privacy policy

processing of personal data

The chief processor of personal data of the e-store dermalogica.ee is Kivilaine OÜ, registry code 10074074, address Pärnu mnt 8, Tallinn 10148, Harjumaa, phone +372 6057057 and e-mail info@dermalogica.ee (hereinafter “merchant”).

1. What personal data are processed

surname and family name;

contact information such as a telephone number and an e-mail address;

payer’s address and delivery address;

bank account number;

costs of goods and services and data related to payments (purchase history);

customer support details;

other information related to customer surveys and/or offers.

You can read more about the use and recording of cookies on this page.

2. For what purpose is personal data processed?

Personal data are processed for the purposes of the performance of the contract concluded with the customer. Personal data are processed for the performance of legal obligations (for example, accounting and the resolution of consumer disputes).

Personal data are used for managing the customer’s orders and delivering the goods.

Purchase history data (purchase date, goods, quantity, customer data) are used for preparing an overview of goods and services purchased and for analysing customer preferences.

The bank account number is used to refund payments to the customer.

Personal data such as e-mail address, telephone number and customer name are processed in order to resolve any issues related to the provision of goods or services (customer support).

The IP address or other online identifiers of the user of the online shop are processed for the provision of the online shop as an information society service and for the compilation of Internet use statistics.

3. Transmission of personal data to authorised processors

The merchant keeps secret the customer’s personal data that have become known to it in the course of the registration and use of the user account and publishes them to third parties only with the customer’s consent, except where the obligation or entitlement to publish the data results from legislation.

The user of the online shop accepts that, in order to provide the customer with suitable services, the merchant is entitled to process their data, including the transmission of the customer’s data to parties related to the provision of a service for the customer by the merchant.

Kivilaine OÜ is the chief processor of personal data and forwards the personal data necessary for making payments to the authorized processor Maksekeskus AS.

4. Security and access to data

The e-shop implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.

Transfer of personal data to the authorized processors of the e-shop – personal data is processed on the basis of agreements concluded with the e-shop and the authorized processors. Authorized processors are obliged to ensure appropriate safeguards for the processing of personal data.

5. Accessing and correcting personal data

Personal data recorded in the online shop may be inspected or amended via the online shop account management . If a purchase has been made in the capacity of a visitor (without a user account), a query about personal data may be submitted using the request for information form.

6. Revocation of consent

If personal data is processed based on the customer’s consent, the customer is entitled to revoke their consent via the online shop account management.

7. Retention

When a customer account is closed in the online shop, any personal data is deleted, except where such data needs to be retained for accounting or the resolution of consumer disputes.

If the purchase in the e-store has been made as a guest (without a user account), the personalized purchase history will be preserved.

In the case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires.

Personal data required for accounting purposes shall be kept for seven years.

8. Deletion

Personal data recorded in the online shop along with the user account may be deleted via the online shop account management .

You can submit a query about the deletion of other personal data using the request for information form. A request for the deletion of data is answered no later than within a month, and the period for the deletion of the data is clarified if necessary.

 

9. Transfer

You can request the transfer of personal data. The request for data transfer shall be answered no later than within one month, when the customer support identifies and informs about the personal data applicable to the transfer.

 

10. Direct marketing messages

The e-mail address and telephone number will be used to send direct marketing communications if the customer has given his consent. If the customer does not wish to receive direct marketing communications, they must select the appropriate link in the email header or contact customer support.

11. Resolution of disputes

Disputes related to the processing of personal data are resolved through customer support.