www.alkostar.eu online store (hereinafter: e-shop) the personal data of the customer that has become known during the visit and purchases will be treated confidentially.
If the customer buys goods from the e-shop, we enter into a purchase and sale agreement (hereinafter: agreement), for which we need the following data of the client: first name, surname, telephone number, e-mail address, postal address.
The e-shop has the right to collect personal data provided by the customer to the e-shop, and to disclose them to a third party if necessary in order to fulfil the order. The e-shop has the right to use the customer’s personal data in its business activities to transmit advertising and other information to the customer.
The customer has the right to prohibit the collection and use of his / her personal data at any time unless it is necessary for the collection of a claim arising from the agreement or for the performance of the agreement. The e-shop does not disclose the data published by the customer to the e-shop to persons not involved in the execution of the order, except in cases prescribed by law.
The security of the payment links used to pay for the goods is ensured by an encrypted data communication channel, during which third parties do not have access to personal data and bank details.
The e-shop uses the “E-Commerce Payment Gateway” solution offered by EveryPay AS (payment service provided) to enable credit card payments, which is intended for web-based solutions (in online stores or offering other e-services) for secure, convenient and easy servicing of card payments. At the time of payment, the cardholder’s card data is entered by the cardholder into the database located on the EveryPay AS server where it is also stored.
PROCESSING OF PERSONAL DATA
The chief processor of the personal data of the e-shop is Rabavälja OÜ, reg. nr: 12688964, Vilja 16B, Võru, Estonia, e-mail firstname.lastname@example.org (hereinafter controller).
What data is processed and may be processed?
– name, telephone number and e-mail address;
− postal address;
− bank account number;
− data related to the cost of goods and payments (purchase history);
− customer support data (incl. e-mail correspondence and other chat history);
− The IP address of the device used.
For what purpose is the data processed?
Personal data is used to manage the customer’s orders and fulfil the agreement and simplify the purchase process once the customer has created an account in the e-shop.
Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and to analyze customer preferences.
If necessary, the bank account number may be used to return payments to the customer.
Personal data such as e-mail, postal address, telephone number, customer name are processed to resolve issues related to the sale of goods (customer support).
The IP address or other network identifiers of the online store visitor are processed to provide the online store as an information society service and to compile online usage statistics.
Recipients to whom personal data are transmitted
Personal data is transmitted to manage e-shop purchases and purchase history and to solve customer service problems.
The customer’s name, telephone number, postal address and e-mail address will be forwarded to the transport service provider selected and ordered by the customer.
If the accounting of the e-shop is performed by the service provider, the personal data shall be transmitted to the service provider for performing accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the e-shop or data hosting.
We use Klarna as a check-out provider. This means that we may transfer your personal information in the form of contact and order information to Klarna once the store purchase transaction has been downloaded so that Klarna can manage your purchase. Your transferred personal data will be processed in accordance with Klarna’s own privacy statement.
Use of data in payment processing
In order to process payments, we will forward your payment details to the credit institution responsible for the payment. In some cases, the selected payment service providers will also collect this information themselves when you open an account with them. In this case, you must log in to the payment service provider with your access credentials during the ordering process. In this context, the data protection rule of the respective payment service provider applies.
Security and access to data
Personal data is stored on servers located in the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated with the Privacy Shield framework.
E-store employees have access to personal data, who can access personal data in order to resolve technical issues related to the use of the online store, provide customer support services and deal with order fulfilment.
The e-shop implements appropriate physical, organizational and IT security measures to protect personal data from an accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to the authorized processors of the e-shop (e.g. data hosting) takes place on the basis of agreements concluded with the e-shop and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
Retention of personal data
Upon closing the customer account of the e-shop, personal data shall be deleted, unless such data needs to be retained until the end of mandatory tax and business retention periods or for the resolution of consumer disputes.
If the purchase from the e-shop has been made without a customer account, the purchase history will be stored for three years.
In the case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or the limitation period expires.
Direct marketing communications
The e-mail address is used to send direct marketing messages if the customer has given the respective consent. If the customer does not wish to receive direct marketing notifications, the appropriate reference must be selected in the footer of the e-mail or customer support must be contacted (email@example.com).
If personal data is processed for direct marketing purposes (profiling), you have the right to object at any time to the initial and further processing of your personal data, including profiling in connection with direct marketing, by notifying customer support by e-mail (clearly and separately from any other information).
You can see the duration of the save in the cookie settings overview of your web browser. You can set your browser to notify you when cookies are set, and you can decide individually whether to accept them or exclude them in certain cases or altogether. Each browser is different in how it manages cookie settings. This is described in each browser’s help menu, which explains how you can change your cookie settings. You can find them for the appropriate browser at the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies Safari ™: https://support.apple.com/kb/ph21411?locale=de_DEChrome ™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=et&answer=95647 Firefox ™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnenOpera ™: http://help.opera.com/Windows/10.20/de/cookies.html
If you do not accept cookies, the functionality of the e-shop may be limited. If you have given your consent in accordance with Article 6 (1) (1) (a) of the General Data Protection Regulation, this website will also use the so-called DoubleClick cookie as part of the Google Analytics application for advertising purposes (see below) to identify your web browser. The information automatically generated by the cookie about your visit to this website is transmitted to and stored by Google on servers in the United States. The IP address will be abbreviated by activating the anonymisation of the IP address on this website before transmission in the Member States of the European Union or in other Contracting Parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. and abbreviated there. The anonymous IP address provided by your browser as part of Google Analytics will not be combined with other Google data.
Google will use this information for the purpose of compiling reports on website activity and providing other services relating to website activity. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. If you stop using Google DoubleClick, the data collected in that context will be deleted.
Google DoubleClick is a product of Google LLC. (www.google.de). Google LLC is headquartered in the U.S. and is certified under the EU-US Data Protection Framework. The relevant certificate can be viewed here. Under this agreement between the US and the European Commission, the Commission has set an adequate level of data protection for companies certified under the data protection framework.
You can revoke your consent at any time in the future by deactivating the DoubleClick cookie via this link. In addition, you can find more information about storing and setting cookies from the Digital Advertising Alliance. You can set your browser to notify you when cookies are set, and you can decide individually whether to accept them or exclude them in certain cases or altogether. If you do not accept cookies, the functionality of our website may be limited.
You can withdraw your consent at any time by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This prevents cookies from collecting data related to your use of the website (including your IP address) and the processing of this data by Google.
Data subject’s rights and their exercise
The data subject has the following rights in relation to the processing of his or her personal data:
- – the right to request access to personal data about the client;
- – the right to request the rectification and erasure of data;
- – the right to request the deletion of data;
- – the right to restrict the processing of personal data
- – the right to object to the processing of personal data;
- – the right to request the transfer of personal data;
- – the right not to be the subject of a decision based on automated processing;
- – the right to withdraw consent;
- – the right to claim damages;
- – the right to lodge a complaint with the data protection supervisory authority.
A so-called data protection officer has been appointed by the controller to perform data protection tasks, in particular, to advise the controller’s staff on the implementation of data protection standards, monitor the controller’s compliance with personal data protection principles, respond to data protection requests and act as a contact point for the supervisory authority. The service of the Data Protection Officer is provided by the contractual partner of the controller: Name and contact details of the Data Protection Officer.
Make a written request to exercise your rights listed above: firstname.lastname@example.org.
Settlement of disputes
Pursuant to Article 77 of the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or employment.
If you have any questions about your personal data, the collection, processing or use of information, the rectification, blocking or deletion of data, as well as the withdrawal of consent or a specific objection to the use of data, please contact us directly using our contact details (email@example.com).