Processing of personal data

The responsible data controller for the online store karinibutiik.ee is K&N OÜ (registry code 12920674), located at Suve 2, Tallinn, phone 56 141 497, and email info@karinibutiik.ee.

What personal data is processed

• name, phone number, and email address
• delivery address of the goods;
• bank account number;
• cost of goods and services and payment-related data (purchase history);
• customer support data.

For what purpose are personal data processed

Personal data is used for managing customer orders and delivering goods.

Purchase history data (purchase date, product, quantity, customer data) is used to compile an overview of purchased goods and services and to analyse customer preferences.

The bank account number is used for refunding payments to the customer.

Personal data such as email, phone number, customer name, are processed to resolve issues related to the provision of goods and services (customer support).

The user's IP address or other network identifiers are processed for the purpose of providing the online store as an information society service and for compiling web usage statistics.

Legal basis

The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the customer.

The processing of personal data is carried out to fulfil a legal obligation (e.g., accounting and consumer dispute resolution).

Recipients to whom personal data is disclosed

Personal data is transmitted to the online store's customer support for managing purchases and purchase history and resolving customer issues.

The name, phone number, and email address are transmitted to the transportation service provider selected by the customer. If it's a courier-delivered item, then in addition to the contact details, the customer's address is also transmitted.

If the online store's accounting is handled by a service provider, then personal data is transmitted to the service provider for accounting operations.

Personal data may be transferred to information technology service providers if necessary to ensure the functionality or data hosting of the online store.

Security and data access

Personal data is stored on servers located in a member state of the European Union or in countries associated with the European Union's economic area. Data may be transferred to countries whose data protection level has been assessed as adequate by the European Commission, as well as to US companies that have joined the European Union. Privacy Shield framework.

Access to personal data is granted to employees of the online store who need to access the data in order to resolve technical issues related to the use of the online store and to provide customer support services.

The online store implements appropriate physical, organizational, and information technology security measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.

The transmission of personal data to authorized processors of the online store (e.g., transportation service provider and data hosting) is based on agreements concluded between the online store and the authorized processors. Authorized processors are obligated to ensure appropriate security measures when processing personal data.

Accessing and correcting personal data

You can access and make corrections to personal data in the user profile of the online store. If the purchase is made without a user account, you can access personal data through customer support.

Withdrawing consent

If the processing of personal data is based on the customer's consent, the customer has the right to withdraw consent by informing customer support via email.

Retention

When closing the customer account in the online store, personal data is deleted, unless such data needs to be retained for accounting purposes or for resolving consumer disputes.

If a purchase is made in the online store without a customer account, the purchase history is retained for three years.

In case of disputes related to payments and consumer disputes, personal data is retained until the claim is fulfilled or the expiration of the limitation period.

Personal data necessary for accounting are stored for seven years.

Erasure

To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the data deletion period will be specified.

Transfer

The request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies the identity and informs about the personal data that is subject to transfer.

Direct marketing messages

The e-mail address and phone number are used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, he must select the corresponding reference in the footer of the e-mail or contact customer support.

If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object at any time to both initial and further processing of his personal data, including profile analysis related to direct marketing, by notifying customer support by e-mail.

Solving arguments

Disputes related to the processing of personal data are resolved through customer support (CONTACT DATA). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).