PERSONAL DATA PROCESSING
The personal data controller of the online store www.hoia.bio is HTM Karolin OÜ (registry code 12619762) located at Lossi tn 1, phone 5081665 and e-mail info@hoiahomespa.com.
What personal data is processed
− name, telephone number and e-mail address;
− ATM location − bank account number;
− cost of goods and services and data related to payments (purchase history);
− customer support data.
For what purpose are personal data processed?
Personal data is used to manage customer orders and deliver goods. Purchase history data (purchase date, product, quantity, customer data) is used to create an overview of purchased goods and services and to analyze customer preferences. The bank account number is used to return payments to the customer if necessary. Personal data such as e-mail, phone number, customer name are processed in order to resolve issues related to the provision of goods and services (customer support). The online store user’s IP address or other network identifiers are processed for the provision of the online store as an information society service and for online usage statistics.
Legal basis The processing of personal data takes place for the purpose of fulfilling the contract concluded with the customer. The processing of personal data is carried out in order to fulfill a legal obligation (eg accounting and settlement of consumer disputes).
Recipients to whom personal data is transferred
Personal data is transferred to the customer support of the online store to manage purchases and purchase history and to solve customer problems.
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer’s address will be provided in addition to the contact details.
If the online store is accounted for by the service provider, the personal data will be transferred to the service provider for accounting purposes.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
Security and data access
Personal data is stored on www.hoia.bio servers located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated with the Privacy Shield framework.
The employees of the online store have access to personal data, who can access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.
The Online Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to the authorized processors of the online store (eg transport service provider and data hosting) takes place on the basis of agreements concluded with the online store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
Viewing and correcting personal data
If the purchase has been made without a user account, you can consult the personal data via customer support.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by notifying epoe customer support by e-mail.
Storage
Upon closing the customer account of the online store, personal data will be deleted, except in cases where it is necessary to keep such data for accounting purposes or to resolve consumer disputes.
If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years.
In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim has been complied with or until the expiry of the limitation period.
Personal data required for accounting purposes shall be kept for seven years.
Erasure
To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the exact time of data deletion will be specified.
Transfer
The request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies the identity and informs about the personal data that is subject to transfer.
Direct marketing messages
The e-mail address and phone number are used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, he must select the corresponding reference in the footer of the e-mail or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including profiling related to direct marketing, by notifying customer support by e-mail. (this information must be provided clearly and separately from any other information).
Solving arguments
Disputes related to the processing of personal data are resolved through customer support (tel. 5081665, email info@hoiahomespa.com). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).