Data protection conditions
The chief processor of personal data of the online store anewbydiana.com is ANew OÜ (registry code 16138195) located at Vana-Võidu pst 7-11, 70108, Viljandi vald, Viljandi county, Estonia.
What personal data is processed
- name, phone number and email address
- delivery address
- cost of goods and services and data related to payments (purchase history)
For what purpose is personal data processed?
Personal data is used to manage customer orders and deliver goods.
Purchase history data (date of purchase, goods, quantity, customer data) is used to compile an overview of purchased goods and services, to analyze customer preferences and, inter alia, to resolve consumer disputes.
Personal data, such as e-mail, telephone number, customer name, is processed to resolve issues related to the provision of goods and services (customer support). E-mail is also used to send invoices and the telephone number is used to notify the goods that have arrived at the parcel machine.
The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and to compile online usage statistics.
The processing of personal data takes place for the purpose of fulfilling the contract concluded with the customer (management of the customer’s orders, delivery, return of goods and payments).
The processing of personal data is carried out in order to fulfill a legal obligation (eg accounting).
The processing of personal data is necessary due to the legitimate interest of the controller in the collection of purchase history data for the purpose of resolving potential consumer disputes.
Data processing is performed with the consent of the client to perform the following activities: Direct marketing (Newsletter)
Recipients to whom personal data are transmitted
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer’s address will be provided in addition to the contact details.
If the online store is accounted for by the service provider, the personal data will be transferred to the service provider for accounting purposes.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
Personal data is transmitted via the online store to payment solution service providers for payment transactions.
Security and access to data
The employees of the online store have access to personal data, who can access the personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.
The Online Store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure, which are: data is exchanged with the e-shop via an encrypted connection, customer passwords are encrypted; standard encryption is used, a firewall is implemented to protect e-commerce servers, regular backups are created.
The transfer of personal data to the recipients of the online store’s authorized processors (eg transport service provider, data hosting and payment solution provider) takes place on the basis of agreements concluded with the online store and the authorized processors. Data controllers are required to ensure appropriate safeguards for the processing of personal data in accordance with Article 28 of the General Data Protection Regulation.
Access to and correction of personal data
Personal data can be accessed and corrections made to the online store’s user profile or via customer support. If the purchase has been made without a user account, personal data can be accessed via customer support. If the request for access to personal data is submitted electronically, the information shall also be provided by publicly available electronic means.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.
When closing the customer account of the online store, personal data is deleted, except for personal data (purchase history data) that needs to be kept for accounting or resolving consumer disputes.
In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is fulfilled or the limitation period expires.
The personal data contained in the source accounting documents shall be kept for seven years.
The customer has the right to request a restriction on the processing of his or her personal data if the data is incorrect or incomplete or if his or her personal data is processed illegally.
The customer has the right to object to the processing of his personal data if he has grounds
believe that there is no legal basis for processing his personal data.
To delete personal information, contact customer support via email. A request for erasure shall be answered within a month at the latest and the period for erasure shall be specified. The reply to the request shall also indicate the personal data which will not be deleted and on what legal basis and for what reason.
Disputes related to the processing of personal data are resolved through customer support email@example.com. The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).