Privacy Policy

Processing of Personal Data

The personal data controller of the online store tavaline.com is 3B Solutions OÜ (registry code: 12620653), located at Käo 11, Tallinn, Estonia, phone +372 5151774, email info@tavaline.com.

What personal data is processed
− Name, phone number, and email address;
− Delivery address;
− Bank account number;
− Data related to the cost of goods and services and payments (purchase history);
− Customer support data.

Purpose of processing personal data
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, product, quantity, customer details) is used to compile an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to issue refunds to the customer.
Personal data such as email, phone number, and customer name are processed to resolve issues related to the provision of goods and services (customer support).
The IP address or other network identifiers of the Online Store user are processed to provide the Online Store as an information society service and to compile website usage statistics.

Legal basis
The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the customer.
The processing of personal data is carried out to comply with a legal obligation (e.g., accounting and resolving consumer disputes).

Recipients to whom personal data is transmitted
Personal data is transmitted to the Online Store’s customer support for managing purchases and purchase history, and for resolving customer issues.
The name, phone number, and email address are transmitted to the transport service provider chosen by the customer. If the goods are delivered by courier, the customer’s address is transmitted in addition to the contact details.
The personal data necessary for processing payments is transmitted to the authorized processor, Montonio Finance UAB.
Personal data is transmitted to the accounting service provider for performing accounting operations.
Personal data may be transmitted to IT service providers when necessary to ensure the functionality of the Online Store or data hosting.

Security and access to data
Personal data is stored on zone.ee servers located within the territory of a European Union member state or a country that is part of the European Economic Area. Data may be transmitted to countries whose level of data protection has been deemed adequate by the European Commission, as well as to U.S. companies that have joined the Privacy Shield framework.
Access to personal data is granted to the Online Store’s employees who need to process such data in order to resolve technical issues related to the use of the Online Store and to provide customer support services.
The Online Store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, and disclosure.
The transmission of personal data to the Online Store’s authorized processors (e.g., transport service provider and data hosting) is carried out on the basis of agreements concluded between the Online Store and the authorized processors. Authorized processors are required to ensure appropriate safeguards when processing personal data.

Access to and correction of personal data
Personal data can be accessed and corrected in the Online Store’s user profile. If the purchase was made without a user account, personal data can be accessed through customer support.

Withdrawal of consent
If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw that consent by notifying customer support via email.

Retention
When the Online Store customer account is closed, personal data will be deleted, except when such data needs to be retained for accounting purposes or for resolving consumer disputes.
If a purchase has been made in the Online Store without a customer account, the purchase history will be retained for three years.
In the case of disputes related to payments or consumer claims, personal data will be retained until the claim has been satisfied or until the end of the limitation period.
Personal data necessary for accounting purposes will be retained for seven years.

Deletion
To delete personal data, please contact customer support via email. Requests for deletion will be responded to no later than within one month, specifying the time frame for data deletion.

Transfer
Requests for the transfer of personal data submitted via email will be responded to within one month at the latest.
Customer support will verify the identity of the requester and provide information about the personal data subject to transfer.

Direct marketing messages
The email address and phone number are used for sending direct marketing messages if the customer has given the corresponding consent. If the customer does not wish to receive direct marketing messages, they must select the corresponding link in the footer of the email or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to both the initial and any further processing of their personal data, including profiling related to direct marketing, by notifying customer support via email (this information must be presented clearly and separately from any other information).

Dispute resolution
Disputes related to the processing of personal data will be resolved through customer support at info@tavaline.com The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).

Cookies

The use of cookies helps us provide you with the best possible user experience. A cookie is a small text file that a web server sends to the user’s browser, which is then stored on the user’s device hard drive. Most web browsers automatically accept cookies, but you can change your browser settings to disable or delete cookies.