PERSONAL DATA PROCESSING
The main processor of personal data for the Grillnurk.ee online store is Oden grupp OÜ (registration code 14376878), located at Kassi 9, Tallinn, Harjumaa, 12618, Estonia, phone +372 5610 3065 and email info@grillnurk.ee.
What personal data is processed
- name, phone number and email address;
- product delivery address;
- bank account number;
- cost of goods and services and payment-related data (purchase history);
- customer support details.
For what purposes is personal data processed?
Personal data is used to manage customer orders and deliver products.
Oden grupp OÜ – the main processor of personal data, transfers the personal data necessary for payment processing to the authorized processor AS Maksekeskus
Purchase history data (purchase date, products, quantity, customer data) is used to compile an overview of purchased goods and services and analyze customer preferences.
The bank account number is used for refunding payments to the customer.
Personal data such as email, phone number, customer name is processed to resolve issues related to the provision of goods and services (customer support).
The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and to collect internet usage statistics.
Legal Basis
Personal data is processed for the purpose of fulfilling the contract concluded with the customer.
Personal data processing is carried out to fulfill legal obligations (e.g., accounting and consumer dispute resolution).
Recipients to whom personal data is transferred
Personal data is transferred to the online store’s support service for managing purchases and purchase history, as well as resolving customer issues.
Name, phone number and email address will be sent to the transport service provider chosen by the customer. In case of courier delivery, the customer’s address will also be provided along with the contact details.
If the online store is registered with a service provider, personal data will be transferred to the service provider for transaction accounting.
Personal data may be transferred to information technology service providers if necessary to ensure online store functionality or data hosting.
Security and Data Access
Personal data is stored on servers located within the European Union member state or countries that have joined the European Economic Area. Data may be transferred to countries whose data protection level has been assessed as adequate by the European Commission and to US companies that are bound by the Privacy Shield framework.
Online store employees have access to personal data and may access personal data to resolve technical issues related to online store use and to provide customer support services.
The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the online store (e.g., transport service provider and data hosting) is carried out based on agreements concluded between the online store and authorized processors. Authorized processors are required to ensure appropriate security measures for processing personal data.
Access to Personal Data and Corrections
Access to personal data and making corrections is available through the online store user profile. If a purchase was made without a user account, personal data can be accessed through customer support.
Withdrawal of Consent
If personal data processing is based on customer consent, the customer has the right to withdraw consent by notifying customer support via email.
Data Retention
When closing an online store customer account, personal data will be deleted unless such data needs to be retained for accounting or consumer dispute resolution.
If an online store purchase was made without a customer account, the purchase history will be stored for three years.
In case of payment-related disputes and consumer disputes, personal data will be stored until the claim is satisfied or the limitation period expires.
Personal data required for accounting purposes is stored for seven years.
Data Deletion
To delete personal information, contact customer support via email. The deletion request must be responded to within one month, and the period for data deletion must be specified.
Data Transfer
A response to a personal data transfer request sent via email will be provided no later than one month. Customer support will identify and notify you of the personal data to be transferred.
Direct Marketing Communications
Email address and phone number will be used to send direct marketing messages if the customer has given consent. If the customer does not wish to receive direct marketing messages, select the appropriate link in the email footer or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of their personal data, including profiling related to direct marketing, by notifying customer support via email.
Dispute Resolution
Disputes related to personal data processing are resolved through customer support, info@grillnurk.ee. The supervisory authority is the Estonian Data Protection Inspectorate, info@aki.ee.
If you have any questions or concerns about the privacy policy or data processing, please contact us at info@grillnurk.ee.
