Privacy policy

PRIVACY POLICY
PROCESSING OF PERSONAL DATA

Responsible for processing of the personal data in pood.regio.ee is Regio OÜ  (Reg. No. 12971967), address Riia 35, Tartu linn, 50410, phone +372 731 0122, email kaardid@regio.ee. We forward the personal data needed for payment to authorized processor Maksekeskus AS-le.

Personal data processed:
·         name, phone number and e-mail address;
·         delivery address;
·         bank account number;
·         the value of goods and services and history related to payments (purchase history);
·         customer support information.

Purpose for processing personal data

Personal data will be used for order management and delivery. 
Purchase history (order date, goods, amount, customer information) will be used for analyze customer preferences and for getting overview over purchased goods and services.
Bank account number will be used for refund of payments. 
Personal data such as e-mail, phone number, customers name will be processed to solve questions rinsed in purchasing the goods and services (customer support). 
The IP-address and other network identifiers of the online store visitor will be processed for monitoring web usage statistics and for providing the online shop service as one of the information society services.

Legal basis

The processing of personal data is used for filling the contract concluded with the client. 
The processing of personal data is used for filling the legal obligations (for example accounting, consumer dispute resolution). 

Recipients, the personal data is forwarded

Personal data will be transferred to online shop client support for managing the purchases and purchase history and for customer dispute resolution. 
Name, phone number and e-mail is transferred to the transport service provider chosen by the customer. In case of delivery by courier additionally  the delivery address will be forwarded.
When the accounting service is provided by service provider, the personal data will be transferred to service provider for accounting operations. 
Personal data can be transferred to information technology service providers, when it is necessary for assurance the functionality or data hosting of the online store.  

Security and access to data

Persons data is stored on the server of OÜ Elkdata. These are located  in the territory of a Member State of the European Union or countries which have joined the European Economic Area. Data can be sent to countries,  whose level of data protection has been assessed as adequate by the European Commission and for US companies that have joined with the Privacy Shield.
Access to the personal data have the workers of the online shop, who need to see the data to solve technical issues related to the use of the online shop and provide customer support service. 
The online store implements measures appropriate physical, organizational and IT security measures, to protect personal data for accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to the authorized processors of the online store (e.g. transport service provider and data hosting) takes place on the basis of agreements concluded with the online store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.

Access to and correction of personal data

Personal data can be accessed and corrections made through the online store user profile. If the purchase is made without a user account, personal data can be accessed through client support.  

Withdrawal of consent

If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.

Retention

When closing the customer account of the online store, personal data will be deleted, unless such data needs to be kept for accounting or for resolving consumer disputes.
If the purchase in the online store has been made without a customer account, the purchase history will be stored for three years. In the case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires.
Personal data required for accounting purposes are kept for seven years.

Deleting

To delete personal data, customer service must be informed by e-mail. A request for erasure shall be answered no later than within one month and the period for erasure of data shall be specified.

Transfer

A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest.
Customer support will identify the person and notifies the personal data to be transferred.

Direct marketing communications

E-mail and phone number will be used for direct marketing communications only in case the customer has given his consent. When customer wants to unsubscribe from direct marketing notification, the reference at the end of the letter must be selected or the customer service contacted. 
When the personal data is used for direct marketing, the customer is entitled to object at any time against processing the personal data including the profile analyze related to direct marketing, by notifying customer support via e-mail.

Settlement of disputes related to the processing of personal data

The settlement of disputes related to the processing of personal data are resolved through customer support - Leida Lepik, Regio OÜ  (Reg. No. 12971967) address Riia 35, Tartu linn, 50410, phone +372 731 0122, e-mail kaardid@regio.ee.
The supervisory authority is Data Protection Inspectorate (info@aki.ee).