Personal Data Processing
The responsible processor of personal data of the lol-surprise.ee online store is 4Family OÜ (registry code: 14235907), legal address: Harjumaa, Tallinn, Vormsi 4-25, 13913, Estonia, tel.: +372 5622 7987, e-mail: firstname.lastname@example.org.
What personal data are processed?
- name, phone number and e-mail address;
- delivery address;
- bank account number;
- the cost of goods and services, as well as the data related to payments (purchase history);
- data required to support customers.
Purpose of Personal Data Processing
Personal data are used to manage customers’ orders and deliver goods.
Purchase history data (purchase date, goods, quantity, customer’s data) are used to provide an overview of purchased goods and services, as well as to analyze customer preferences.
Bank account number is used to return funds to a customer.
Personal data such as e-mail, phone number, customer's name are processed to resolve issues related to goods and provision of services (customer support).
The IP address or other network identifiers of a user of the online store are processed to provide services by the online store as part of the information society, as well as to collect statistics on the use of the Internet.
Personal data are processed for the purpose of implementing a contract concluded with a customer.
Personal data are processed to fulfill legal obligations (such as accounting and resolution of consumer disputes).
Personal data are transmitted to the customer support of the online store to manage purchases and purchase history, as well as to resolve any problems that customers may face.
Name, phone number and e-mail address are transmitted to the transport service provider selected by a customer. In the case if the goods are delivered by a courier, the customer’s address is also transmitted together with the contact information.
If the accounts of the online store are kept by a corresponding service provider, personal data are transmitted to this service provider for performing accounting operations.
Personal data may be transmitted to IT service providers, if it is necessary to ensure the functionality of the online store or data storage.
Security and Access to Data
Personal data are stored on the servers located on the territory of a member state of the European Union or countries of the European Economic Area. Data can be transferred to those countries whose data protection levels have been assessed as adequate by the European Commission, as well as to US companies that have joined the Privacy Shield framework.
Personal data can be accessed by the staff of the online store who can acquaint themselves with personal data in order to settle technical issues related to the use of the online store and provide customer support services.
The online store takes the appropriate physical, organizational and IT security measures to protect personal data against accidental or illegal destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the online store (such as transport service and data storage providers) is made on the basis of contracts concluded between the online store and authorized processors. When processing personal data, the authorized processors must ensure appropriate protective measures.
Access to and Rectification of Personal Data
Personal data can be accessed and rectified in the user profile of the online shop. In the case if a purchase has been made without creating a user account, personal data can be accessed through the customer support.
Withdrawal of Consent
In the case if personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw his/her consent by notifying the customer support via email.
When a customer account is closed in the online store, personal data are deleted, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.
For online purchases made without a customer account, the purchase history is stored for three years. In the event of disputes concerning payments and consumer claims, personal data are stored until a claim is satisfied or until the expiry of the period of limitation under a claim.
Personal data needed for accounting purposes are stored for seven years.
To delete personal data, please contact the customer support via e-mail. Requests for deletion shall be responded to no later than within a month, and the period of data deletion shall be also specified.
Requests for the personal data transfer submitted via e-mail shall be responded to within one month. Customer support shall identify a person and report the transfer of personal data.
Direct Marketing Messages
E-mail address and phone number are used to send direct marketing messages, if a customer has given the respective consent. If a customer does not want to receive direct marketing messages, he/she should select the relevant link at the footer of the e-mail or contact customer support.
If personal data are processed for the direct marketing purposes (profiling), the client has the right at any time to object to both the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying the customer support thereof by e-mail.
Disputes related to the personal data processing shall be settled through the customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).
The following types of cookies are used on the web page:
Strictly necessary/Essential cookies. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. They do not collect information that identifies a visitor;
Performance cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. They don’t collect information that identifies a visitor. All information these cookies collect is aggregated and anonymous. These cookies are only used to improve the work of a website;
Functionality cookies allow a website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a web page may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other customizable elements of web pages. They may also be used to provide services you have asked for, such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites;
Targeting/Advertising cookies are used to deliver adverts more relevant to your interests. Moreover, they are used to limit the number of times you see an advertisement as well as help measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. Advertising cookies remember that you have visited a website and this information is shared with other organizations, such as advertisers. Quite often targeting or advertising cookies are linked to website functionality provided by the other organization;
Information collected by third parties is used to make predictions about your interests or preferences, so that they may display advertisements or promotional materials tailored to your apparent interests on their website or other pages on the Internet.
Partners and ad networks that serve interest-based ads have limited access to a small amount of information about your profile and device, which is required to serve advertisements tailored to your apparent interests. At that, they may be able to reuse this small amount of information on other websites or services.
We do not share with third parties any information that may identify you (such as an e-mail address); however, they may have access to information about the device you use (such as IP address or MAC address). We do not have access to or control over the technologies that such third parties use to collect information about your interests, and the third-party data-processing techniques are not covered by this Privacy Notice. We do not control the activities of third parties, except as provided in this document.