The main processor of personal data of the online store https://hidddn.com/ is Hidddn OÜ (registry code 14990383), located at J. Köleri tn 28-1, 10115, Tallinn, Harju county, phone +372 5682 8328 and e-mail info(@)hidddn.com. The processing of personal data is subject to the legislation of Estonia and the European Union.
2. THE CONTROLLER OF PERSONAL DATA COLLECTS THE FOLLOWING INFORMATION
2.1 name, telephone number and e-mail address;
2.2 delivery address of the goods;
2.3 bank account number;
2.4 cost of goods and services and data related to payments (purchase history);
2.5 customer support details.
3. PERSONAL DATA IS COLLECTED AND PROCESSED
3.1 To manage customer orders and deliver goods.
3.2 Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyse customer preferences.
3.4 The bank account number is used to return payments to the customer.
3.5 Personal data, such as e-mail, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support).
3.6 The IP address or other network identifiers of the online store user are processed in order to provide the online store as an information society service and to compile online usage statistics.
4. LEGAL BASIS
4.1 The processing of personal data takes place on the basis of an agreement concluded with the customer, for the purpose of fulfilling the order.
4.2 The processing of personal data is carried out in order to fulfil a legal obligation (eg accounting and settlement of consumer disputes).
5. Recipients to whom personal data are transmitted
5.1 The Customer’s Personal Data is transmitted to the online store’s customer support for managing purchases and purchase history and resolving customer problems.
5.2 The customer’s name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer’s address will also be provided.
5.3 Hidddn OÜ forwards the personal data necessary for making payments to the authorized processor Maksekeskus AS.
5.4 Personal data may be transferred to IT service providers if this is necessary to ensure the functionality of the online store or data hosting.
6. SECURITY AND ACCESS TO DATA
6.1 Personal data is stored on Zone servers located in the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated to the Privacy Shield framework.
6.2 The employees of the online store have access to personal data, who can access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.
6.3 The Online Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
6.4 The transfer of personal data to the authorized processors of the online store (eg transport service provider and data hosting) takes place on the basis of agreements concluded with the online store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
7. ACCESS TO AND CORRECTION OF PERSONAL DATA
8. WITHDRAWAL OF CONSENT
9. DATA RETENTION
9.1 When closing the customer account of the online store, personal data will be deleted, unless such data needs to be kept for accounting purposes or for resolving consumer disputes.
9.2 If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years.
9.3 In case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires.
9.4 Personal data required for accounting purposes will be kept for seven years.
10. DELETING AND TRANSFERRING OF PERSONAL DATA
10.1 The customer has the right to receive information and access to his / her personal data at any time. The customer has the right to withdraw the previously given consent to the processing of personal data.
10.2 The customer has the right to: request access to personal data, request the correction, restriction, deletion or transfer of personal data.
10.3 In order to receive information, check, change, delete or transfer personal data, the Customer sends a written application to the e-mail address firstname.lastname@example.org. Customer Service will respond to the Customer’s request by e-mail, no later than within 30 working days.
11. DIRECT MARKETING ANNOUNCEMENTS AND LOYALTY PROGRAM
11.1 Hidddn OÜ may send newsletters, including satisfaction surveys and offers to the Customer’s e-mail address or by SMS only if the Customer has provided prior consent in the online store www.hidddn.com.
11.2 If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including profiling related to direct marketing, by notifying customer service at email@example.com.
11.3 By joining the Customer’s loyalty program, the Customer consents to the processing of his / her personal data. Personal data transmitted to the controller is protected and treated as confidential information, including information stored about the Customer and orders stored in the environment of his online store. Data communication between the Customer and the banks and the card payment centre is encrypted, which ensures the security of the Customer’s personal data and bank data. Hidddn OÜ does not have access to the Customer’s confidential bank and payment card details.
12. SOLVING ARGUMENTS
12.1 Disputes related to the processing of personal data are resolved via e-mail (firstname.lastname@example.org).
12.2 If the Customer finds that his / her rights have been violated during the processing of personal data, he / she has the right to file a complaint with the Estonian Data Protection Inspectorate (email@example.com) or a court.