Processing of personal data is any operation performed with the personal data of the website user (hereinafter referred to as the user) – collection, processing, storage, correction or deletion of data.
Users are all those who visit the website, consume the services, buy from the e-shop or transmit information to sisbaltics. These include reading articles, ordering services, buying products in the online shop or contacting sisbaltics by email.
Services are all products and services, including e-books offered by sisbaltics for free and for a charge.
PROCESSING OF PERSONAL DATA
Sisbaltics collects the following personal data of users through the website in the following ways:
- name, phone number and email address;
- address of delivery of goods;
- bank account number;
- cost of goods and services and payment data (purchase history);
- customer support data.
USE OF PERSONAL DATA
Sisbaltics uses personal data:
- for providing a service to the user,such as entering into and performing a contract, communicating with a user, forwarding invoices;
- for sending notifications to the user’s email address about new articles, services and campaigns, but only with the user’s prior consent;
- for managing customer orders and delivering goods;
- purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyse customer preferences;
- the bank account number is used to return payments to the customer;
- personal data such as email, phone number and customer name are processed to resolve issues related to the delivery of goods and services (customer support);
- the online store user’s IP address or other network identifiers are processed in order to provide the services of the online store as an information society service and to generate web usage statistics.
Sisbaltics uses website traffic statistics to improve the website user experience and to achieve more efficient marketing.
The user has the right at any time to prohibit the processing of his or her personal data, unless it is necessary for the performance of the claim arising from the contract, including the provision of the service.
TRANSMISSION OF PERSONAL DATA TO THIRD PARTIES
Third person contract partners of sisbaltics who process personal information and with the help of whose product or service sisbaltics also provides services to the user.
In its daily operations, sisbaltics uses third parties who provide:
- an e-mail transmission and management system;
- website hosting;
- analysis of website usage statistics;
- the use of social media and analysis of social media statistics;
- making payments in the online shop;
- use of accounting software;
- transport service.
LINKS TO OTHER WEB PAGES AND EMBEDDED CONTENT
Some pages, such as a blog, may have links to other websites or contain embedded content, such as a YouTube video that the visitor can view directly on the blog. When using embedded content, in a technical sense, one visits another website, such as YouTube, which is subject to the terms and conditions of this website.
These pages may collect data about the user, replace cookies or forward user data to third parties.
STORAGE AND SECURITY OF PERSONAL DATA
Sisbaltics implements the appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
Sisbaltics retains personal data as long as it is necessary for the performance of its goal or required by law. For example, accounting data is stored for 7 years from the end of the financial year, while the email address in the mailing list will be retained until the user expresses a wish to remove it.
Personal data will be deleted when the online store customer account is closed unless such data needs to be kept for accounting or to resolve consumer disputes. If a purchase has been made in the online store without a customer account, the purchase history will be retained for three years.
In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is fulfilled or until the expiry of the limitation period. Access to personal data is granted to the online store employees who can access personal data in order to resolve technical issues related to using the online store and to provide a customer support service.
The transfer of personal data to authorized processors of the online store (e.g., transport service providers and data hosting) takes place on the basis of contracts concluded with the online store and the authorized processors. Authorized processors are required to ensure appropriate safeguards for the processing of personal data.
ACCESS TO, CORRECTION, DELETION AND TRANSFER OF PERSONAL DATA
Personal data can be accessed and corrected in the online shop user profile. If the purchase is made without a user account, the personal data can be accessed via customer support.
In order to delete personal data, customer support must be contacted by email. The application for the deletion shall be answered no later than within one month, and the period of the deletion shall be specified.
An application for the transmission of personal data by e-mail shall be replied to within one month at the latest. Customer support identifies the person and informs them about the personal data that are subject to the transfer.
The user is entitled at any time:
- to express their wish to access their own data;
- to require the correction, supplementation or deletion of personal data under the conditions prescribed by law;
- to require the processing of personal data to be restricted;
- to require the transfer of personal data.
In order to exercise their rights, the user must send a relevant application by e-mail to firstname.lastname@example.org.
If the user belongs to the sisbaltics email list, he or she can remove himself/herself from the mailing list and unsubscribe from further messages via the link at the end of each email.
If the user believes that his/her rights have been violated in the processing of personal data, he/she has the right to address any concerns with the Data Protection Inspectorate.
COOKIES AND PIXELS
A cookie is a small text file that the web browser automatically saves on the device used by the user. Cookies may be created by different providers, such as Google and Facebook. Cookies are not harmful to the computer.
There are two types of cookies:
- Persistent cookies, which remain permanently in the cookie file on the user’s computer. They can be used, for example, to identify a user as a repeat visitor to a web page and to customise the content of a website according to the needs of the user or the collection of statistical data.
- Session cookies are temporary and disappear when the user leaves the website or closes their web browser. Session cookies may be used to enable certain features of a web page, such as applying for a service or product, etc.
Cookies are used to gather information about how a website is used to make it more personal and user-friendly for users. In addition, cookies help to gather user statistics that help measure and improve the website’s performance and provide basic information to conduct effective marketing activities.
The user is deemed to have accepted cookies if his/her browser settings allow cookies. Often, web browsers allow the default storage of cookies on the device. The user may disable or delete cookies on his/her device by changing the settings of his/her browser.
For collecting usage statistics, sisbaltics uses the services of Google Analytics and Facebook Analytics by collecting data on visited subpages, visit time, number of visits, equipment used, entry channels and other statistics.
Pixels are used to deliver ads targeted to users of the sisbaltics website on Google, on the websites of Google partners and on Facebook. The following links provide more information about Facebook ads, Facebook Pixel and Google ads.
SETTLEMENT OF DISPUTES
Disputes related to the processing of personal data are resolved through customer support (email@example.com). The Supervisory Authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).