Collection and use of personal data
Personal data is data that beep will collect in order to complete an individual contract with or contacting an individual.
Payment is made outside the e-store in a secure environment – by paying the bank link in a secure environment of the respective bank and paying by credit card in the secure environment of Maksekeskus AS. The seller does not have access to the customer’s bank and credit card information.
Loyal customer personal data can be collected in the following ways:
- when submitting your contact information (including your name, personal identification code, postal address, telephone number, email address, preferred contact method) on our website or elsewhere (e.g., shops)
- using a website through a client’s account information or cookies
- when purchasing a purchase or order in our shop or in an e-shop for storing information about a person’s contact details or purchasing preferences (CaratCrystals.ee may ask for voluntary personal data and personal information to be provided on certain sites on the site. The required personal data may include name, address, zip code, e-mail address, telephone number and other information)
Collection of other data
We also collect unlisted data – data that can not be directly linked to one specific person (gender, age, language preferences, location).
Use of collected personal data
By collecting personal information, we can inform our customers about product news, campaigns and future events from CaratCrystals.ee. A customer who does not want to be in our newsletter or receive notices about products that may be of interest to him can be removed at any time from the target audience of the addressees. We use the personal information we collect for the delivery of goods and for the fulfillment of our obligations to the customer.
CaratCrystals.ee may provide information about individual users to a third party that provides CaratCrystals.ee services for better customer service and is committed to keeping the shared information confidential. The third party is, for example, our partner whose role is to transport goods sold in e-commerce.
Changing collected personal information
The personal information collected for the identification and contacting the Customer can be viewed, modified and updated on our website in the “My Info” area.
Protection of personal data
CaratCrystals.ee applies all precautionary measures (including administrative, technical and physical measures) to protect the customer’s personal data. Access to data editing and processing is restricted to authorized persons.
All personal information received by the CaratCrystals.ee e-store during the visit and purchases will be treated as confidential information. The encrypted data communication channel with banks ensures the purchaser’s security of personal data and bank details.
PERSONAL DATA PROCESSING
The controller of the personal data of online store CaratCrystals.ee is FL Group OÜ (registry code: 14496513), phone +372 58 593 893 and e-mail info@CaratCrystals.ee.
What personal data is processed?
- name, telephone number and e-mail address;
- delivery address of the goods;
- bank account number (in case of return);
- cost of goods and services and data related to payments (purchase history);
- customer support information.
For what purpose personal information is processed
Personal data is used to manage customer orders and deliver goods.
Purchase history data (date of purchase, merchandise, quantity, customer details) are used to compile an overview of purchased goods and services and analyze customer preferences.
The bank account number is used to return the payment to the customer.
Personal data such as email, phone number, customer name, processed to resolve issues related to the provision of goods and services (customer support).
The web store user’s IP address or other network identifiers is processed to provide a web store as an information society service and to use web usage statistics.
The processing of personal data is performed for the purpose of performance of the contract with the client.
Processing of personal data takes place in order to comply with a legal obligation (eg accounting and dispute settlement).
Recipients to whom personal data will be transmitted
Personal information is transmitted to the online store support for purchasing and purchasing history and for solving customer issues.
The name, telephone number and e-mail address are transmitted to the transport service provider selected by the customer. In the case of goods delivered by a courier, the customer’s address is also transmitted in addition to the contact details.
When the online store is billed by the service provider, the personal data is transmitted to the service provider for accounting purposes.
Personal data may be passed on to IT service providers if this is necessary to ensure the functionality of the web store or data storage.
Security and data access
Personal data is stored on Zone Media OÜ servers located within the territory of a Member State of the European Union or the countries party to the economic area of the European Union. Data may be forwarded to countries whose data protection level has been assessed by the European Commission as sufficient and for US companies that are members of the Data Protection Shield (Privacy Shield) the framework.
Access to personal data is provided by online shoppers who can access personal information in order to resolve technical issues related to the use of the online store and provide customer support services.
The web store implements appropriate physical, organizational and information security measures to protect personal information against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to online processors (e.g., transport service provider and data storage) is carried out on the basis of contracts with the online store and authorized processors. Authorized processors are required to ensure appropriate safeguards in the processing of personal data.
Finding and improving personal information
Personal data can be viewed and corrected in the online store user profile. If the purchase has been made without a user account, you can access personal information through cluster support.
Withdrawal of consent
If the processing of personal data takes place on the basis of client’s consent, the customer will have the right to withdraw the consent by informing customer support via e-mail.
When closing a web store customer account, personal data will be deleted, unless such data is required to be kept for accounting purposes or for resolving consumer disputes.
If a purchase has been made without a client account in the online store, the purchase history will be kept for three years.
In the event of disputes relating to payments and consumer disputes, personal data shall be retained until the claim is executed or the expiry of the limitation period.
The personal data necessary for accounting purposes will be kept for seven years.
To delete personal information, contact customer support by email. The request for deletion will be answered no later than a month and the deadline for the deletion of the data will be specified.
An application for transfer of personal data submitted by e-mail will be answered no later than within a month. Customer Support identifies identity and personal information that is subject to transfer.
The e-mail address and telephone number are used to send direct marketing messages, provided the customer has given his consent. If the customer does not want to receive direct marketing notices, please select the appropriate reference in the footnote of the email or contact customer support.
When personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to his or her personal data for both initial and further processing, including direct marketing, by notifying customer support via e-mail.
Settlement of disputes
Disputes related to the processing of personal data are available through customer support at info@CaratCrystals.ee. The Supervisory Authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).