| en | et

Processing of personal data

Personal data processed:

  • name, telephone number and e-mail address;

  • delivery address of goods;

  • bank account number;

  • cost of goods and services and payment related data (purchase history);

  • customer support data.

Personal data are processed for the following purposes:

  • Personal data are used to manage customer orders and deliver the goods.

  • Purchase history data (date of purchase, goods, quantity, customer data) are used to prepare an overview of the purchased goods and services and analyse customer preferences.

  • The bank account number is used to make refunds to the customer.

  • Personal data such as the e-mail address, telephone number and name of the customer are processed for the purpose of resolving issues related to the goods and provision of services (customer support).

  • The IP address of the internet store user or other online identifiers are processed for the purpose of providing the internet store service as an information society service and collecting web browsing statistics.

Legal basis

Personal data are processed for the purpose of performing the agreement entered into with the customer.

Personal data are processed for the purpose of fulfilling a legal obligation (e.g. accounting and resolution of consumer disputes).

Recipients to whom personal data are forwarded:

  • Personal data are transmitted to the customer support service of the internet store for the purpose of managing purchases and purchase history and resolving customer issues.

  • Personal data are transmitted to Stripe for facilitating payments.

  • The name, telephone number and e-mail address are forwarded to the transport service provider chosen by the customer. If the goods are delivered by a courier, the address of the customer is forwarded in addition to contact details.

  • If accounting of the internet store is arranged by the service provider, personal data are transmitted to the service provider for the purpose of accounting.

  • Personal data may be transmitted to the provider of IT services, if they are required for the purpose of ensuring the functionality of the internet store or data hosting.

Security and access to data

Personal data are stored in the web platform Wix environment and Google Drive cloud service located on the territory of a Member State of the European Union or a country of the European Economic Area. Data may be transmitted to countries where the level of data protection has been assessed as satisfactory by the European Commission and the USA companies that have joined the Privacy Shield Framework.

The employees of the internet store have access to personal data for the purpose of resolving technical issues related to the use of the internet store and providing the customer support service.

The internet store implements appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised access to and disclosure of these data.

Personal data are transmitted to the processors of the internet store (e.g. the transport service provider and data hosting) in compliance with the agreements entered into between the internet store and the processors. The processors shall ensure the implementation of appropriate security measures when processing personal data.

Access to and rectification of personal data

Personal data can be accessed through the customer support service.

Withdrawal of consent

If personal data are processed on the basis of a customer consent, the customer has the right to withdraw his or her consent by notifying the customer support service thereof via e-mail.

Retention

The purchase history is retained for three years.

In case of payments and consumer disputes, personal data are retained until the claim has been satisfied or the limitation period has expired.

Personal data required for accounting shall be stored for seven years.

Deleting

In order to delete personal data, the person has to contact the customer support service by e-mail. A request to delete personal data shall be responded to no later than within one month and the period of deleting of personal data shall be detailed.

Transmission

A request regarding the transmission of personal data submitted by e-mail shall be responded to no later than within one month. The customer support service identifies the person and notifies of personal data to be transmitted.

Direct marketing

The e-mail address is used for direct marketing purposes provided that the customer has given an appropriate consent. If the customer is not interested in receiving any direct marketing messages, the person has to select the relevant reference in the footer of the e-mail or contact the customer support service.

If personal data are processed for direct marketing purposes (profiling), the customer has the right to submit an objection to the initial and further processing of his or her personal data, including profiling related to direct marketing, by notifying the customer support service thereof via e-mail (relevant information must be submitted clearly and separately from any other information).

Resolution of disputes

Any disputes related to the processing of personal data are resolved through the customer support service that can be contacted by writing to the e-mail address at shop@gerdamiller.com. The supervisory authority is the Estonian Data Protection Inspectorate (Eesti Andmekaitse Inspektsioon) (info@aki.ee).