1. Processing of personal data
The controller of personal data on the website www.artlab.ee is Artlab OÜ (registration code 12905674), with registered office at J.Vilmsi 53J, Tallinn, 10126, tel. +372 58667027 and e-mail firstname.lastname@example.org.
2. What personal data is processed
name, telephone number and e-mail address;delivery address;bank account number;cost of goods and services and payment details (purchase history);customer support details.
3. Purposes for which personal data are processed
Personal data is used for the management of customer orders and the delivery of goods.
Purchase history data (date of purchase, goods, quantity, customer details) is used to compile an overview of goods and services purchased and to analyse customer preferences.
The bank account number is used to return payments to the customer.
Personal data, such as e-mail, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support).
The IP address of the user of the webshop or other network identifiers are processed for the purpose of providing the webshop as an information society service and for web usage statistics.
4. Legal basis
The processing of personal data is carried out for the purpose of the performance of a contract with a customer.
The processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting and consumer dispute resolution).
5. Recipients to whom personal data are transferred
The personal data will be transferred to the customer support of the online shop for the management of purchases and purchase history and for the resolution of customer problems.
The name, telephone number and e-mail address will be transmitted to the transport service provider chosen by the customer. In the case of goods to be delivered by courier, the customer’s address will be transmitted in addition to the contact details.
In the case of the accounting of the online shop by the service provider, the personal data will be transmitted to the service provider for the purpose of accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality or data availability of the online shop.
6. Security and access to data
Personal data is stored on zone.ee servers located in the territory of a Member State of the European Union or in the territory of a country that is a member of the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to companies in the United States that have signed up to the Privacy Shield.
Access to personal data is granted to the employees of the online shop who can access personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services.
The online shop implements appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Transfers of personal data to the online shop’s processors (e.g. transport service providers and data aggregators) are subject to agreements between the online shop and the processors. The processors are obliged to ensure appropriate safeguards when processing personal data.
7. Access to and correction of personal data
Personal data can be accessed and corrected in the user profile of the online shop.
8. Withdrawal of consent
Where the processing of personal data is based on the consent of the customer, the customer has the right to withdraw consent by informing Customer Support by e-mail.
9. Personal data will be deleted upon closure of the online shop’s customer account, unless such data need to be stored for accounting purposes or for the settlement of consumer disputes.
In the event of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is settled or the limitation period expires.
Personal data necessary for accounting purposes shall be kept for seven years.
In order to delete personal data, please contact Customer Support by e-mail. A reply to the deletion request will be sent within one month at the latest, specifying the period of deletion.
Requests for transfer of personal data made by e-mail will be answered within one month at the latest. The Customer Support will verify the identity and inform about the personal data to be transferred.
12. Direct marketing communications
The e-mail address and telephone number will be used to send direct marketing communications, if the customer has given his consent. If the customer does not wish to receive direct marketing communications, he/she should select the appropriate reference in the footer of the e-mail or contact customer support.
Where personal data are processed for the purposes of direct marketing (profiling), the customer has the right to object at any time to both the initial and further processing of his/her personal data, including profiling in relation to direct marketing, by informing customer support by e-mail.