Principles for processing customer data
This document defines the processing of customer data at the disposal of AMAVIO OÜ, its purposes, composition and confidentiality.
Who is a customer?
A person who has entered into a contractual relationship with AMAVIO OÜ.
What is customer data?
Customer data is any information that AMAVIO OÜ has about its customer (e.g. customer name, contact details, transaction details).
What is the processing of customer data?
Processing of customer data is any operation on customer data (including collection, storage, organisation, retention, modification, disclosure, access, retrieval, consultation, use, transmission, cross-use, interconnection, blocking, erasure and destruction of customer data).
Who is the processor of customer data?
The controller of customer data is AMAVIO OÜ (16733509).
The data processors are:
Postal service providers, for the purpose of delivering the ordered goods to the customer.
The companies that deliver the goods to the customer via the postal service providers, for the purposes of the delivery of the goods to the customer.
Advertising service providers, including social media service providers, to whom we transfer only the data necessary to inform the customer about new products and promotions and to analyse the behaviour of customers in our online shop.
IT support companies to ensure the functioning and development of the e-shop and other IT solutions used.
Financial companies providing brokerage services.
AMAVIO OÜ may collect the following data:
First name and surname/company name;
Address of the company;
Transaction details (details of purchases made by the customer);
habits, preferences and satisfaction data (e.g. activity, services used, customer satisfaction and complaints data);
all customer data not previously mentioned which the customer has provided to AMAVIO OÜ by means of communication (e.g. telephone and computer network) on his/her own initiative, including the right of AMAVIO OÜ to record all orders given by the customer by means of communication.
AMAVIO OÜ is entitled, on the basis of the law, to process data relating to the customer which are not mentioned here.
What is the purpose and legal basis for processing customer data?
AMAVIO OÜ processes customer data in order to:
to perform a contract with a customer based on:
– the performance of the contract or the implementation of pre-contractual measures at the request of the customer;
– the performance of a legal obligation;
– AMAVIO OÜ’s legitimate interest.
Provide additional services, carry out customer satisfaction surveys, market analyses and perform statistical work based on:
– Customer consent;
– Improve the customer experience and develop new products and services;
– AMAVIO OÜ’s legitimate interest in improving the services and products of the Sunglasses e-shop.
To protect your violated or contested rights (e.g. by submitting your data to a court) based on:
– Customer consent;
– Customer’s right to obtain the information required to perform the contract or to implement pre-contractual measures at the request of the Customer;
– the performance of a legal obligation;
– AMAVIO OÜ’s legitimate interest in preventing, restricting and investigating misuse or illegal use of the services and products of the Sun glasses e-shop.
To comply with legal obligations (e.g. transfer of data to investigative authorities) based on:
– The performance of a contract or the implementation of pre-contractual measures at the customer’s request;
– compliance with a legal obligation;
– AMAVIO OÜ’s legitimate interest in sound risk management and governance.
In which cases will the company name disclose customer data?
Customer data is confidential and will not be disclosed or accessed by third parties without the prior consent of the customer, except as required by law.
Who is a Third person?
A third party is a natural or legal person who is neither a customer nor a processor of customer data.
Where is customer data processed?
In general, customer data is processed within the European Union and the European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA.
The transfer and processing of customer data outside the EU/EEA may take place provided that there is a legal basis, such as the performance of a legal obligation or the customer’s consent, and that appropriate safeguards are in place.
Appropriate safeguards are:
A valid contract containing standard contractual clauses developed by the EU;
there is an adequate level of data protection in the country outside the EU/EEA where the recipient is located, as decided by the European Commission;
the recipient is certified under the Privacy Shield data protection framework (applicable to recipients located in the United States).
Upon request, the customer will receive further information on the transfer of customer data to countries outside the EU/EEA.
How does AMAVIO OÜ use customer data to provide services?
RUBY sends customers Sunglasses online store offers.
How does the company name use profiling to provide personalised offers?
Profiling is the automatic processing of customer data used to assess certain personal characteristics of the customer. For example, to analyse or predict a person’s preferences, interests, place of residence. Profile analysis is used for marketing purposes based on the legitimate interest of AMAVIO OÜ, the performance of a contract or the consent of the customer.
AMAVIO OÜ may process customer data in order to improve the user experience of digital services, such as adapting the views of services to the device used and creating personalised offers to the customer (unless the customer has opted out of direct marketing).
Based on AMAVIO OÜ’s legitimate interest, the company ensures the use of a convenient e-commerce environment for private customers by providing personalised offers based on profiling and marketing.
What are the customer’s rights?
The customer has the following rights in relation to the processing of customer data:
Request the rectification of their customer data if it is insufficient, incomplete or incorrect;
Object to the processing of your customer data where the use of your customer data is based on a legitimate interest, including profiling for direct marketing purposes (e.g. to receive marketing offers or to participate in surveys);
request the deletion of your personal data, for example, where it is processed with your consent and where you have withdrawn your consent. Such a right does not apply where the customer data for which deletion is requested is also processed for other legal purposes, such as the performance of a contract;
limit the processing of its customer data on the basis of an applicable right, for example at the time when AMAVIO OÜ is assessing whether the customer has the right to have its data erased;
to be informed whether AMAVIO OÜ processes his/her customer data and, if so, to have access to the aforementioned data;
to obtain the customer’s own data, provided by the customer, which are processed on the basis of consent or for the performance of a contract, in written form or in a commonly used electronic format and, where technically feasible, to transfer these data to another service provider (data portability);
withdraw your consent to the processing of customer data;
lodge a complaint about the use of customer data with the Estonian Data Protection Inspectorate (website: www.aki.ee) if the customer considers that the processing of his/her customer data infringes his/her rights and interests under applicable law.
How can I amend my customer data and request the cessation of processing?
The customer has the right to access his/her customer data via e-mail firstname.lastname@example.org
The customer has the right to request the cessation of the processing of his/her data and/or the deletion of the data collected, if this right is derived from the Personal Data Protection Act or other legislation.
How long will customer data be kept?
Customer data will not be processed for longer than necessary. The period of retention may be based on contracts with the customer, the legitimate interest of AMAVIO OÜ or applicable law (e.g. accounting laws, or statute of limitations, other private law).