DATA PROTECTION TERMS
1. General provisions
1.1 The data protection conditions stipulated herein regulate the principles regarding the collection, processing and storage of personal data. Personal data is collected, processed and stored by the responsible personal data processor Greenback OÜ, registry code 11903107, located at Meistri 16, Tallinn (hereinafter the data processor).
1.2 A data subject in the sense of the data protection conditions is a customer or other natural person whose personal data is processed by the data processor. A customer in the sense of the data protection conditions is anyone who buys goods or services from the website of the data processor.
1.3 When placing an order from the online store of the data processor, the data subject accepts the current data protection conditions by marking the corresponding box in the order.
1.4 The data processor complies with the data processing principles set forth in legislation, among other things, the data processor processes personal data legally, fairly and securely. The data processor is able to confirm that personal data has been processed in accordance with the provisions of legislation.
1.5 The personal data that the data processor collects, processes and stores is collected electronically, mainly through the website when placing an order and via e-mail. The personal data of the data subject entered by the data subject when submitting the order are entered into the customer register and are used to fulfill the sales contract and offer products to the data subject.
1.6 By sharing his personal data, the data subject gives the data processor the right to collect, organize, use and manage personal data for the purposes specified in the data protection conditions, which the data subject directly or indirectly shares with the data processor when purchasing goods or services on the website.
1.7 The data subject is responsible for ensuring that the data provided by him is accurate, correct and complete. Knowingly providing false information is considered a violation of the data protection conditions. The data subject is obliged to immediately notify the data processor of changes in the provided data.
1.8 The data processor is not responsible for damage to the data subject or third parties caused by the data subject providing false information.
2. Processing and storage of the client's personal data
2.1 The data processor processes the following personal data of the data subject:
· - first and last name;
· - phone number;
· - e-mail address;
· - delivery address;
· - payment method;
· - Bank account number;
· - purchase history.
When visiting the website Freshdesign.ee, miu.ee, scrunch.ee or mntl.ee, the page automatically saves the following data: Browser identifier, frequency of page visits, average time spent on the page, viewed products.
2.2 Legal basis for personal data processing
Personal data is processed for the purpose of fulfilling the contract with the customer (management of customer orders, delivery, return of goods and payments).
Personal data is processed to fulfill a legal obligation (e.g. accounting).
The processing of personal data is necessary due to the legitimate interest of the data controller, which consists in collecting purchase history data for the purpose of resolving possible consumer disputes.
2.3 Purpose
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, product, quantity, customer data) is used to create an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to return payments to the customer.
Personal data such as e-mail, telephone number, customer name are processed in order to resolve issues related to the provision of goods and services (customer support).
The e-mail address is used to send newsletters or collect information about the quality of the product, if the customer has given the corresponding consent.
Data such as the browser identifier, the frequency of page visits, the average time spent on the page and the products viewed are used to improve the content and functionality of the page.
2.4 Storage
The data processor stores the data of data subjects depending on the purpose of the processing.
Upon closing the customer account of the online store, personal data will be deleted, except in cases where it is necessary to keep such data for accounting purposes or to resolve consumer disputes.
If a purchase is made in the online store without a customer account, the purchase history is stored for three years.
In the case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or the expiry period ends.
Personal data necessary for accounting are stored for seven years.
2.5 Recipients to whom personal data is transmitted
The data processor has the right to share customers' personal data with third parties, such as online store customer support, authorized data processors, accountants, transport and courier companies, manufacturers of goods, companies providing transfer services.
The data processor undertakes not to transfer the personal data of customers to external third parties, unless the obligation to transfer personal data arises from the law.
Personal data is transferred to the customer support of the online store to manage purchases and purchase history and to solve customer problems.
Name, phone number, e-mail address and customer address will be forwarded to the courier for delivery.
If the accounting of the online store is performed by the service provider, then personal data is transferred to the service provider for accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
2.6 Greenback OÜ is the processor of your personal data
Greenback OÜ is the processor of your personal data and we are responsible for ensuring that your personal data is processed properly and in accordance with the applicable legislation of the European Union/European Economic Area. We sell products of several different brands through various websites. We collect and process your personal data from the following websites.
o 1.1 https://www.dreshdesign.ee
2.7 When processing and storing the data subject's personal data, the data processor implements organizational and technical measures that ensure the protection of personal data against accidental or illegal destruction, modification, disclosure and any other illegal processing.
Transfer of personal data to authorized processors of the online store (e.g. courier and data hosting) takes place on the basis of contracts concluded with the online store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures in the processing of personal data in accordance with Article 28 of the General Regulation on the Protection of Personal Data.
2.8 Personal data is stored on Zone.ee's servers, which are located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to a company in a third country to which the protection measure specified in Article 46 of the General Regulation on the Protection of Personal Data has been applied.
Employees of the online store have access to personal data, who can access personal data in order to solve technical issues related to the use of the online store and to provide customer support services.
The online store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or illegal destruction, loss, modification or unauthorized access and disclosure, which are: data exchange with the online store is carried out via an encrypted connection (TSL), customer passwords are stored encrypted (hash) , standard encryption is used when sending e-mails, a firewall and appropriate anti-virus protection are implemented to protect the e-shop servers, regular backups are created, which are kept separately from the e-shop server.
Rights of the data subject
3.1 Viewing and correcting personal data
Personal data can be viewed and corrected in the user profile of the online store or through customer support. If the purchase has been made without a user account, you can view your personal data through customer support.
The data subject has the right to receive information about the processing of his personal data. The data subject has the right to supplement or correct inaccurate data.
The customer has the right to request the correction of incorrect, incomplete and inaccurate personal data by e-mail, sending his request to info@freshdesign.ee
The correction request will be answered no later than within 30 days.
3.2 Withdrawal of Consent
If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent under the user account settings or by informing the customer support via e-mail at info@freshdesign.ee
3.3 Limitation
The customer has the right to request restriction of the processing of his personal data if the data is incorrect or incomplete or if his personal data is processed illegally.
3.4 Objections
The customer has the right to object to the processing of his personal data if he has reason to believe that there is no legal basis for the processing of his personal data. If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including profile analysis related to direct marketing, by notifying customer support by e-mail at info@freshdesign.ee
3.5 Deletion
To delete personal data, you must contact customer support at info@freshdesign.eete. The deletion request will be answered no later than within 30 days and the data deletion period will be specified. In the response to the request, the personal data that will not be deleted and on what legal basis and reason will also be highlighted.
3.6 Transfer
The data subject has the right to request the transfer of personal data. The request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies the identity and informs about the personal data that is subject to transfer.
3.7 Dispute Resolution
Disputes related to the processing of personal data are resolved through customer support. The data subject can file a complaint with the Data Protection Inspectorate (info@aki.ee) to protect his rights.
Final provisions
4.1 These data protection conditions have been drawn up in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and the free movement of such data and the repeal of Directive 95/46 / EC / EC (General Regulation on the Protection of Personal Data), personal data of the Republic of Estonia protection law and legislation of the Republic of Estonia and the European Union.
4.2 The data processor has the right to partially or completely change the data protection conditions by notifying the data subjects of the changes via the website https://www.mntl.ee.