Your shopping cart is empty
The controller of personal data of the online store clinex.ee is Bedrock Trade OÜ (registration code 12078467), located at Peterburi tee 49, 11415 Tallinn, Harju maakond, Estonia, phone +372 5445 5445, e-mail: info@clinex.ee.
Personal data processed
- Name, phone number and e-mail address;
- Delivery address;
- Bank account number;
- Price of goods/services and payment-related data (purchase history);
- Customer support data.
Purposes of processing
Personal data are used to manage customer orders and deliver goods.
Purchase history data (purchase date, item, quantity, customer data) are used to compile an overview of purchased goods and services and to analyse customer preferences.
The bank account number is used to refund payments to the customer.
Personal data such as e-mail, phone number and customer name are processed to resolve issues related to the provision of goods and services (customer support).
The online store user’s IP address or other network identifiers are processed to provide the information society service (website operation) and to compile web usage statistics.
Legal basis
Processing of personal data is carried out for the performance of a contract concluded with the customer.
Processing is carried out for compliance with legal obligations (e.g. accounting and settlement of consumer disputes).
Recipients to whom personal data are disclosed
Personal data are disclosed to the online store’s customer support for managing purchases and purchase history and for resolving customer issues.
The name, phone number and e-mail address are disclosed to the transport service provider chosen by the customer. If the goods are delivered by courier, the customer’s address is also disclosed in addition to the contact details.
If the online store’s accounting is performed by a service provider, personal data are disclosed to that provider for accounting operations.
Personal data may be disclosed to IT service providers where necessary to ensure the functionality of the online store or data hosting.
The owner of the online store is the controller and forwards the personal data necessary to execute payments to the authorised processor Maksekeskus AS.
Security and access to data
Personal data are stored on servers located in Germany, within an EU Member State or EEA country. Data may be transferred to countries whose level of data protection has been deemed adequate by the European Commission, and to US companies participating in the Privacy Shield framework.
Access to personal data is granted to online store employees who need it to resolve technical issues related to the use of the website and to provide customer support.
The online store applies appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised access and disclosure.
Transfers to authorised processors (e.g. transport providers, hosting) and processing by them are based on contracts between the online store and such processors. Authorised processors are obliged to ensure appropriate safeguards during processing.
Access to and rectification of personal data
Personal data can be accessed and corrected in the user profile of the online store. If a purchase was made without an account, the data can be accessed via customer support.
Withdrawal of consent
Where processing is based on the customer’s consent, the customer has the right to withdraw consent by notifying customer support by e-mail.
Retention
Upon closure of the online store account, personal data are deleted unless such data must be retained for accounting purposes or for resolving consumer disputes.
In the event of disputes related to payments and consumer claims, personal data are retained until the claim is fulfilled.
Personal data required for accounting are retained for seven years.
Deletion
To request deletion of personal data, contact customer support by e-mail. A response will be provided no later than one month and the deletion timeline will be specified.
Data portability
Requests for data portability submitted by e-mail will be answered within one month at the latest. Customer support will verify identity and inform about the personal data subject to portability.
Direct marketing
The e-mail address and phone number may be used for sending direct marketing messages if the customer has given consent. If the customer no longer wishes to receive such messages, they can unsubscribe via the link in the message header or by contacting customer support.
Where personal data are processed for direct marketing purposes (including profiling), the customer has the right to object at any time to both the initial and further processing of their personal data, including profiling related to direct marketing, by notifying customer support by e-mail (this information must be provided clearly and separately from other information).
Dispute resolution
Disputes related to the processing of personal data are resolved via customer support (info@clinex.ee). The supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) (info@aki.ee).