Personal data processing
The controller in charge of personal data of the online store https://brums.ee is Kids Fashion OÜ (registration number: 14450445), registration address: Mooni 61, Tallinn, 10619, tel .: +372 6522341 and e-mail address: tallinn @ brums. ee
What personal data is processed
name, phone number and email address;
delivery address of the goods;
Bank account number;
the cost of goods and services and data related to payments (purchase history);
data required to provide customer support.
For what purpose is personal data processed
Personal data is used to manage customer orders and to deliver goods.
Purchase history data (date of purchase, product, quantity, customer data) is used to compile an overview of purchased goods and services, as well as to analyze customer preferences.
The bank account number is used to return funds to the client.
Personal data such as email address, telephone number, customer name are processed in order to resolve issues related to goods and services (customer support).
The IP address of the user of the online store or other network identifiers are processed for the provision of services by the online store as part of the information society, as well as for maintaining statistics on Internet use.
The processing of personal data is carried out in order to fulfill the contract concluded with the client.
The processing of personal data is carried out in order to fulfill a legal obligation (for example, accounting and resolving consumer disputes).
Recipients to whom personal data is transferred
Personal data is shared with the online store’s customer support team to manage purchases and purchase history and to resolve customer problems.
The name, phone number and e-mail address are sent to the transport provider chosen by the customer. If we are talking about goods delivered by a courier, then in addition to contact details, the customer’s address is also transmitted.
If the accounting of the online store is maintained by the provider of the corresponding service, then the personal data will be transferred to the provider of the corresponding service for carrying out the accounting transactions.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data storage.
Security and data access
Personal data is stored on Balticnova OÜ servers, which are located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data can be transferred to countries where the European Commission has assessed the level of data protection as sufficient, as well as to US companies that have joined the general concept of the Privacy Shield.
Employees of the online store have access to personal data, who can get acquainted with personal data in order to resolve technical issues related to the use of the online store and provide customer support services.
The online store uses appropriate physical, organizational and information technology security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the online store (for example, a transport service provider and data storage) is carried out on the basis of contracts concluded with the online store and authorized processors. When processing personal data, authorized processors are obliged to provide appropriate protection measures.
Acquaintance with personal data and their correction
You can get acquainted with personal data and make corrections to it in the user profile of the online store. If the purchase was made without creating a user account, personal data can be found by contacting customer support.
Withdrawal of consent
If the processing of personal data is carried out on the basis of the client’s consent, the client has the right to withdraw consent by notifying the customer support service by e-mail.
When a client’s account in the online store is closed, personal data is deleted, unless such data must be retained for accounting purposes or for resolving consumer disputes.
If a purchase in an online store was made without creating a client account, the purchase history is stored for three years.
In the event of disputes related to payments and consumer claims, personal data is retained until the relevant requirement is fulfilled or until the expiration of the limitation period upon request.
Personal data required for accounting purposes is stored for seven years.
To delete personal data, please contact customer support by email. The response to the application for deletion is sent no later than within a month, while the period for data deletion is also specified.
The response to the application for the transfer of personal data submitted by e-mail will be sent no later than within one month. The customer support service authenticates the person and informs about the transfer of personal data.
Direct Marketing Messages
The email address and telephone number are used to send messages in the framework of direct marketing, if the customer has given the appropriate consent. If the customer does not wish to receive direct marketing communications, then they should click on the appropriate link at the bottom of the email or contact customer service.
If personal data is processed for direct marketing purposes (profiling), the client has the right at any time to object to both the initial and subsequent processing of his personal data, including with respect to profile analysis related to direct marketing, for which it is necessary to inform the service customer support by e-mail (the relevant information must be presented clearly and separately from any other information).
Disputes related to the processing of personal data are resolved through the customer support service (tel: +372 6522341 and e-mail: firstname.lastname@example.org). The supervisory authority is the Estonian Data Protection Inspectorate (email@example.com).