery address;
1.3. bank account number;
1.4. the cost of goods and services and payment details (purchase history);
1.5. customer support data.
2. Purposes for which personal data is processed
2.1. Personal data is used for the management of customer’s orders and delivery of goods.
2.2. Purchase history data (date of purchase, goods, quantity, customer data) is used to compile an overview of goods and services purchased, to analyse customer preferences and for the purpose of, among others, resolving consumer disputes.
2.3. The bank account number is used to return payments to the customer.
2.4. Personal data such as the e-mail address, telephone number and name of the customer are processed to handle any issues relating to the provision of goods and services (customer support). E-mail is also used in order to forward invoices and the telephone number is used to notify the customer about their goods arriving in the parcel locker.
3. Legal basis
3.1. The processing of personal data is carried out for the purposes of the performance of the contract concluded with the customer (management of the customer’s orders, delivery, return of goods and payments).
3.2. The processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting).
3.3. The processing of personal data, i.e. the collection of purchase history data for the purposes of resolving potential consumer disputes, is necessary due to the controller’s legitimate interest.
4. Recipients to whom personal data are disclosed
4.1. Name, telephone number and e-mail address are forwarded to the transport service provider selected by the customer. In the case of goods to be delivered by courier, in addition to the contact details, the customer’s address will be provided.
4.2. If the accounting of the online shop is carried out by the service provider, the personal data will be transferred to the service provider for the purpose of carrying out accounting operations.
4.3. Personal data may be forwarded to IT service providers if this is needed to ensure the functionality of the online shop or to host data.
5. Security and data access
5.1. Personal data are stored in the servers of Elkdata OÜ (10510593), which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to a third country undertaking to which a safeguard measure referred to in Articles 46 or 47 or 49(1) of the GDPR has been applied.
5.2. Access to personal data is granted to the employees of the online shop who can access personal data in order to solve technical issues related to the use of the online shop and to provide customer support services.
5.3. The online shop implements appropriate physical, organisational and information technology security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure, such as: the use of firewalls and appropriate anti-virus protection to protect the online shop.
5.4. Personal data are forwarded to processors (e.g. the transport service provider and data hosts) on the basis of contracts between the online shop and processors. Upon processing data, the processors are obliged to ensure the relevant safeguards in accordance with article 28 of the GDPR.
6. Accessing and correcting personal data
Personal data can be accessed and corrected in the online shop’s user profile or via customer support. If a purchase is made without a user account, personal data can be accessed via customer support. If the request to access personal data has been submitted electronically, the information will also be provided via commonly used electronic means.
7. Withdrawal of consent
If the processing of personal data is based on the consent of the customer, the customer has the right to withdraw consent in the customer account settings or by notifying customer support by e-mail.
8. Storage
8.1. When closing a customer account in the online shop, personal data will be deleted, with the exception of personal data (purchase history data) that need to be stored for accounting purposes or for the settlement of consumer disputes.
8.2. In the case of disputes relating to payments and consumer disputes, personal data will be stored until the claim is settled or the limitation period expires
8.3. The personal data in original accounting documents is stored for seven years.
9. Restriction
The customer has the right to request the restriction of the processing of his/her personal data if the data is inaccurate or incomplete or if his/her personal data is processed unlawfully.
10. Objections
The customer has the right to object to the processing of his/her personal data if he/she has grounds to believe that there is no lawful basis for the processing of his/her personal data.
11. Deletion
In order to delete personal data, you must contact customer support by e-mail. Requests for erasure are responded to within one month and the period of erasure is specified. The response to the request will also indicate which personal data will not be erased, on which legal basis and why.
12. Transfer
A request for transfer of personal data made by e-mail will be answered within one month at the latest. Customer support identifies the person and indicates which personal data is to be transferred.
13. Direct marketing communications
The e-mail address and telephone number will be used to send direct marketing communications if the customer has given his consent. If the customer does not wish to receive direct marketing messages, they should select the relevant link at the footer of the e-mail or contact customer support.
14. Dispute resolution
Disputes relating to the processing of personal data can be resolved through customer support by writing to info@kriandkri.ee. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).