Privacy Policy

Processing of personal data

The personal data controller for the Varustaja 24 online store is Varustaja24 OÜ (registry code 10841019), located at Kadaka tee 4, 10621 Tallinn, Estonia, phone +372 5551 2024, email tallinn@varustaja24.ee. Varustaja24 OÜ is the controller of personal data and provides the necessary personal data for payment processing to the authorized processor Maksekeskus AS.

What data is processed:

• Name, phone number, and email address;
• Delivery address;
• Bank account number;
• Cost of goods and services and payment-related data (purchase history);
• Customer support information.

FOR WHAT PURPOSE PERSONAL DATA IS PROCESSED:

• Personal data is used to manage the customer’s orders and to deliver the goods.
• Purchase history data (purchase date, product, quantity, customer information) is used to create an overview of purchased goods and services and to analyze customer preferences.
• The bank account number is used to return payments to the customer.
• Personal data such as email, phone number, and customer name are processed to address issues related to the provision of goods and services (customer support).
• The online store user’s IP address or other network identifiers are processed by the online store for providing an information society service and for generating website usage statistics.

Legal basis

The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the client.
The processing of personal data is carried out to fulfill a legal obligation (e.g., accounting and resolving consumer disputes).

Recipients to whom personal data will be disclosed:

• Personal data is shared with the online store’s customer support to manage purchases and purchase history, and to resolve customer issues.
• Name, phone number, and email address will be shared with the transport service provider chosen by the customer. If the shipment is delivered by courier, the customer’s address will also be provided along with the contact details.
• If the online store’s accounting is handled by a service provider, personal data is transmitted to the service provider for the purpose of carrying out accounting operations.
• Personal data may be transferred to information technology service providers if necessary to ensure the functionality of the online store or data hosting.

Security and data access

Personal data is stored on Zone servers located within the territory of a European Union member state or a country that has joined the European Economic Area. Data may be transferred to countries whose level of data protection has been deemed adequate by the European Commission and to US companies that have joined the Privacy Shield framework. Access to personal data is granted to online store employees who may consult the data in order to resolve technical issues related to the use of the online store and to provide customer support services. The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure. The transfer of personal data to the online store’s authorized processors (e.g., transportation service providers and data hosting providers) occurs under agreements concluded between the online store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards when processing personal data.

Accessing and Correcting Personal Data

In this online store, purchases are made without a user account; therefore, personal data can be accessed through customer support.

Withdrawal of consent

If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent by notifying customer support via email.

RETENTION:

• Upon closing the online store customer account, personal data will be deleted, except when it is necessary to retain such data for accounting purposes or for the resolution of consumer disputes.
• If a purchase in the online store is made without a customer account, the purchase history will be retained for three years.
• In the event of disputes related to payments and consumer disputes, personal data shall be retained until the claim is satisfied or until the end of the limitation period.
• Personal data necessary for accounting purposes shall be stored for seven years.

DELETION

To delete personal data, you must contact customer support via email. A request for deletion will be answered no later than within one month, and the period for deleting the data will be specified.

Transfer

• Requests for the transfer of personal data submitted via email will be answered within one month at the latest.
• Customer support verifies the identity of the individual and provides notification regarding the personal data subject to transfer.

DIRECT MARKETING NOTICES

• The email address and phone number are used for sending direct marketing messages, provided that the customer has given their consent. If the customer no longer wishes to receive direct marketing messages, they should select the relevant link in the footer of the email or contact customer support.
• Where personal data are processed for direct marketing purposes (profiling), the customer has the right to object at any time to the processing of their personal data for such marketing, including profiling to the extent that it is related to such direct marketing, by notifying customer support via email (this information must be presented clearly and separately from any other information).

DISPUTE RESOLUTION

Disputes related to the processing of personal data are resolved through customer support via email at tallinn@varustaja24.ee or by phone at +372 5551 2024. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).