The controller of personal data for the e-shop www.lockforce.ee is LOCK FORCE OÜ, registry code 11884410, address Mustamäe tee 18 Tallinn, phone 660 9997 and email firstname.lastname@example.org (hereinafter the Controller).
The data subject (hereinafter the Customer) is a private or legal person whose personal data is processed by the Controller. A Customer is a private or legal person who purchases goods from the website of the Controller or uses any other services provided by the company.
Personal data is any data regarding an identified or identifiable natural person which is gathered from the Customer when formalising an order at the Lock Force OÜ e-shop at www.lockforce.ee.
The personal data collected by the Controller is confidential and not communicated to third parties, except to a company providing postal or courier services in the extent necessary for delivering the goods to the Customer or making a payment.
Which personal data is processed?
The personal data used for processing include the following:
- contact information, such as the telephone number and email address;
- address of the payer and delivery address;
- bank account number;
- price of the goods and services, payment information (purchase history);
- customer support data;
- payment card data;
- other data related to customer surveys and/or offers.
For what purposes is the personal data processed?
Personal data is processed for the purpose of performing the contract concluded with the Customer. Personal data is processed to fulfil a legal obligation (e.g. accounting and settlement of consumer disputes).
Personal data is used to manage the Customer’s orders and deliver the goods.
Purchase history data (purchase date, goods, quantity, Customer data) is used to prepare an overview of purchased goods and services and analysing customer preferences.
The bank account number is used to return payments to the Customer. Payment card data is processed to make payments.
Personal data, such as the email address, phone number, and name of the Customer, are processed to solve matters related to the goods and provision of services (customer support).
The IP address or other network identifiers of the e-shop user are processed to provide the e-shop service as an information society service and for compiling web usage statistics.
Personal data: transferring to processors
The Controller maintains the secrecy of the personal data of a Customer made known to them and discloses it to third parties only with the consent of the Customer, except if the obligation or right to disclose personal data arises from legislation.
The user of the e-shop agrees that the merchant has the right to process their data for the provision of services suitable for the Customer, which includes transferring the data of the Customer to persons related to providing the service by the merchant to the Customer.
A list of processors:
- Economic software DIRECTO (for managing and fulfilling orders and invoices)
- Google Analytics (for monitoring the website traffic)
- Omniva parcel terminals (for providing delivery services)
- Itella Estonia OÜ (for providing delivery services)
- Montonio Finance UAB
- OSC Transport OÜ
Security and access to data
The e-shop implements appropriate physical, organisational, and information technology security measures to protect the personal data from accidental or illegal destruction, loss, alteration, or unauthorised access and disclosure.
Transferring personal data to the data processors of the e-shop – personal data is processed under contracts concluded between the e-shop and data processors. The processors are obligated to ensure appropriate security measures when processing personal data.
Accessing and rectifying personal data
It is possible to access personal data saved at the e-shop and to rectify it by sending an email to our customer service at email@example.com.
Withdrawal of consent
If the personal data is processed with the consent of the Customer, the Customer is entitled to withdraw the consent by sending an email to our customer service at firstname.lastname@example.org.
In case of disputes related to payments and consumer disputes, personal data is stored until the claim is fulfilled or until the end of its expiration deadline (three years).
Personal data necessary for accounting is preserved for seven years.
The personal data saved to the e-shop along with the user account can be deleted by sending an email to our customer service at email@example.com.
With regard to the deletion of other personal data, you can submit an inquiry via email to our customer service at firstname.lastname@example.org. The request to delete data will be responded to within a month, at the latest, and the data deletion period will be specified, if necessary.
You can get an electronic extract of the personal data saved to the e-shop via email to our customer service at email@example.com.
You can submit an inquiry about the portability of other personal data via email to our customer service at firstname.lastname@example.org. The application for data portability will be responded to within a month, at the latest, and the customer support will identify the person and notify them of the portable personal data.
Direct marketing notices
The email address and phone number will be used for sending direct marketing notices, if the Customer has granted their consent.
If personal data is processed for the purposes of direct marketing (profiling), the Customer has the right to object to the initial and further processing of personal data, including the profile analysis for direct marketing, at any time by notifying the customer support via email.
Disputes related to the processing of personal data are settled via the customer support (email@example.com). The supervisory authority is the Data Protection Inspectorate of the Republic of Estonia (firstname.lastname@example.org).