Cookies and Privacy Notice
EC Shops Oü
Last updated: April 22nd 2020
About this Privacy and Cookie Notice
The website https://www.ecshops.net (the Site) is operated by EC Shops Oü (“we”, “us”, “our”), a company incorporated in Estonia with company number 14375896. Our office Registered is at Harju Maakond, Kesklinna Linnaosa, Kiriku Tn 6, Tallinn, Estonia, 10130.
We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act 2018 (DPA 2018), the General Data Protection Regulation 2016/679 (GDPR) and any other applicable Estonian legislation ( collectively, the Data Protection Law).
When you interact with us or use the Site, we act as the data controller of your personal data. This means that we are responsible for processing your personal data and deciding how to use it. This privacy and cookie notice explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for, and what rights you have over that data. Personal data is any information about an identifiable person. Processing is everything we do with your personal data, including use, storage, sharing and deletion.
This notice was last updated on the date shown above. We may change this notice at any time by posting an updated version on the Site and we will use reasonable efforts to bring any material changes to your attention. You may want to verify this before using the Site, as any changes will be effective from the date they are made..
Contact Information
If you have any concerns or would like more information about our use of data or this notice in general, you can contact our Data Protection Officer at [email protected].
What information do we collect?
We collect, store and use the types of personal data set out in the table at the end of this notice.
How will we use your personal data?
We will use your personal data for the purposes set out in the table at the end of this notice.
We profile our clients so that we can find more information about their purchasing preferences and market the most relevant products to them. To do this, we compile a profile of information about you that may include your age, gender, purchase history, pages you visit, and how you respond to direct marketing communications.
You have the right to object to profiling activities when they are conducted for direct marketing purposes, for our legitimate interests, or for a task that is in the public interest.
How do we share your personal data?
When we share personal data, we do so in accordance with the Data Protection law. We can share certain personal data:
- With employees, contractors, consultants or advisers, we may use third-party services for business purposes, which may include, but are not limited to, email marketing or phone calls.
- with parties that provide products or services to us, such as software development, email services, payment processing, data reporting companies, etc.
- with governmental or quasi-governmental organizations, police authorities and other regulatory authorities or third parties when required or permitted by law, including, but not limited to, in response to court orders, for the prevention and detection of crimes and to protect intellectual property and any other legal rights;
- if the Company or part of the business is sold, transferred or integrated with another business, with our advisers, a prospective buyer, the advisers of a prospective buyer or the new owner of the Company to facilitate the process; and
- We can also provide aggregated but anonymous information and analysis about our customers to third parties. Before doing so, we will make sure that it does not identify you.
In some cases, when we share personal data, it will involve the transfer of that personal data to countries outside the EEA that have different data protection standards than those that apply in the EEA. When we transfer personal data outside of the EEA, we will ensure that adequate safeguards are in place to protect your privacy rights under the Data Protection Act.
Use of cookies and similar technologies.
We and our third-party service providers use cookies and similar technologies to collect information about you and your use of the Site. Cookies are small text files that are stored on your computer when you visit the Site. It is standard practice to use cookies to improve your experience when using a website.
We use the following categories of cookies and similar technologies on this site:
- Strictly necessary cookies: these cookies are essential to allow you to move around the Site and use its functions. Without these cookies, the services you have requested (such as remembering your login details or the items you placed in your basket) cannot be provided.
- Analysis cookies: these cookies collect information about how you use the Site, for example, which pages you visit most often, what searches you perform, and whether you receive error messages from web pages. The information these cookies collect can be used to improve the operation of the Site.
- Personalization cookies: these cookies allow the Site to remember the choices you make (such as your username) and to provide enhanced and more personal features. These cookies cannot track your browsing activity on other sites.
- Security cookies: these cookies are part of our security features, for example, by helping us detect malicious activity or violations of our terms of use.
- Social network cookies: these cookies allow you to share your activity on the Site on social networks such as Facebook and Twitter. These cookies are not under our control. Consult the privacy policies of the social networks in question for information on how their cookies work.
- Targeting or advertising cookies: these cookies record your visit to the Site, the pages you have visited and the links you have followed. We use this information to make our site and the advertising displayed on it more relevant to your interests. [We may also share this information with third parties for this purpose.
When you visit the Site for the first time (and periodically thereafter), we will ask for your consent to the setting of all cookies that are not strictly necessary. You can delete existing cookies and disable some or all types of cookies in the future if you wish. To disable some or all types of cookies, you will need to change your browser settings. If you change your mind, you can re-enable cookies at any time. Disabling cookies in your browser may prevent the Site from working properly.
