Processing of personal data
Processing of personal data
The chief processor of personal data in Web Store shop.figuraata.ee is Figuraata OÜ, (registry code: 10389466) located at Jõe 11 B, Räpina, Põlvamaa, Estonia. firstname.lastname@example.org
Figuraata OÜ forwards the personal data necessary for making payments to the authorized processor Maksekeskus AS.
What personal data is processed
- name, telephone number and e-mail address;
- delivery address of the products;
- bank account number;
- cost of products and services and data related to payments (purchase history);
- customer support details.
For what purpose is personal data processed
Personal data is used to manage customer orders and deliver products.
Purchase history data (purchase date, products, quantity, customer data) is used to compile an overview of purchased products and services and to analyze customer preferences.
The bank account number is used to refund payments to the customer.
Personal data, such as e-mail, telephone number, customer name are processed to resolve issues related to the provision of products and services (customer support).
The IP address or other network identifiers of the web store user are processed for the web store as an information society service provider and to compile online usage statistics.
Personal data is processed for the purpose of fulfilling the contract entered into with the customer.
The processing of personal data is carried out in order to fulfill a legal obligation (eg accounting and settlement of consumer disputes).
Recipients to whom personal data is transmitted
Personal data is passed on to the online store's customer support to manage purchases and purchase history and to solve customer problems.
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer's address will also be provided.
If the web store is using a service provider for accounting, the personal data will be transferred to the service provider for accounting purposes.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the web store or data hosting.
Security and access to data
Personal data is stored on Shopify (www.shopify.com) servers located in the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated to the Privacy Shield framework.
The employees of the web store who have access to personal data, can access it in order to resolve technical issues related to the use of the web store and to provide customer support services. The Web Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to the authorized processors of the web store (eg transport service provider and data hosting) takes place on the basis of agreements concluded with the web store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
Access to and correction of personal data
Personal data can be accessed and corrections made to the web store's user profile. If the purchase has been made without a user account, personal data can be accessed via customer support.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.
When closing the customer account of the web store, personal data will be deleted, unless such data needs to be kept for accounting purposes or for resolving consumer disputes.
If the purchase in the web store has been made without a customer account, the purchase history is stored for three years.
In the event of a dispute over payments and consumer disputes, personal data will be kept until the claim is met or the limitation period expires.
Personal data required for accounting purposes shall be kept for seven years.
To delete personal information, contact customer support via email. A request for erasure will be answered no later than one month and the period for erasure of data shall be specified.
A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of the personal data that is to be transferred.
Direct marketing messages
The e-mail address and telephone number will be used to send direct marketing messages if the customer has given his/her consent. If the customer does not wish to receive direct marketing messages, he/she has to select the appropriate link in the footer of the email or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of his/her personal data, including direct marketing profiling by notifying customer support by e-mail (this information must be clearly and separately from any other information) .
Disputes related to the processing of personal data are resolved through customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).