General provisions
This privacy policy governs the principles governing the collection, processing and storage of personal data by the online shop motorock.ee (hereinafter referred to as the Online Shop). The personal data is collected and stored by the controller of personal data MotoMad OÜ (registration code 12792213), located in Võru County, Rõuge Parish, Mõõlu Village, Hundi, 66259. Phone +372 555 58 555 and e-mail pood@motorock.ee.
For the purposes of the Privacy Policy, a data subject is a customer or other natural person whose personal data is processed by a data processor.
For the purposes of this Privacy Policy, a customer is anyone who purchases goods or services from the website of the data processor.
The data processor complies with the data processing principles laid down in the legislation, including the lawful, fair and secure processing of personal data. The data controller is able to confirm that the personal data have been processed in accordance with the law.
For the purposes of this Privacy Policy, a data subject is a customer or other natural person whose personal data is processed by a data processor.
For the purposes of this Privacy Policy, a customer is anyone who purchases goods or services from the website of the data processor.
The data processor complies with the data processing principles laid down in the legislation, inter alia, the data processor processes personal data lawfully, fairly and securely. The data controller is able to confirm that the personal data have been processed in accordance with the law.
What personal data is processed
- name, telephone number and e-mail address;
- delivery address;
- pangakonto number;
- the cost of goods and services and payment details (purchase history);
- customer support details;
- statistics on visits to the website and marketing channels (ads, direct mail);
- IP aadress
In addition to the above, the data controller is entitled to collect data about the customer that is available in public registers.
The personal data collected, processed and stored by the data processor are collected electronically, mainly through the website and e-mail, but also through contact events such as demo days, trade fairs, etc..
By sharing his or her personal data, the data subject grants the data processor the right to collect, organise, use and manage, for the purposes specified in the Privacy Policy, the personal data that the data subject directly or indirectly shares with the data processor when purchasing goods or services on the website.
It is the data subject’s responsibility to ensure that the information he or she provides is accurate, correct and complete. Knowingly providing false information will be considered a breach of the Privacy Policy. It is the data subject’s responsibility to inform the data processor immediately of any changes to the data provided.
The data processor shall not be liable for any damage caused by the submission of incorrect data by the data subject to the data subject or to third parties.
Purposes for which personal data is processed
Personal data is used for the management of customer orders and the delivery of goods.
Purchase history data (date of purchase, goods, quantity, customer details) is used to provide an overview of the goods and services purchased, to analyse customer preferences and to resolve consumer disputes.
The bank account number is used to refund payments to the customer.
Personal data, such as e-mail, telephone number, customer’s name, are processed in order to resolve issues related to the provision of goods and services (customer support). In addition, e-mail is used to send invoices and the telephone number is used to notify the customer of the arrival of the goods at the parcel machine.
A web shop user’s IP address or other network identifiers are processed for the purposes of providing the web shop as an information society service and for web usage statistics.
Website and marketing channel statistics are collected and processed for the purposes of improving the user experience of the online shop, making decisions about product ranges and making more appropriate offers to customers.
Use of cookies on the website
When you visit motorock.ee, we may use a variety of technologies to identify you and to obtain additional information about our users. This may be directly or through third party technology. For example, it may involve the use of cookies.
There are two types of cookies. The first saves a text file for a longer period of time and has an expiry date. The purpose of this cookie is, for example, to let you know what’s new since your last visit.
Another type of cookie is called a session cookie and has no expiry date. In this case, a text file is temporarily stored when you visit our site. This helps us to remember, for example, which language you prefer to use. The text file will be deleted as soon as you close the browser.
Cookies help:
- Manage the website according to your expectations, for example, avoid the need to log in several times in one session.
- Remember your settings and personalise page content for you to find information faster.
- Improve the speed and security of the motorock.ee website.
- to make it easier to share website content on social media (Facebook).
- Plan website improvements and developments.
Functions of third parties:
For example, Facebook and Google may use their cookies or other methods to collect information about the content of our website that you have clicked on. They use this type of information to provide usage statistics analysis and advertisements on topics of interest to you.
