The data controller for the online store treatyourself.ee is Markas Online OÜ, registry code 17158886, address Rahvamaja tn 6, Kohila alev, Kohila vald, Raplamaa, 79805, phone: +372 5301 2858, email: info@treatyourself.ee (hereinafter referred to as the “Merchant”).
Types of personal data processed:
Name
Contact information, such as phone number and email address
Billing and delivery address
Bank account number
Details of purchased goods and services, and payment information (purchase history)
Customer support data
Other information related to customer surveys and/or special offers
Purpose of Processing Personal Data
The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the customer. Data processing also takes place to comply with legal obligations (e.g., accounting and consumer dispute resolution). Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, item, quantity, customer information) is used to provide an overview of purchased goods and services, and to analyze customer preferences. The bank account number is used to issue refunds to the customer. Personal data such as email address, phone number, and name are processed to resolve issues related to the provision of goods and services, as well as for preparing and sending offers and newsletters.
The user’s IP address or other network identifiers may be processed to provide the online store as an information society service and to compile website usage statistics.
Transfer of Personal Data to Authorized Processors
The Merchant keeps customer personal data obtained through account registration and usage confidential and does not disclose it to third parties without the customer’s consent, unless the obligation or right to do so arises from legislation.
By using the online store, the user agrees that the Merchant has the right to process their data and to share it with third parties involved in providing services to the customer on behalf of the Merchant, to the extent necessary to perform such services.
List of Authorized Data Processors
IT Service Providers – Personal data is shared with IT service providers to ensure the functionality and hosting of the online store:
Veebimajutus.ee
Accounting and Inventory Software Providers – For accounting and warehouse management purposes:
Merit Aktiva
Delivery Partners – For order fulfillment and delivery to the customer:
DPD
Itella
Omniva
Payment Processors – For processing payments related to orders:
Swedbank
SEB
Danske Bank
Luminor
LHV
Coop
Citadele
PayPal
Maksekeskus AS
Analytics and Statistics – For collecting data to improve the user experience of the online store:
Google Analytics
Facebook
Security and Access to Data
Personal data is stored on servers hosted by Veebimajutus.ee, located within the territory of a member state of the European Union or a country that is part of the European Economic Area. Data may also be transferred to countries deemed to have an adequate level of data protection by the European Commission, and to U.S. companies that have joined the Privacy Shield framework.
The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.
Transfer of Personal Data to Authorized Processors
The processing of personal data by authorized processors is based on agreements between the online store and the processors. Authorized processors are required to implement appropriate safeguards when processing personal data.
Access to and Correction of Personal Data
Customers can access and update their stored personal data via their account management section in the online store.
Withdrawal of Consent
If the processing of personal data is based on the Customer’s consent, the Customer has the right to withdraw their consent at any time via the online store’s account management.
Data Retention
Upon closing a customer account in the online store, personal data will be deleted, except when such data must be retained for accounting purposes or for resolving consumer disputes.
If a purchase was made as a guest (without creating an account), the personalized purchase history will be retained for five years.
In the event of disputes related to payments or consumer claims, personal data will be retained until the claim is fulfilled or the statutory limitation period expires (five years).
Personal data required for accounting purposes will be retained for seven years.
Data Deletion
Personal data stored in the online store, along with the customer account, can be deleted via the account management section. For the deletion of any other personal data, a request may be submitted via the data inquiry form. A response to the deletion request will be provided within one month, and if necessary, the data deletion timeline will be clarified.
Data Portability
An electronic extract of personal data stored in the online store can be downloaded via the account management section.
For the transfer of other personal data, a request may be submitted via the data inquiry form. A response to the portability request will be provided within one month, during which customer service will verify the identity of the requester and inform them about the specific data subject to transfer.
Direct Marketing Communications
Email addresses and phone numbers are used for sending direct marketing communications if the customer has given prior consent. If the customer no longer wishes to receive such messages, they can opt out by clicking the unsubscribe link in the email header or by contacting customer support.
If personal data is processed for direct marketing purposes, the customer has the right to object at any time to both the initial and any further processing of their personal data, including profiling related to direct marketing, by notifying customer support via email.
Dispute Resolution
Disputes related to the processing of personal data are resolved through customer support.
The supervisory authority is the Estonian Data Protection Inspectorate (email: info@aki.ee).
Customers may also contact the Consumer Protection Commission or use the EU Online Dispute Resolution (ODR) platform.