Privacy Policy

We respect the privacy rights of our online visitors and protect the information collected about them. Privacy Policy guides how we collect, store, and use the information that you provide us with. The personal data controller of himmeli.net is Viiskanda OÜ (registry code 11501136) located at Muru farm, Ohtu village, Lääne-Harju County, Estonia, phone +372 514 1416 and e-mail: urmasveersalu@gmail.com.

What personal data is being processed:
name, phone number and email address;
delivery address;
bank account number;
cost of goods and services, and payment-related data (purchase history).

The purpose for which personal data are processed
Personal information is used to manage customer orders and deliver goods.
Purchase history data (date of purchase, item, quantity, customer information) is used to compile an overview of the goods and services purchased and to analyze customer preferences.
The bank account number is used to refund payments to the customer.
Personal data such as e-mail, telephone number, customer name is processed to resolve issues related to the provision of goods and services (customer support).
The web store user IP address or other network identifiers are processed to provide the web store as an information society service and to generate web usage statistics.

Legal basis
Personal data are processed for the purpose of executing the contract with the client.
The processing of personal data takes place in order to fulfill a legal obligation (accounting and settlement of consumer disputes).
Data processing is carried out with the customer’s consent for the following activities: profiling.

Recipients to whom personal data shall be transferred
Personal information is passed to the online store customer support to manage purchases and purchase history, and to resolve customer issues.
Personal data necessary for making payments shall be forwarded to the authorized processor Maksekeskus AS.
In the case of goods delivered by courier, the name, telephone number and address of the customer shall be forwarded to the transport service provider.
If the online store is accounted for by a service provider, personal data will be transferred to the service provider for accounting purposes.
Personal information may be transferred to information technology service providers if this is necessary to ensure the functionality of the web store or data hosting.

Security and data access
Personal data is stored on Zone servers located in the territory of a Member State of the European Union. Data may be transferred to countries that have been assessed by the European Commission as having an adequate level of data protection and to US companies that are affiliated with the Privacy Shield framework.
Access to personal information is available to online store staff who can access personal information to resolve technical issues related to the use of the online store and to provide customer support.
The Web Store implements appropriate physical, organizational and IT security measures to protect personal information from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the web store (eg transport service provider and data hosting) is subject to agreements with the web store and the authorized processors. Controllers are obliged to provide appropriate safeguards for the processing of personal data.

Withdrawal of consent
If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw the consent by notifying the customer support via e-mail.

Preservation
Purchase history is kept for three years.
In the case of disputes relating to payments and consumer disputes, personal data shall be retained until the claim has been complied with or until the limitation period has expired.
The personal data necessary for accounting purposes shall be kept for seven years.

Deleting
You must contact us by email to delete your personal information. The request for erasure shall be replied to within not more than one month and the period for erasure shall be specified.

Direct marketing messages
The email address and phone number will be used to send direct marketing communications, subject to customer consent. If a customer does not wish to receive direct marketing notices, you must select the appropriate reference in the footer of the email or contact by email.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of their personal data, including profile analysis related to direct marketing, by notifying customer support via email (urmasveersalu@gmail.com).

Solving arguments
Questions related to the processing of personal data are solved through customer support (phone +372 514 1416 and e-mail: urmasveersalu@gmail.com).
The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).