Effective date: 16 May 2019
Susimust is commited to protecting the privacy and security of your personal information. The information you share with Susimust allows us to provide you with the best experience with our products and services.
The controller of the personal data of the online shop susimust.com is Susimust Active OÜ (reg. code 14172801), located at Torni 7, 11611 Tallinn, Estonia; email address: firstname.lastname@example.org.
Our principles regarding user privacy and data protection
- We believe user privacy and data protection are human rights.
- We will only collect and process data when it is absolutely necessary, and when we do, we will make it clear why we are doing so and how it will be used.
- We will not send you regular newsletters you have not subscribed to. And if you choose to subscribe, we will always give you the choice to unsubscribe.
- We will not share your personal information with anyone else without your permission.
What personal data are processed?
- Data you provide to us:
- name, phone number and email address;
- delivery address;
- bank account number;
- cost of goods and services and data related to payments (purchase history)
- your computer’s internet protocol (IP) address
2. Data collected by our website:
- your computer's internet protocol (IP) address
Why personal data are processed
Personal data are used to manage the customer’s orders and deliver goods.
Purchase history details (date of purchase, goods, quantity, customer’s data) are used for preparing summaries of goods and services purchased and for analysing customer preferences.
The bank account number is used to reimburse payments to the customer.
Personal data such as email, phone number and the customer's name are processed to handle any issues relating to the provision of goods and services (customer support).
The IP address or other web identifiers of a user of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.
Personal data are processed for the purpose of performing a contract concluded with the customer.
Please be aware that, in certain circumstances, where you do not provide personal information which is required by us, we will not be able to provide the products and services under our contract with you or may not be able to comply with a legal obligation on us.
Personal data are processed for performing legal obligations (such as accounting and the settlement of consumer complaints).
Recipients of personal data
Personal data are transmitted to the customer support of the online shop for managing purchases and purchase history and for settling any problems that the customers may have.
Payment data are transmitted to payment processors engaged by us to securely store or handle payments information, such as credit or debit card details. Susimust.com payment processor is Maksekeskus AS and we will transmit payment relevant information to Maksekeskus AS when an order is placed.
The name, phone number and email addressare transmitted to the transport service provider selected by the customer. When the goods are delivered by a courier, the customer’s address is also transmitted together with the contact details.
The accounts of the web shop are kept by a service provider, the personal data are transmitted to the service provider for performing accounting operations.
Personal data may be transmitted to IT service providers if this is necessary for ensuring the functionality of the online shop or for data hosting.
Security and access to data
Personal data are stored in the servers of Shopify, which are located on the territory of Canada. Canada has been deemed to have adequate data protection by the European Commission.
Personal data can be accessed by the staff of the online shop in order to settle technical issues related to the use of the online shop and to provide customer support.
The online shop takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Access to and rectification of personal data
Personal data can be accessed and rectified in the user profile of the online shop. When a purchase has been made without a user account, personal data can be accessed through customer support (please contact email@example.com).
Withdrawal of consent
Where personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw his/her consent by notifying customer support (firstname.lastname@example.org) by email.
Personal data are erased upon the closure of a customer account of the online shop, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.
For online purchases made without a customer account, the purchase history is stored for three years.
In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period.
Personal data needed for accounting purposes are stored for seven years.
For the erasure of the personal data, customer support must be contacted via email (email@example.com). Requests of erasure are responded to no later than within one month and the period of erasure shall be specified.
Requests to transmit personal data submitted via email are responded to within one month. Customer support identifies the person and indicates what personal data are to be transmitted.
Direct marketing messages
Email address and phone number are used for sending direct marketing messages if the customer has given the respective consent. If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the emailor contact customer service (firstname.lastname@example.org).
Where personal data are processed for direct marketing purposes (profiling), the customer has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support thereof via email.
Disputes concerning the processing of personal data are settled through customer support (email@example.com). The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).
Changes to this policy
This policy may change from time to time. The latest effective date will be highlighted at the top of the policy information.