12.4. The controller of the customer's personal data of the e-shop www.pür.ee is PÜR Cosmetics OÜ, with registration code 16421821, address Jaama 76, Tartu, 50605 Republic of Estonia, telephone +372 5398 1101, e-mail "trader").

What personal data is processed

• name;
• contact information such as phone number and email address;
• payer and delivery address;
• Bank account number;
• cost of goods and services and data related to payments (purchase history);
• customer support data;
• other information related to customer surveys and/or offers.

You can read more about the use and storage of cookies on this page.

For what purpose is personal data processed?
Personal data is processed for the purpose of fulfilling the contract concluded with the customer. Personal data is processed to fulfill a legal obligation (e.g. accounting and consumer dispute resolution).
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, product, quantity, customer data) is used to create an overview of purchased goods and services and to analyze customer preferences.
The bank account number is used to return payments to the customer.
Personal data, such as e-mail address, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support), as well as to prepare and transmit offers and news.
The e-shop user's IP address or other network identifiers are processed for the provision of the e-shop as an information society service and for online usage statistics.

Transfer of personal data to authorized processors
The merchant keeps the customer's personal data, which has become known to him during the registration and use of the user account, confidential and discloses them to third parties only with the customer's consent, except if the obligation or right to publish data arises from legislation. The user of the e-store agrees that the merchant has the right to process his data in order to provide appropriate services to the customer, including transferring the customer's data to persons involved in the merchant's provision of services to the customer. List of authorized processors:

Information technology service providers - Personal data is transferred to information technology service providers because it is necessary to ensure the functionality and data storage of the e-store

1. Zone.ee

Financial and warehouse software - for accounting and warehouse operations

1. SmartAccounts

Suppliers - to deliver orders to the customer:

1. DPD
2. Itella
3. Omniva

Payment intermediaries - to pay for orders

1. Swedbank
2. SEB
3. Denmark
4. Luminor
5. LHV
6. Coop
7. Citadel
8. PayPal
9. Montonio

Collection of statistics - collection of information for the purpose of improving the user experience of the e-store:

1. Google Analytics
2. Facebook
3. MailChimp

Security and data access
Personal data is stored on Zone.ee servers, which are located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated with the Privacy Shield framework.

The e-shop implements appropriate physical, organizational and IT security measures to protect personal data from accidental or illegal destruction, loss, alteration or unauthorized access and disclosure.

Transfer of personal data to authorized processors of the e-store - processing of personal data takes place on the basis of contracts concluded with the e-store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.

Viewing and correcting personal data
Personal data stored in the e-shop can be consulted and corrections can be made in the e-shop's account management.

Withdrawal of consent
If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent in the account management of the e-store.

Storage
Upon closing the customer account of the e-store, personal data is deleted, except if such data needs to be kept for accounting purposes or to resolve consumer disputes.

If the purchase is made in the e-store as a guest (without a user account), the personalized purchase history is stored for three years.

In case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or until the end of the statute of limitations (three years).

Personal data necessary for accounting are stored for seven years.

Erasure
Personal data stored in the e-shop together with the user account can be deleted in the e-shop account management.

You can request the deletion of other personal data using the data request form. The data deletion request will be answered no later than within a month, and if necessary, the data deletion period will be specified.

Transfer
You can download an electronic extract of personal data stored in the online store in the account management of the online store.

You can request the transfer of other personal data using the data request form. The request for data transfer will be answered no later than within a month, during which the customer support identifies the identity and informs about the personal data applicable to the transfer.

Direct marketing messages
The e-mail address and phone number are used to send direct marketing messages, if the customer has given their consent. If the customer does not wish to receive direct marketing messages, he must select the corresponding reference in the e-mail header or contact customer support.

If personal data is processed for direct marketing purposes (profiling), the customer has the right to both initial and further processing of his personal data

13. Dispute Resolution Procedure
Disputes related to the processing of personal data are resolved through customer support. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee). Consumer Protection Commission and the ODR platform.