The Online Store uses the following cookies:
- session cookies, the goal of which is to allow to use the Online Store;
- persistent cookies, the goal of which is to remember choices of the customer in the Online Store;
- cookies of the first and/or third party, the goal of which is to show advertising and offers that suit the customer;
- analytical cookies of a third party, the goal of which is to optimise marketing communication.
The customer can delete and/or block the cookies that were saved on his or her device, by changing respective settings of his or her browser. If cookies are not used, the Online Store may not work as planned and/or some of its functions may not be available to the customer.
In addition to the use of analytical cookies the Online Store uses pixels (pixel tags, web-beacons), which allow to monitor how the website of the seller is used. These functions do not result in processing of data that can identify a person.
PROCESSING OF PERSONAL DATA
The responsible processor of personal data of the Freetime Hobby Online Store is Freetime Hobby OÜ (registry code 14952402), address Lõõtsa 2b, Tallinn, e-mail firstname.lastname@example.org.
WHAT PERSONAL DATA IS PROCESSED?
- name, telephone number and e-mail address;
- address of delivery of the goods;
- bank account number;
- cost of the goods and services, and data related to payments (purchase history);
- details of the customer support service.
WHAT IS THE GOAL OF PROCESSING OF PERSONAL DATA?
Personal data is used for administration of customers’ orders and for delivery of the goods.
Purchase history details (date of purchase, goods, amount, customer’s details) are used for preparation of overviews of purchased goods and services, and for analysis of preferences of the customers.
The bank account number is used for return of payments to the customer.
Such personal data as e-mail address, telephone number and customer’s name is processed in order to resolve issues related to purchase of goods and services (customer support service).
The IP address of the user of the Online Store or other network identifiers are processed for provision of services of the Online Store as services of the information society, and for provision of web use statistics.
Personal data is processed with the goal of performance of the contract concluded with the customer.
Personal data is processed for performance of legal obligations (for example, for maintenance of accounts and for resolution of consumer disputes).
RECIPIENTS TO WHICH PERSONAL DATA IS SENT
Personal data is sent to the customer support service of the Online Store for the purpose of assessment of the purchase history and resolution of customer-related issues.
The owner of the Online Store is a responsible processor of personal data, who sends the personal data required for completion of payments to the authorised processor Maksekeskus AS.
Name, telephone number and e-mail address are sent to the transport service provider selected by the customer.
Accounts of the Online Store are maintained by the service provider, and personal data is sent to the service provider when accounting actions are performed.
Personal data can be sent to providers of information technology services, if it is necessary for assurance of functionality of the Online Store or for data hosting.
SECURITY AND ACCESS TO DATA
Personal data is stored on ShopRoller.com servers which are located in the territory of a member state of the European Union or of the European Economic Area. Data can be sent to states where the level of data security was assessed by the European Commission as sufficient, and to US companies that have joined the Privacy Shield framework.
Access to personal data is provided to workers of the Online Store who can familiarise themselves with personal data in order to resolve technical issues related to the use of the Online Store and to provide customer support services.
The Online Store implements respective physical, organisational and IT security measures for protection of personal data from accidental or unlawful destruction, loss or change, or from unauthorised access to or disclosure of such personal data.
Personal data is sent to authorised processors of the Online Store (for example, to providers of transport or hosting services) on the basis of contracts concluded between the Online Store and the authorised processors. The authorised processors are obliged to process personal data using respective security measures.
FAMILIARISATION WITH AND CHANGE OF PERSONAL DATA
The customer can familiarise himself or herself with personal data and make changes to personal data in the user profile. If a purchase was made without a user account, the customer can familiarise himself or herself with personal data through the customer service.
WITHDRAWAL OF CONSENT
If personal data is processed on the basis of consent of the customer, the customer has the right to withdraw consent by notifying the customer support service thereof.
When the customer account in the Online Store is closed, personal data is erased, except where such data must be stored for the purpose of accounting or for resolution of consumer disputes.
If a purchase was made in the Online Store without a customer account, the purchase history is stored for three years.
In case of tax-related disputes and consumer disputes personal data is stored until performance of a request or until expiry of the limitation period.
Personal data required for accounting purposes is stored for seven years
In order to erase personal data the customer must contact the customer support service via e-mail. The customer support service will reply to the request for erasure not later than within one month, and the period of erasure of the data will be specified.
The customer support service will reply to the request for transfer of personal data not later than within one month. The customer support service will establish identity of the customer and inform him or her of the personal data that is subject to transfer.
DIRECT MARKETING MESSAGES
The e-mail address and telephone number are used to send direct marketing messages if the customer has provided a respective consent. If the customer does not wish to receive direct marketing messages, the customer must select a respective link in the footer of the e-mail or contact the customer support service.
If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to submit objections to initial and subsequent processing of his or her personal data, including an objection to performance of profile analysis related to direct marketing, at any time, by notifying the customer support services thereof via e-mail (a respective notice must be presented explicitly and in a way that it can be distinguished from other information).
RESOLUTION OF DISPUTES
Disputes related to processing of personal data are resolved through the intermediary of the customer support service via e-mail address email@example.com. The supervisory body for the purpose of personal data protection is the Data Protection Inspectorate of Estonia (firstname.lastname@example.org).