PROCESSING OF PERSONAL DATA
The contoller of personal data of the online store lamilashes.ee is Unique Beauty Oü (registry code 12007421) located at Katusepapi 4/2-110 Tallinn, Estonia, tel. +372 55979456 and e-mail firstname.lastname@example.org
What personal data is processed
− name, telephone number and e-mail address;
− address of the goods delivery;
− bank account number;
− cost of goods and services and data related to payments (purchase history);
− customer support details.
For what purpose personal data is processed
Personal data is used to manage customer orders and deliver goods.
Purchase history data (date of purchase, goods, quantity, customer data) is used
to compile an overview of purchased goods and services and analyse customer preferences.
The bank account number is used to return payments to the customer.
Personal information such as email, phone number, customer name is processed in order to settle
issues related to delivery of goods and providing services (customer support).
The IP address of the online store user or other network identifiers are processed by the online
store to provide information society services and for web usage statistics.
Personal data is processed for the purpose of fulfilling the contract concluded with the customer.
The processing of personal data is carried out in order to fulfil a legal obligation (e.g. accounting
and consumer dispute resolution).
Recipients to whom personal data are transmitted
Personal information is passed to the online store customer support to manage purchases and purchase history, and to resolve customer issues.
The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer address shall also be provided.
If the online store is accounted for by a service provider, personal data will be transferred to
service provider to carry out accounting operations.
Personal data may be transferred to IT service providers if necessary
to ensure the functionality or data hosting of the online store.
Security and access to data
Personal data is stored on a single server located in a Member State of the European Union or in
in the territory of the countries acceded to the European Economic Area. Data may be
transmitted to countries where:
the level of data protection has been assessed as adequate by the European Commission and by
US companies which joined the Privacy Shield framework.
Access to personal data is provided to employees of the online store who can access personal
data in order to:
solve technical issues related to the use of the online shop and provide customer support service.
The online store shall implement appropriate physical, organisational and information
technology security measures to:
protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorised
use access and disclosure.
Transfer of personal data to authorised processors of the online store (e.g. transport service
provider and data storage) shall take place on the basis of contracts with the online store and with
processors. Authorised processors are required to provide appropriate safeguards when
processing personal data.
Access and rectification of personal data
Personal data can be accessed and rectified in the online store user profile. When the purchase is
made without a user account, personal data can be accessed via the customer support.
Withdrawal of consent
If the processing of personal data is done on the basis of the client’s consent, then the client has
the right to withdraw his / her consent by notifying customer support via email.
Personal data are deleted when a customer account is closed, except for a case when such data
need to be maintained for accounting or to resolve consumer disputes.
If a purchase is made in the online store without a customer account, the purchase history will be
stored for three years. In the case of disputes relating to payments and consumer disputes, the
personal data shall be retained until the claim is fulfilled or the limitation period expires.
The personal data necessary for accounting shall be kept for seven years.
To delete personal data, contact customer support by e-mail. A request for deletion will be
answered no later than in a month and the period for data deletion will be specified.
A request for the transfer of personal data submitted by e-mail shall be answered within a month
at the latest.
Customer support shall identify the identity and inform the personal data to be transferred.
Direct marketing messages
E-mail address and phone number are used to send direct marketing messages if the client has
given their consent. If the customer does not want to receive direct marketing messages, you
must select the e-mail footer for reference or contact customer support.
If personal data are processed for direct marketing purposes (profiling), the customer has the
right both to the initial and subsequent processing of personal data, including to object to
profiling related to direct marketing at any time by notifying the customer support via email
(this information must be provided clearly and separately from any other information).
Disputes concerning the processing of personal data are resolved through customer support
(CONTACT DATA). The Supervisory Authority is the Estonian Data Protection Inspectorate
Our company is the controller of personal data, our company transmits the personal data
necessary for the execution of payments to the processor: Maksekeskus AS.