Third Party Links
Our website contains links to other websites over which we have no control. We are not responsible for or review or endorse the privacy policies or practices of other Sites that you choose to access from this Site. We recommend that you review the privacy policies of those other Sites, so that you can understand how they collect, use and share your personal information.
Your Rights
We respect your rights to privacy and will respond to requests for access or control over your information in accordance with the Data Protection Law. We may ask you to verify your identity before taking any action.
Depending on the reason we have your personal data, you have the right to:
- access the personal information we hold about you (commonly known as subject access);
- request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
- request that we erase your personal information in some circumstances, or object to our processing;
- restrict how we use your personal information, in certain circumstances;
- request that we provide you with copies of your personal information in a machine-readable format or transfer it through different services; and
- where we have asked for your consent to process your data, to withdraw this consent.
These rights are limited in some situations under the Data Protection Act, for example, where we can demonstrate that we have a legal obligation to process your data. If you wish to exercise any of these rights, please contact us.
Your right to object: You have the right to object to our processing of your personal data and request that we stop doing so. If we are processing your personal data or for direct marketing purposes (including profiling insofar as it relates to such direct marketing) and you object to this, we will immediately stop processing your personal data.
If our processing of your personal data is in the public interest or in accordance with our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons overriding your interests, or our use of your personal data is for the establishment, exercise or defense of legal claims.
We look forward to satisfying any queries you may have about the way we process your data. However, if you have unresolved concerns, you also have the right to lodge a complaint with the data protection authorities (in Estonia, the Data Protection Inspectorate).
Data Retention
Your personal data will only be kept for as long as it is necessary for our purposes. Specific periods are set out in the table at the end of this notice.
Data protection principles
We process your personal data in accordance with the following principles:
- we process your personal data in a legal, fair and transparent manner;
- we collect your personal data for specific, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;
- we only process personal data that is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;
- we take reasonable steps to ensure that all personal data is accurate and up-to-date when necessary;
- we do not store personal data in a form that identifies you for longer than is necessary for processing; and
- we process personal data safely and in a way that protects against unauthorized or illegal processing, accidental loss, destruction or damage.
When we request your personal data, we will tell you if the law or contract requires it, and what will happen if you do not provide the data.
Any request for consent to the processing of your personal data will be made directly to you and will include information on why we require the personal data and what will be done with it.
What is our legal basis for the processing?
We will only process personal data when we have a legal basis to do that. The table at the end of this notice sets out the legal basis that we rely on for each type of data that we process. We will choose one of the legal bases in the GDPR to justify how we use your personal data. These are:
- Consent: you have given your consent to the processing of your personal data for one or more specific purposes.
- Contract: the processing is necessary for the performance of a contract with you or to take action at your request before entering into a contract.
- Legal obligation: we need to process your personal data to comply with a legal obligation.
- Vital interests: the processing is necessary to protect the vital interests of you or another person.
- Public interest: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of any official authority.
- Legitimate interests: the processing is necessary for the purposes of legitimate interests pursued by us or another person, except when such interests are overridden by your interests or fundamental rights and freedoms that require the protection of your personal data.
Table of personal information we use
The following table sets out detailed information about our processing purposes, the basis for the processing and the retention period of personal data.
Category of Personal Data | Purpose of Processing | Legal Basis for Processing | Retention Period |
Name and contact details | For the performance of a contract and to prevent fraud | Execution of the Contract | For three years since you last logged in to the site |
Date of Birth | To guarantee the legal sale of the contract | Execution of the Contract | For three years since you last logged in to the site |
Information of Payment | To receive payments and refunds for fraud prevention | Execution of the Contract | We do not store your payment information, our payment platform provider does it for us |
Contact history | Provide customer service and support and train our staff | Consent | For three years since you last logged in to the site |
Items saved in the online shopping cart | To sell you services and / or products | Execution of the Contract | Until you complete your order or for 30 days after the item is stored |
Purchases history | To provide customer service and support and offer you more services | Execution of the Contract | For five years after the last purchase |
Browser, device and site usage information | To improve the site and set default options for yourself, such as language or currency | Consent | For three years since you last logged in to the site |
Responses to surveys, contests and promotions | To run the survey, competition or promotion | Consent | For five years |
Customer feedback and product reviews | For improving our service | Consent | For five years |
Information generated during the use of our products and services | For internal research and development purposes and to improve the features and functions of our site | Consent | For five years |
Information collected through cookies and similar technologies | Perform and store site usage analysis, statistics, trend analysis, and market research. And generate customer profiles to facilitate marketing initiatives | Consent | For five years |