The terms of personal data processing stated in the Privacy Policy govern the principles regarding the collection, processing and storage of personal data. The controller of the personal data of the online shop kytkes.com is Kütkes Private Ltd (registry code 17045584, VAT number EE102765832), located at 46a Vasara street, Tartu city, Tartu county, 50113, Estonia, e-mail info@kytkes.com.

For the purposes of this privacy policy, a data subject means the customer or another natural person whose personal data is processed by the controller. For the purposes of this privacy policy, a customer means anyone who purchases goods or services on the controller’s website.

By sharing their personal data, the data subject grants the controller the right to collect, arrange, use and administer, for the purpose defined in the privacy policy, the personal data that the data subject shares with the controller either directly or indirectly when purchasing goods or services on the website.

The data subject is liable for the accuracy, correctness, and integrity of the data submitted by them. Knowingly submitted false date by the data subject is regarded as a breach of the privacy policy. The data subject is required to immediately notify the controller of any changes in the data submitted.

The controller is not liable for any damage or loss caused to the data subject or a third party as a result of the submission of false data by the data subject.

WHICH PERSONAL DATA ARE PROCESSED?

– name and surname, phone number and e-mail address;
– delivery address;
– bank account number;
– cost of goods and services and data related to payments (purchase history);
– customer support data;
– IP address

FOR WHICH PURPOSES ARE PERSONAL DATA PROCESSED?

Personal data is used to manage the customer’s orders and to deliver goods. Purchase history data (date of purchase, goods, quantity, customer data) are used to put together an overview of the goods and services purchased, to analyse customer preferences and, among other things, for the purposes of resolving consumer disputes. The bank account number is used to reimburse payments to the customer. Personal data such as the e-mail address, telephone number, name and surname of the customer are processed to handle any issues relating to the provision of goods and services (customer support). E-mail is also used in order to forward invoices and the telephone number is used to notify the
customer about their goods arriving in the parcel locker. The IP address or other online identifiers of users of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.

LEGAL BASIS

The purpose of processing personal data is to fulfill the agreement entered into with the customer (managing the customer’s orders, delivery, returning goods and reimbursing payments). Personal data are processed in order to fulfill legal obligations (e.g. for accounting). The processing of personal data, i.e. the collection of purchase history data for the purposes of resolving potential consumer disputes, is necessary due to the controller’s legitimate interest. In order to access the legitimate interest analysis, send an e-mail to info@kytkes.com.

The data are processed with the consent of the data subject for the following purposes: profiling and direct marketing.

Collected personal data is processed for the following purposes: to conduct satisfaction surveys and analyze the use of the website and to use the results of the surveys and analysis, among other things, for the marketing and development of products and services; to provide information about products and services; to share newsletters; to promote products and services.

In the event that we have informed you that we carry out decisions based on automated processing (incl. profile analysis) which results in legal consequences that concern you or has a significant impact on you, then you may request that an automatic decision not to be made based on automated processing alone.

RECIPIENTS OF PERSONAL DATA

Personal data are forwarded to the customer support of the online shop in order to manage purchase history and resolve customer issues. The personal data necessary to make payments are transferred to payment method providers such as: AS LHV Paytech. Name, surname, telephone number and e-mail address are forwarded to the transport service provider selected by the customer. If the goods are delivered by a courier, the customer’s contact details, as well as their address, are forwarded to the courier. If an outside service provider handles the accounting for the online shop, the personal data is forwarded to that service provider to perform the accounting operations. Personal data may be forwarded to IT service providers if this is needed to ensure the functionality of the online shop or to host data.

SECURITY AND ACCESS TO DATA

Personal data are stored in the cloud servers, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be forwarded to states whose level of data protection is sufficient according to the European Commission or to a company of a third state to which a safeguard specified in articles 46 or 47 or in subsection 49 (1) of the GDPR has been applied.

Personal data can be accessed by the staff of the online shop in order to resolve technical issues related to the use of the online shop and to provide customer support. The online shop applies the relevant physical, organisational and IT security measures in order to protect personal data from accidental or unlawful destruction, loss, amendment or unauthorised access and disclosure. These measures are: data exchange with the online shop is carried out via an encrypted connection (TSL), standard encryption is used when sending e-mails, there is a firewall and a relevant virus protection to protect the online shop’s servers, there are regular backups that are kept separately from the online shop’s servers.

Personal data are forwarded to processors (e.g. the transport service providers, the data hosts, the payment method providers) on the basis of contracts between the online shop and processors. Upon processing data, the processors are obliged to ensure the relevant safeguards in accordance with article 28 of the GDPR.

ACCESS TO AND RECTIFICATION OF PERSONAL DATA

Personal data can be accessed and rectified via the online shop’s customer support. If the request to access personal data has been submitted electronically, the information will also be provided via commonly used electronic means.

WITHDRAWAL OF CONSENT

If personal data are processed with the data subject’s consent, the data subject has the right to withdraw their consent by notifying customer support via e-mail.

STORAGE

Personal data is stored for as long as it is mandatory or permitted according to the law or necessary to achieve the objectives specified in the Privacy Policy. In the event of disputes regarding payments and consumer disputes, personal data are stored until the claim is settled or the limitation period expires. The personal data in original accounting documents is stored for seven years. After the expiration of the personal data retention period, the personal data will be deleted permanently.

If the data are incorrect, incomplete or processed unlawfully, the data subject has the right to request the restriction of the processing of their personal data.

OBJECTIONS

The data subject has the right to submit objections regarding the processing of their personal data if they have a reason to believe that there is no legal basis to process their personal data.

For the erasure of personal data, customer support should be contacted by e-mail. Requests for erasure are responded to within one month and the period of erasure is specified. The response to the request will also indicate which personal data will not be erased, on which legal basis and why.

Requests to transfer personal data submitted via e-mail are responded to within one month. Customer support identifies the person and indicates which personal data is to be transferred.

DIRECT MARKETING MESSAGES

The e-mail address and telephone number are used to send direct marketing messages if the data subject has consented to receiving such messages. If the data subject does not wish to receive direct marketing messages, they should contact customer support. Where personal data are processed for direct marketing purposes (profiling), the data subject has the right to object at any time both to the initial and further processing of their personal data, including profiling related to direct marketing, by notifying customer support thereof via e-mail.

RESOLUTION OF DISPUTES

Disputes concerning the processing of personal data are settled through customer support (info@kytkes.com). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).

PRIVACY POLICY UPDATES

We may update the Privacy Policy from time to time. The currently valid terms of personal data processing stated in the Privacy Policy are available on our website.