The data controller of the Yourshelf.eu online store is Lennarti OY (registered 12133539), Kallaste tn 6, Tabasalu Harku parish, Harjumaa, Estonia 76901;
phone +372 50 44000, email riiul@lennart.ee.
What personal data is processed
– name, phone number, and email address;
– delivery address;
– bank account number;
– information regarding the price of goods and services and payment (purchase history);
– customer support information.
Purposes of processing personal data
Personal data is used for managing customer orders and delivering goods.
Purchase history data (purchase date, goods, quantity, customer information) is used to prepare reports on purchased goods and services, analyze customer preferences, and resolve consumer disputes, among other things.
The bank account number is used for refunding payments to the customer.
Personal data such as email address, phone number, and customer name is processed to resolve issues related to the delivery of goods and services (customer support). Additionally, email is used for sending invoices and the phone number is used to notify about deliveries.
The IP address of the online store user or other online identifiers is processed to provide the online store as an information society service and for online usage statistics.
Legal basis
The processing of personal data is carried out to fulfill the contract made with the customer (management of customer orders, deliveries, returns of goods, and payments).
The processing of personal data is necessary to fulfill a legal obligation (e.g., accounting).
The processing of personal data is necessary for the legitimate interests of the data controller, which concern the collection of purchase history to resolve potential consumer disputes.
Processing is carried out with the customer’s consent for the following purposes: direct marketing.
Recipients to whom personal data is disclosed
Name, phone number, email address, and delivery address are provided to the transport service provider chosen by the customer.
Data security and access to data
Personal data is stored on servers located in the territory of EU member states or countries belonging to the European Economic Area. Data may be transferred to countries whose level of data protection has been deemed adequate by the European Commission, or to a third country company that has implemented a protective measure as referred to in Articles 46 or 47 or Article 49(1) of the General Data Protection Regulation.
Personal data can be accessed by employees of the online store who have access to personal data to resolve technical issues related to the use of the online store and to provide customer support services.
The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized use, and disclosure.
The transfer of personal data from the online store’s data processors to recipients (e.g., transport service providers and data aggregators) is based on contracts between the online store and the data processors.
Data processors must ensure appropriate protective measures for the processing of personal data in accordance with Article 28 of the General Data Protection Regulation.
Access to personal data and correction
Personal data can be viewed and corrected in the online store user profile or through customer support.
If a purchase has been made without a user account, access to personal data can be obtained through the online store’s customer support.
If a request for access to personal data is made electronically, the data must also be provided using commonly used electronic means.
Withdrawal of consent
If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw consent in the settings of the customer account or by notifying customer support via email.
Retention at
When you close your online store customer account, your personal data will be deleted, except for personal data (purchase history data) that must be retained for accounting purposes or to resolve consumer disputes.
In cases of payments and consumer disputes, personal data will be retained until the claim is resolved or the limitation period has expired.
Personal data contained in original accounting documents will be retained for seven years.
Restriction
You have the right to request the restriction of the processing of your personal data if the data is inaccurate or incomplete, or if your personal data is being processed unlawfully.
Objections
The customer has the right to object to the processing of their personal data if they have reason to believe that there is no legal basis for the processing of their personal data.
Deletion
If you want to delete personal data, you must contact customer support by email. A response to the deletion request will be sent no later than one month later, and it will indicate the deletion time.
The response will also state which personal data will not be deleted and on what legal basis and for what reason.
Direct Marketing Communication
The email address and phone number will be used to send direct marketing communications if the customer has given their consent.
If the customer does not wish to receive direct marketing communications, they must select the appropriate reference from the email footer or contact customer service.
Dispute Resolution
Disputes related to the processing of personal data can be resolved by sending an email to riiul@lennart.ee.
The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).