Privacy policy

PROCESSING OF PERSONAL DATA

The controller of personal data for the online store shop.heavesi.ee is Hea Vesi OÜ (registry code 10846318), located at Harju County, Tallinn, Kesklinn district, Toompuiestee 30, 10149, tel +372 6 400 036 and email info@heavesi.ee.

What personal data is processed

  • −  name, telephone number and email address;

  • −  delivery address of the goods;

  • −  bank account number;

  • −  cost of goods and services and payment-related data (purchase history);

  • −  customer support data.

     

For what purpose personal data is processed

Personal data is used to manage the customer's orders and deliver the goods.

Purchase history data (date of purchase, goods, quantity, customer data) is used to compile an overview of the purchased goods and services and to analyse customer preferences.

The bank account number is used to issue refunds to the customer.

Personal data such as email, telephone number, and customer name is processed in order to resolve issues related to the provision of goods and services (customer support).

The online store user's IP address or other network identifiers are processed for the provision of the online store as an information society service and for compiling web usage statistics.

Legal basis

Personal data is processed for the purpose of performing the contract concluded with the customer.

Personal data is processed for compliance with a legal obligation (e.g. accounting and resolution of consumer disputes).

Recipients to whom personal data is disclosed

Hea Vesi OÜ is the controller of personal data, Hea Vesi OÜ transmits the personal data necessary for processing payments to the authorised processor Maksekeskus AS.

Personal data is disclosed to the online store's customer support for managing purchases and purchase history and resolving customer issues.

    The name, telephone number and email address are disclosed to the transport service provider chosen by the customer. If the goods are delivered by courier, the customer's address is also disclosed in addition to the contact details.

    If the online store's accounting is handled by a service provider, personal data is disclosed to the service provider for accounting operations.

    Personal data may be disclosed to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.

    Security and access to data

    Personal data is stored on servers located within the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been deemed adequate by the European Commission, and to US companies that have joined the data protection shield (Privacy Shield) framework.

    Access to personal data is granted to the online store's employees, who may access the personal data in order to resolve technical issues related to the use of the online store and provide customer support services.

    The online store applies appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised access and disclosure.

    The transfer of personal data to the online store's authorised processors (e.g. transport service provider and data hosting) takes place on the basis of contracts concluded between the online store and the authorised processors. The authorised processors are required to ensure appropriate safeguards when processing personal data.

    Access to and correction of personal data

    Personal data can be accessed and corrected in the online store user profile. If the purchase was made without a user account, personal data can be accessed through customer support.

    Withdrawal of consent

    If the processing of personal data is based on the customer's consent, the customer has the right to withdraw consent by notifying customer support by email.

    Retention

    Upon closure of the online store customer account, personal data will be deleted, unless such data needs to be retained for accounting purposes or for resolving consumer disputes.

    If a purchase has been made in the online store without a customer account, the purchase history will be retained for three years.

    In the event of disputes related to payments and consumer disputes, personal data will be retained until the claim is fulfilled or until the expiry of the limitation period.

    Personal data required for accounting purposes will be retained for seven years.

    Deletion

    To delete personal data, customer support must be contacted by email. A response to the deletion request will be provided no later than within one month, and the data deletion period will be specified.

    Transfer

    Requests for the transfer of personal data submitted by email will be answered no later than within one month. Customer support will verify the identity of the person and inform them of the personal data subject to transfer.

    Direct marketing communications

    The email address and telephone number are used for sending direct marketing communications if the customer has given the relevant consent. If the customer does not wish to receive direct marketing communications, they must select the relevant link in the footer of the email or contact customer support.

    If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object at any time to both the initial and further processing of their personal data, including direct marketing-related  profiling analysis, by notifying customer support by email.

    Dispute resolution

    The resolution of disputes related to the processing of personal data takes place through customer support at info@heavesi.ee . The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).

    Hea Vesi OÜ, Toompuiestee 30, 10149 Tallinn, Estonia