1. What personal data is being processed
Personal Information is information that Riverbank OÜ collects to identify or contact an individual. Personal data may be collected with the consent of the client in the following ways:
When submitting contact information (including name, postal address, telephone number, email address) on our website.
When using a website from customer account information or cookies.
Purchase or place an order in our online store (shipping address, bank account details, purchase history, or customer support history)
2. What is the purpose of the processing of personal data?
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, merchandise, quantity, customer information) is used to compile an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to return payments to the customer.
Personal data such as email, phone number, customer name are processed to resolve issues related to the delivery of goods and services (customer support).
The online store user IP address or other network identifiers are processed as a web shop for providing information society services and for making web usage statistics.
3. Legal basis
The processing of personal data takes place for the purpose of performing a contract with the client.
The processing of personal data takes place in order to fulfill a legal obligation (eg accounting and settlement of consumer disputes).
4. Recipients to whom personal data are transmitted
Personal data is transferred to the online store’s customer support to manage purchases and purchase history and resolve issues.
The name, phone number and e-mail address will be sent to the transient service provider of your choice. In the case of goods delivered by courier, the customer’s address is also forwarded to the contact details.
Data related to the processing of payments (name, bank account) shall be sent to the Payment Center AS.
5. Security and access to data
Personal data shall be stored on servers located in the territory of a Member State of the European Union or the countries associated with the European Union. Data may be transmitted to countries whose data protection level has been assessed by the European Commission as sufficient, and to US companies that are affiliated to the Privacy Shield framework.
Access to personal data is a webshop for those who can access personal information in order to solve technical issues related to using the online store and provide customer support.
The Web Store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.
The transfer of personal data to authorized processors of the web shop (eg transport service provider, payment center and data hosting) is carried out on the basis of contracts concluded with the online shop and the authorized processors. Authorized processors are required to ensure appropriate safeguards for the processing of personal data.
6. Access to and rectification of personal data
Personal data can be accessed through customer support.
7. Withdrawal of consent
If the processing of personal data is carried out with the consent of the client, the customer has the right to withdraw the consent by informing the customer by e-mail.
Personal data will be deleted when you close an online store customer account, unless you need to keep such data for accounting or to resolve consumer disputes.
If the online store has been purchased without a customer account, the purchase history will be retained for three years.
In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is fulfilled or until the expiry of the limitation period.
Personal data necessary for accounting purposes shall be kept for seven years.
You must contact customer support by email to delete personal information. The request for erasure shall be answered no later than one month and the period of erasure shall be specified.
An application for the transmission of personal data by e-mail shall be replied to within one month at the latest. Customer support identifies the identity and informs about the personal data that are subject to the transfer.
11. Direct marketing communications
The email address and phone number will be used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, the appropriate reference in the email footer should be selected or customer support contacted.
When personal data is processed for direct marketing purposes (profiling), the customer is entitled to the processing of his / her personal data, both initial and further, including direct marketing.
12. Settlement of disputes
Disputes related to the processing of personal data are resolved through customer support at email@example.com. The Supervisory Authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).