We do not access or control these cookies. The use of third party cookies is subject to the privacy policy of the installers. To this end, we recommend that you read the privacy policies of each third party separately.
You can read the Facebook Cookie Policy here:
You can read Google’s terms and conditions for cookies here:
You can read the terms and conditions of MailChimp (newsletters) cookies here:
https://mailchimp.com/legal/ ja siin: https://mailchimp.com/legal/privacy/
You can read the terms and conditions of Hotjar cookies here:
Legal basis
The processing of personal data is carried out for the purposes of the performance of the contract with the customer (management of customer orders, delivery, return of goods and payments).
Processing of personal data for the performance of a legal obligation (e.g. accounting).
The processing of personal data is necessary for the purposes of the legitimate interest pursued by the controller in the collection of purchase history data for the settlement of possible consumer disputes.
Recipients to whom personal data are disclosed
Personal data will be transferred to the online shop’s customer support for the purpose of managing purchases and purchase history and resolving customer issues.
The name, telephone number and e-mail address will be transmitted to the transport service provider chosen by the customer. In the case of goods to be delivered by courier, the customer’s address will be transmitted in addition to the contact details.
In the case of an online shop where the accounting is carried out by a service provider, the personal data will be transmitted to the service provider for the purpose of carrying out accounting operations.
Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality or data availability of the online shop.
Security and data access
Personal data is stored on Elkdata OÜ servers located in the territory of a Member State of the European Union or in the territory of countries that have joined the European Economic Area. The data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to a third country undertaking to which a safeguard measure referred to in Articles 46 or 47 or 49(1) of the GDPR has been applied.
Access to personal data is granted to the employees of the online shop who can access personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services.
The online shop implements appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure, such as:
- data exchange with the e-shop takes place over an encrypted connection (TSL),
- customer passwords are kept encrypted,
- emails are sent using standard encryption,
- a firewall and appropriate anti-virus protection is in place to protect the e-shop servers, and regular backups are made.
Transfers of personal data from the online shop to recipients (e.g. transport service providers and data aggregators) are based on contracts between the online shop and the processors.
Processors are obliged to ensure appropriate safeguards for the processing of personal data in accordance with Article 28 of the GDPR.
Accessing and correcting personal data
Personal data can be accessed and corrections can be made in the online shop’s user profile or via customer support. If the purchase has been made without a user account, the personal data can be accessed via the online support. If the request for access to personal data has been made electronically, the information will also be provided through publicly available electronic means.
Withdrawal of consent
If the processing of personal data is carried out on the basis of the customer’s consent, the customer has the right to withdraw the consent in the customer account settings or by informing customer support by e-mail.
Storage
When you close your online shop account, your personal data will be deleted, with the exception of personal data (purchase history data) that need to be stored for accounting purposes or to resolve consumer disputes.
In the case of disputes relating to payments and consumer disputes, personal data will be kept until the claim is settled or the limitation period expires.
Personal data contained in accounting records shall be kept for seven years.
Restriction
You have the right to request the restriction of the processing of your personal data if the data is inaccurate or incomplete or if your personal data is processed unlawfully.
Objections
The customer has the right to object to the processing of his/her personal data if he/she has reason to believe that there is no lawful basis for the processing of his/her personal data.
Deletion
If you wish to have your personal data deleted, please contact customer support by e-mail. A reply to the deletion request will be sent within one month at the latest, specifying the period of deletion.
The reply to the request shall also specify the personal data that will not be deleted and the legal basis and reason for the non-deletion.
Transfer to
Requests for transfer of personal data made by e-mail will be answered within one month at the latest.
Customer Support will verify the identity and notify the personal data to be transferred.
Direct marketing communications
The email address and telephone number will be used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, he/she should select the appropriate reference in the footer of the e-mail or contact customer support.
Dispute resolution
Disputes relating to the processing of personal data can be resolved by contacting customer supportat vahenduselpood@motorock.ee. The supervisory authority is the Estonian Data Protection Inspectorate(info@aki.ee).