Processing of personal data

1.Protection and processing of personal data

1.1 The personal data controller of the online store koreanna.ee is Anna Nazarenko FIE, registration code 16504346, telephone +372 53571921 and e-mail info@koreanna.ee (hereinafter referred to as the Seller).

2. Processing of personal data of the Buyer

2.1. When making a purchase through koreanna.ee and for the purpose of making it, the Seller collects the following data about the Buyer: name and surname, address (when using the courier service), telephone number, bank account number, e-mail address.

2.2. The Buyer’s personal data is collected and processed for the following purposes:

  • first and last name – for order delivery and order management;
  • address – for delivery of the order by courier service;
    telephone number – for the delivery of the order through the parcel delivery service and / or courier service, as well as for sending direct marketing materials;
  • e-mail address – to manage the order and to deliver the order through the parcel delivery service and / or courier service, as well as to send direct marketing materials;
  • bank account number – to manage the order and to return payments to the Buyer.
  • The e-shop visitor’s IP address or other online identifiers – for the provision of e-shop services as an information society service, as well as for compiling site visit statistics.

2.3. The collection and processing of personal data is necessary for the conclusion of a sales contract between the Buyer and the Seller, as well as for the provision of postal or courier services.

2.4. The Seller transfers the Buyer’s personal data to third parties in the event that the transfer is necessary to offer postal or courier services. An agreement has been concluded between the providers of the postal or courier service and the seller, which ensures the security of the Buyer’s personal data and the expediency of processing.

2.5. The Seller may transfer the Buyer’s personal data to third parties without the Buyer’s prior consent only in cases and under the conditions established by law.

2.6. The Buyer has the right to contact the Seller at any time to familiarize himself with his personal data, to update personal data, to terminate their processing, to delete data and to exercise other rights arising from the general regulation on the protection of personal data (GDPR) and from the Law on the Protection of Personal Data. data.

2.7. The Buyer has the right to withdraw his consent to the processing of personal data at any time, however, this does not affect the previous processing of personal data, which was based on the consent of the Buyer.

2.8 In the event that the purpose of collecting personal data is fulfilled, we delete unnecessary personal data as follows:

a. Client card data after 7 years from data collection;

b. E-shop user account data after 7 years from data collection.

c. We delete the Buyer’s personal data 7 years after the purchase.

3. Legal basis for the processing of personal data

3.1. The processing of the Buyer’s personal data is carried out on the basis of a sales contract concluded with the Buyer.

3.2. The processing of personal data is carried out in order to fulfill the obligations of the company and arising from the law (for example: accounting and resolution of consumer disputes).

3.3. Data processing is carried out with the consent of the client to perform the following actions: sending direct marketing materials, to receive a discount in honor of the birthday.

4. Processing of personal data for direct marketing purposes

4.1. The Buyer has the opportunity to connect to direct marketing offers.

4.2. Direct marketing channels include SMS messages, emails and regular mail.

4.3. The buyer voluntarily consents to the processing of his personal data for direct marketing purposes.

4.4. Consent to the processing of personal data for direct marketing purposes the Buyer gives voluntarily when registering as a user in the e-shop; when making a purchase in the e-shop; when filling in the required fields when visiting the e-shop homepage or by filling in the required fields on the customer card registration form.

4.5. The Buyer has the right to opt out of receiving direct marketing offers at any time. The processing of personal data for direct marketing purposes is terminated with the withdrawal of the consent given by the Buyer to the processing of personal data.

4.6. The Buyer has the opportunity to opt out of direct marketing materials at any time by following the necessary instructions contained in the direct marketing materials.

4.7. The buyer may at any time request the deletion, updating, suspension of the processing of his personal data that was collected for direct marketing purposes. To delete personal data, to update it or to suspend its processing, the Buyer must send an e-mail to the e-mail address info@koreanna.ee.

4.8. The koreanna.ee e-shop uses information technology solutions on the basis of justified interest, which allow sending personal offers to the Buyer.

5. Transfer of personal data of the Buyer

5.1. The Seller transfers the Buyer’s personal data to the following third parties:

a. On the basis of an agreement with providers of transportation services or courier services;

b. Based on the consent of direct marketing service providers;

c. To fulfill the obligations arising from the law to the provider of accounting services;

d. On the basis of an agreement with providers of information technology services;

e. To fulfill other obligations arising from the law.

6. Integrated data protection and data protection by default

6.1. To ensure the high security of the Buyer’s personal data, all reasonable technical and organizational measures are taken to ensure the security of personal data.

6.2. The Seller ensures that the information systems used, other technologies and work systems within the organization are built in compliance with the appropriate and modern security measures that are necessary for the safe processing of personal data.

6.3. All personal data of the Buyers collected in the course of visiting the koreanna.ee online store and making purchases is treated as confidential information. An encrypted channel for data communication with banks ensures the security of personal data and bank details of the person making the purchase.

6.4. Transfer of personal data to the authorized processors of the online store (for example: transport service provider and data hosting): the processing of personal data is carried out on the basis of agreements concluded with the e-shop and authorized processors. Authorized processors are required to ensure appropriate security measures when processing personal data.