What personal data are processed
- contact information such as a telephone number and an e-mail address;
- payer’s address and delivery address;
- bank account number;
- costs of goods and services and data related to payments (purchase history);
- customer support details;
- other information related to customer surveys and/or offers.
For what purpose personal data are processed
Personal data are processed for the purposes of the performance of the contract concluded with the customer. Personal data are processed for the performance of legal obligations (for example, accounting and the resolution of consumer disputes). Personal data are used for managing the customer’s orders and delivering the goods. Purchase history data (purchase date, goods, quantity, customer data) are used for preparing an overview of goods and services purchased and for analysing customer preferences. The bank account number is used to refund payments to the customer. Personal data such as e-mail address, telephone number and customer name are processed in order to resolve any issues related to the provision of goods or services (customer support). The IP address or other online identifiers of the user of the online shop are processed for the provision of the online shop as an information society service and for the compilation of Internet use statistics.
Security and data access
Personal data are stored on the servers of Zone Media OÜ located within the territory of a Member State of the European Union or of a country that has acceded to the European Economic Area. Data may be transmitted to countries where the European Commission has estimated the level of data protection to be sufficient or to companies in the United States that have signed up for the Privacy Shield framework.
The online shop takes appropriate physical, organisational and information technology security measures in order to protect personal data against accidental or unlawful destruction, loss, modification or unauthorised access or disclosure.
Transmission of personal data to the authorised processors of the online shop – personal data are processed under the contract concluded between the online shop and the authorised processor. The authorised processors are required to ensure appropriate safeguards during the processing of personal data.
List of authorised processors:
- Nobel Digital OÜ (Web development provider)
- Erply (Order handling, bookkeeping)
- Google Analytics (Web traffic analysis)
- Montonia Finance UAB (handling payments)
- Esto AS (Handling payments)
- Omniva AS (Order shipping)
- Itella Smartpost (Order shipping)
Personal data is processed based on the customer’s consent in order to proovide them the best service and the best shopping experience. BRG Estonia OÜ processes personal data for such reasons as, for example, collecting information about purchases made, offering targeted products and services, carrying out prize draws, and receiving information concerning the reading and opening of newsletters in order to offer customers content that they may find interesting.
The email address and phone number are used for sending out direct marketing messages only if the customer has provided their consent. A customer who does not wish to receive direct marketing messages must click on the respective link in the email or contact customer support. If personal data are processed for the purpose of direct marketing (profiling), the customer may object to any initial and further processing of their personal data, including profiling which is related to direct marketing, at any time by notifying the customer support of this requirement via email.
Inspection and amendment of personal data
Personal data may be examined and rectified via the user profile on the online store. If a purchase has been made without a user account, personal data may be examined via customer support.
If personal data are processed on the basis of consent, the customer may withdraw their consent by notifying customer support via email.
When a customer account is closed in the online shop, any personal data are deleted, except where such data need to be retained for accounting or the resolution of consumer disputes. If a purchase has been made in the online shop in the capacity of a visitor (without a user account), the individual purchase history will be retained for three years. In the event of disputes related to payments or consumer disputes, personal data are retained until the settlement of the claim or until the expiry of the limitation period (three years). Personal data needed for accounting are retained for seven years.