Processing of personal data
The personal data controller of the e-shop, medpoint.ee, is INPELLO OÜ, registry code 12435447, address Tõlviku tee 10, Maardu, Harju county, Republic of Estonia, 74117 telephone 56669222 and e-mail info@medpoint.ee (hereinafter "Merchant").
What personal data is processed
- name;
- contact information such as phone number and email address;
- payer's and delivery address;
- Bank account number;
- cost of goods and services and data related to payments (purchase history);
- customer support information;
- other information related to customer surveys and / or offers.
For what purpose is personal data processed?
The processing of personal data takes place for the purpose of fulfilling the contract entered into with the customer. The processing of personal data is carried out in order to fulfill a legal obligation (eg accounting and settlement of consumer disputes).
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to return payments to the customer.
Personal data, such as e-mail address, telephone number, customer name, is processed to resolve issues related to the provision of goods and services (customer support).
The e-shop user's IP address or other network identifiers are processed to provide the e-shop as an information society service and to compile web usage statistics.
Transfer of personal data to authorized processors
The Merchant shall keep the personal data of the Customer, which has become known to him / her in the course of registration and use of the user account, secret and disclose them to third parties only with the consent of the Customer, unless the obligation or right to disclose the data arises from legislation. The user of the e-store agrees that the merchant has the right to process his / her data in order to provide services suitable for the customer, including forwarding the customer's data to persons who are related to the provision of the service by the merchant to the customer. List of authorized processors:
ERPLY- https://erply.com/privacy-policy/ Personal information is transferred to the accounting software for accounting purposes.
Mailchimp - https://mailchimp.com/legal/privacy/ - Personal data is transmitted to the e-shop newsletter service provider for the purpose of direct marketing and only with the consent of the customer.
Facebook- https://www.facebook.com/about/privacy/update#
Google - https://policies.google.com/privacy#infocollect - Personal data (information about the IP, browser, operating system and other network identifiers) is collected for statistics and analysis in order to improve the user experience and technical solution of the e-shop.
Hotjar - https://www.hotjar.com/legal/policies/privacy - Personal data (information about the IP, browser, operating system and other network identifiers) is collected for statistics and analysis in order to improve the user experience and technical solution of the e-shop.
Payment Center - https://maksekeskus.ee/tingimused/ - Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
ESTO installments - https://esto.ee/terms- Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
Montonio installments https://montonio.com/legal Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
Itella - Personal data (name, telephone number and e-mail address) is transferred to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer's address will be provided in addition to the contact details.
Omniva - Personal data (name, telephone number and e-mail address) is transferred to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer's address will be provided in addition to the contact details.
DPD - Personal data (name, telephone number and e-mail address) will be transferred to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer's address will be provided in addition to the contact details.
Swedbank - Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
SEB - Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
Luminor - Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
LHV- Personal data is transferred to the payment solution provider selected by the customer in connection with the storage of information necessary for transactions.
Security and access to data
Personal data is stored on the servers of AS Wevecom, which are located in the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are part of the Data Protection Shield (Privacy Shield) framework.
The e-shop implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
Transfer of personal data to the authorized processors of the e-store - personal data is processed on the basis of agreements concluded with the e-store and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.
Access to and correction of personal data
The personal data stored in the e-shop can be accessed and corrections can be made in the account management of the e-shop. If the purchase has been made as a guest (without a user account), you can request personal data from the contact form.
Withdrawal of consent
If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent in the account management of the e-store.
Preservation
Upon closing the customer account of the e-store, personal data will be deleted, unless such data needs to be stored for accounting or resolution of consumer disputes.
If the purchase in the e-store has been made by a guest (without a user account), the personalized purchase history will be stored for three years.
In the case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires (three years).
The personal data required for accounting purposes shall be kept for seven years.
Deletion
Personal data stored in the e-store together with the user account can be deleted in the account management of the e-store
You can request the deletion of other personal data from the data request form. The request for deletion of data shall be answered no later than within one month and, if necessary, the period for deletion of data shall be specified.
Transfer
A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of personal information that is subject to transfer.
Direct marketing announcements
The e-mail address and telephone number will be used to send direct marketing communications if the customer has given their consent. If the customer does not wish to receive direct marketing communications, please select the appropriate link in the email header or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to the initial and further processing of his personal data, including profiling related to direct marketing, by notifying customer support by e-mail.
Solving arguments
Disputes related to the processing of personal data are resolved through customer support (info@medpoint.ee). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).