The responsible processor of personal data for the online store aptus.garden is Greenbit Grow OÜ (registration code 14456459), located at Türi tn 10c, 11313, Tallinn, Harju County.
What personal data is processed
- Name, phone number, and email address
- Delivery address
- Cost of goods and services and related payment data (purchase history)
- IP address
For what purpose personal data is processed
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, goods, quantity, customer details) is used to compile an overview of purchased goods and services, analyze customer preferences, and resolve consumer disputes.
Personal data such as email, phone number, and customer name are processed to resolve issues related to the provision of goods and services (customer support). Email is also used for sending invoices, and the phone number is used to notify about goods delivered to the parcel machine.
The IP address or other network identifiers of the user of the online store are processed for the provision of the online store as an information society service and for web usage statistics.
Legal basis
The processing of personal data takes place for the purpose of fulfilling the contract concluded with the customer (management of customer orders, delivery, return of goods and payments).
The processing of personal data takes place to fulfill a legal obligation (e.g., accounting).
The processing of personal data is necessary due to the legitimate interest of the responsible processor, which is the collection of purchase history data for the purpose of resolving potential consumer disputes.
Data processing takes place with the customer’s consent for the following activities: Direct marketing (newsletter).
Recipients to whom personal data is transmitted
The name, phone number, and email address are transmitted to the delivery service provider chosen by the customer. If the goods are delivered by courier, the customer’s address is also provided.
If the accounting of the online store is performed by a service provider, personal data is transmitted to the service provider for accounting purposes.
Personal data may be transmitted to IT service providers if necessary to ensure the functionality of the online store or data hosting.
Personal data is transmitted to payment solution providers through the online store for payment transactions. Greenbit Grow OÜ is the data controller, and Greenbit Grow OÜ transfers the personal data necessary for processing payments to the authorized processor, Maksekeskus AS.
Security and access to data
Access to personal data is granted to online store employees who can access personal data to resolve technical issues related to the use of the online store and provide customer support.
The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure, including: data exchange with the e-store takes place via an encrypted connection, customer passwords are stored in encrypted form, standard encryption is used when sending emails, firewalls are used to protect e-store servers, and regular backups are made.
The transmission of personal data to authorized processors (e.g., delivery service provider, data hosting, and payment solution provider) takes place under contracts concluded between the online store and the authorized processors. The authorized processors are required to ensure appropriate protection measures when processing personal data in accordance with Article 28 of the General Data Protection Regulation.
Accessing and correcting personal data
Personal data can be accessed and corrected in the user profile of the online store or through customer support. If the purchase was made without a user account, personal data can be accessed through customer support. If a request to access personal data is submitted electronically, the information will be provided via commonly used electronic means.
Withdrawal of consent
If personal data processing is based on customer consent, the customer has the right to withdraw consent by notifying customer support via email.
Retention
Upon closing the online store customer account, personal data is deleted, except for personal data (purchase history data) that must be retained for accounting or consumer dispute resolution purposes.
In the event of disputes regarding payments and consumer disputes, personal data is retained until the claim is satisfied or the limitation period expires.
Personal data contained in accounting source documents is retained for seven years.
Restriction
The customer has the right to request the restriction of personal data processing if the data is inaccurate or incomplete or if their personal data is processed unlawfully.
Objections
The customer has the right to object to the processing of their personal data if they have grounds to believe that there is no legal basis for the processing.
Deletion
To delete personal data, contact customer support via email. The deletion request will be responded to within one month, specifying the data deletion period. The response to the request will also indicate any personal data that will not be deleted and the legal basis and reason for it.
Dispute resolution
Dispute resolution related to the processing of personal data takes place through customer support at grow@greenbit.group. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).