The controller of personal data of the online store nola.ee is Nola OÜ (registry code 14829357), located at Veski tn 9, Kuressaare, Saaremaa vald. Phone +372 5624 4309 and e-mail email@example.com.
Types of processed personal data:
– name, phone number and e-mail address
– delivery address
– bank account number
– cost of goods and services, and payment-related data (purchase history)
– customer support details
Purposes for the processing of personal data
Submitted personal data are used for managing the customer’s orders and delivering the goods. Nola OÜ transmits personal data which are necessary for making payments to the data processor Maksekeskus AS. Purchase history data (date of the purchase, goods, quantity, customer details) are used for preparing an overview of the purchased goods and services and for analysing customer preferences. The bank account number is used for making refunds to the customer. Contact details such as the customer’s e-mail address, phone number and name are processed for resolving any issues related to the provision of the goods and services (customer support). The IP address and other network identifiers of a user of the online store are processed for providing the online store service as an information society service as well as for producing web usage statistics.
Submitted personal data are processed for the performance of the agreement concluded with the customer. Submitted personal data are processed for compliance with legal obligations (for example, accounting and settlement of consumer disputes).
Recipients of transmitted personal data
The submitted personal data are transmitted to the customer support team of the online store for managing purchases and purchase histories as well as resolving any customer issues. The customer’s name, phone number and e-mail address are transmitted to the selected delivery service provider. In the case of delivery of the goods by courier service, in addition to contact details, transmitted data shall also include the customer’s address. Personal data may be transmitted to information technology service providers if it is necessary for the functionality or data hosting of the online store.
Security and access to data
Access to submitted personal data is granted to the employees of the online store for resolving technical issues related to the use of the online store and for providing customer support. The online store shall implement the appropriate physical, organisational and information technology security measures to protect the personal data against accidental or unlawful destruction, loss and alteration as well as unauthorised access and disclosure. Personal data are transmitted to the online store’s data processors (for example, transport and data hosting service providers) under agreements concluded between the online store and the data processors. Data processors are required to ensure that appropriate security measures are taken when processing the personal data.
Accessing and amendment of personal data
Personal data shall be available for accessing and amendment in the user profile in the online store. Personal data related to purchases made without a user account shall be accessible via customer support.
Withdrawal of consent
In cases where the processing of personal data is carried out on the basis of the consent of the customer, the customer has the right to withdraw their consent by notifying customer support by e-mail.
Upon closure of a customer account in the online store, any personal data shall be deleted, unless the retention of the data is required for accounting purposes or for the resolution of consumer disputes. Histories of purchases made without a customer account shall be retained for 3 years. In the event of disputes relating to payments or consumer disputes, related personal data shall be retained until the settlement of the claim or the end of the validity period. Personal data which are necessary for accounting shall be retained for 7 years.
If you wish to have your personal data deleted, please contact our customer support team by e-mail. Requests for deletion shall be answered no later than within one (1) month and shall include a specification of the data deletion period.
Requests submitted by e-mail for the transfer of personal data shall be answered no later than within 1 (one) month. In such cases, customer support shall verify the requester’s identity and notify the requester about the personal data to be transferred.
Direct marketing messages
The customer’s e-mail address and phone number may be used for sending direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, they may opt out by using the link in the footer of such e-mails or by contacting customer support. In the case of the processing of personal data for direct marketing purposes (profiling), the customer has the right to object to the prior as well as the further processing of their personal data, including for profile analysis related to direct marketing, at any time by notifying customer support by e-mail (the notification must be presented clearly and separately from any other information).
Settlement of disputes
Disputes relating to the processing of personal data may be resolved via customer support at (CONTACT DETAILS). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).