We want you to be aware of how we collect personal information from our customers, why we collect it, what we do with it and how we protect it, and your rights.
We have based our privacy statement on a standard document prepared by the Estonian E-Commerce Association and approved by the Estonian Data Protection Inspectorate and can be found at https://e-kaubandusliit.ee
Processing of personal data
The controller of the personal data is Dun & Bradstreet Estonia AS (registry code 10117826), located at Pronksi 12, Tallinn 10117 phone +372 6414902 and email firstname.lastname@example.org . The controller has designated a data protection officer who can be contacted by phone +372 6414903 and via email email@example.com.
What personal data are processed
name, phone number and email address;
bank account number;
cost of goods and services and data related to payments (purchase history);
customer support data.
registered address of the company (business clients, incl companies registered at the home address of the company related person).
Why personal data are processed
Personal data are used to manage the customer’s orders.
Purchase history details (date of purchase, goods, quantity, customer’s data) are used for preparing summaries of goods and services purchased and for analysing customer preferences.
The bank account number is used to reimburse payments to the customer.
Personal data such as email, phone number and the customer's name are processed to handle any issues relating to the provision of goods and services (customer support).
The IP address or other web identifiers of a user of the online applications are processed for the provision of the online applications as an information society service and for web use statistics.
Personal data are processed for the purpose of performing a contract concluded with the customer.
Personal data are processed for performing legal obligations (such as accounting and the settlement of consumer complaints).
Data are processed with the customer's consent for performing the following operations: sending a newsletter, sending information materials, if the customer has expressed a wish to do so.
Recipients of personal data
Personal data are transmitted to the customer support for managing purchases and purchase history and for settling any problems that the customers may have.
Personal data are transmitted to the accountant for bookkeeping services.
Personal data may be transmitted to IT service providers if this is necessary for ensuring the functionality of the web applications or for data hosting.
Security and access to data
Personal data are stored in the servers, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to the countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the USA who have joined the Privacy Shield framework.
Personal data can be accessed by the client support staff in order to settle technical issues related to the use of the web applications and to provide customer support.
Dun & Bradstreet Estonia AS takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Personal data are transmitted to the data processors (for example data hosting services) and processed under contracts concluded between the Dun & Bradstreet Estonia AS and the processors. The processors must ensure appropriate safeguards when processing personal data.
Access to and rectification of personal data
Personal data can be accessed and rectified in the user profile of the web application. When a purchase has been made without a user account, personal data can be accessed through customer support.
Withdrawal of consent
Where personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw his/her consent by notifying customer support by email.
Personal data are erased upon the closure of a customer account of the online shop, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.
For online purchases made without a customer account, the purchase history is stored for three years.
In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period.
Personal data needed for accounting purposes are stored for seven years.
For the erasure of the personal data, customer support must be contacted via email. Requests of erasure are responded to no later than within one month and the period of erasure shall be specified.
Requests to transmit personal data submitted via email are responded to within one month. Customer support identifies the person and indicates what personal data are to be transmitted.
Direct marketing messages
Email address could be used for sending direct marketing messages to the business clients. If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the email or contact customer service.
Where personal data are processed for direct marketing purposes (profiling), the customer has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support thereof via email