The controller of personal data of the online shop stayyoung.shop (hereinafter referred to as the Online Shop) is Woofy OÜ (registration code 14946608), registered at Raekoja plats 16, Tartu tel +372 56450690 and e-mail info@stayyoung.shop.

What personal data is processed:
– name, telephone number and e-mail address;
– delivery address;
– bank account number;
– cost of goods and services and payment details (purchase history);
– customer support details;
– IP address.

Purposes for which personal data is processed

Personal data is used for the management of customer orders and the delivery of goods.

Purchase history data (date of purchase, goods, quantity, customer details) is used to compile an overview of goods and services purchased, to analyse customer preferences and for the purpose of, among other things, resolving consumer disputes.

The bank account number is used to return payments to the customer and, if necessary, to verify payments.

Personal data, such as e-mail, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support). In addition, e-mail is used to send invoices and the telephone number is used to notify the arrival of goods at the parcel machine.

The IP address of the user of the online shop is used to collect website usage statistics, improve the user experience or display targeted advertisements. The customer gives his consent to this by accepting cookies on the website.

Legal basis

The processing of personal data is carried out for the purposes of the performance of the contract with the customer (management of customer orders, delivery, return of goods and payments).

The processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting).

The processing of personal data is necessary for the purposes of the legitimate interest pursued by the controller in collecting the purchase history for the settlement of possible consumer disputes.

The processing is carried out with the consent of the customer for the following activities: sending newsletters to the e-mail address
Recipients to whom personal data are disclosed.

The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods to be delivered by courier, the customer’s address will be transmitted in addition to the contact details.

If the accounting of the online shop is carried out by the service provider, the personal data will be transferred to the service provider for the purpose of carrying out accounting operations.

Personal data may be transferred to providers of business software services if this is necessary to ensure the functionality or data availability of the online shop.

Security and data access

Personal data is stored on the servers of the Webshop and business software located in Estonia.

Access to personal data is granted to the employees of the online shop, who can access personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services.

The online shop implements appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure, including:
– data exchange with the e-shop is carried out over an encrypted connection (TSL);
– customer passwords are stored in encrypted form (hashes);
– standard encryption is used for sending e-mails;
– a firewall and appropriate anti-virus protection is implemented to protect the e-shop servers;
– regular backups are created and stored separately from the e-shop server.

Transfers of personal data from the online shop to recipients (e.g. transport service providers and data aggregators) are based on contracts between the online shop and the processors.

Controllers are required to ensure appropriate safeguards for the processing of personal data in accordance with Article 28 of the GDPR.

Accessing and correcting personal data
Personal data can be accessed and corrected via Customer Support. If the request for access is made electronically, the information will also be provided by commonly used electronic means.

Withdrawal of consent

If the processing of personal data is based on the consent of the customer, the customer has the right to withdraw the consent by informing Customer Support by e-mail.

Storage

When you close your online shop customer account, your personal data will be deleted, except for personal data (purchase history data) that need to be stored for accounting purposes or to resolve consumer disputes.

In the case of disputes relating to payments and consumer disputes, personal data will be kept until the claim is settled or the limitation period expires. Personal data contained in accounting records shall be kept for seven years.

Restriction

You have the right to request the restriction of the processing of your personal data if the data is inaccurate or incomplete or if your personal data is processed unlawfully.

Objections

The customer has the right to object to the processing of his/her personal data if he/she has reason to believe that there is no lawful basis for the processing of his/her personal data.

Deletion

In order to delete personal data, you must contact customer support by e-mail. A reply to the deletion request will be sent within one month at the latest, specifying the period of deletion. The reply to the request will also indicate which personal data will not be deleted and on what legal basis and for what reason.

Transfer to

Requests for the transfer of personal data made by e-mail will be answered within one month at the latest. Customer Support will verify the identity and notify the personal data to be transferred.

Direct marketing communications

The email address will only be used to send direct marketing messages if the customer has consented to receive newsletters. Otherwise, no direct marketing messages will be sent to the customer. If the customer does not wish to receive direct marketing communications to which they have previously given their consent, they should select the appropriate reference in the footer of the e-mail or contact customer support.

Dispute resolution

Disputes relating to the processing of personal data can be resolved through customer support (email info@stayyoung.shop and tel +372 56450690).