The controller of personal data of the online store lyyoga.ee is OÜ Ly Yoga (registration code 16557213) located at Posti tn 23-7, 71004, Viljandi city, Viljandi county.
WHAT PERSONAL DATA ARE PROCESSED
name and email address
cost of goods and services and data related to payments (purchase history)
FOR WHAT PURPOSE PERSONAL DATA IS PROCESSED
Personal data is used to manage customer orders.
Purchase history data (date of purchase, product, quantity, customer data) is used to compile an overview of the purchased goods and services, to analyze customer preferences and, among other things, for the purpose of resolving consumer disputes.
Personal data, such as e-mail and customer name, are processed in order to resolve issues related to the provision of goods and services (customer support). E-mail is also used to send invoices if desired.
Personal data is processed for the purpose of fulfilling the contract concluded with the customer (management of customer orders, return of goods and payments).
Personal data is processed to fulfill a legal obligation (e.g. accounting).
The processing of personal data is necessary due to the legitimate interest of the data controller, which consists in collecting purchase history data for the purpose of resolving possible consumer disputes.
RECIPIENTS TO WHOM PERSONAL DATA WILL BE TRANSMITTED
If the accounting of the online store is performed by the service provider, then personal data is transferred to the service provider for accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.
Personal data is transmitted through the online store to payment solution service providers for payment operations.
SECURITY AND DATA ACCESS
Employees of the online store have access to personal data, who can access personal data in order to solve technical issues related to the use of the online store and to provide customer support services.
The online store implements appropriate physical, organizational and information technology security measures to protect personal data from accidental or illegal destruction, loss, modification or unauthorized access and disclosure, which are: data exchange with the online store takes place via an encrypted connection, customer passwords are stored encrypted, when sending e-mails standard encryption is used, a firewall is implemented to protect the e-shop servers, regular backups are created.
The transfer of personal data from authorized processors of the online store to recipients (e.g. data hosting and payment solution provider) takes place on the basis of contracts concluded with the online store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures in the processing of personal data in accordance with Article 28 of the General Regulation on the Protection of Personal Data.
ACCESSING AND CORRECTING PERSONAL DATA
Personal data can be viewed and corrected in the user profile of the online store or through customer support. If the purchase has been made without a user account, you can consult the personal data via customer support. If the request for viewing personal data is submitted electronically, the information is also submitted via publicly available electronic means.
WITHDRAWAL OF CONSENT
If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by informing the customer support via e-mail firstname.lastname@example.org
When the customer account of the online store is closed, personal data will be deleted, except for personal data (purchase history data) that needs to be kept for accounting purposes or to resolve consumer disputes.
In the case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or the expiry period ends.
Personal data contained in the original accounting documents are stored for seven years.
The customer has the right to request restriction of the processing of his personal data if the data is incorrect or incomplete or if his personal data is processed illegally.
The customer has the right to object to the processing of his personal data if he has reason to believe that there is no legal basis for the processing of his personal data.
To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the data deletion period will be specified. In the response to the request, the personal data that will not be deleted and on what legal basis and reason are also indicated.
Disputes related to the processing of personal data are resolved via customer support at email@example.com. The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).