Processing of Personal Data
The controller of personal data for the Fiiber online store is Fiibershop OÜ (www.fiibershop.ee, registry code 14150980), located at Tondi tn 37-1, Tallinn, Harjumaa 11316, phone: 55611377, email: fiibershop@fiibershop.ee.
What personal data is processed:
- Name, phone number, and email address
- Shipping address
- Purchase and payment-related information (purchase history)
- Customer support data
Purpose of processing personal data:
Personal data is used to manage customer orders and deliver goods. Purchase history (date of purchase, item, quantity, customer details) is used for compiling purchase overviews and analyzing customer preferences. Personal data such as email, phone number, and customer name is used for handling issues related to the provision of goods and services (customer support). The user’s IP address or other network identifiers are processed for providing the online store as an information society service and for generating website usage statistics.
Legal basis:
Personal data is processed to fulfill a contract concluded with the customer. Data is also processed to comply with legal obligations (e.g., accounting and resolving consumer disputes).
Recipients to whom personal data is disclosed:
Personal data is disclosed to the online store’s customer support for managing purchases and purchase history and resolving customer issues. Name, phone number, and email address are forwarded to the delivery service provider chosen by the customer. If the product is delivered by courier, the customer’s address is also shared. If accounting is handled by a service provider, data is shared with the provider for accounting purposes. IT service providers may receive data if necessary for the functionality or hosting of the online store. Fiibershop OÜ is the data controller; for payment processing, personal data is forwarded to the authorized processor Maksekeskus AS.
Security and access to data:
Personal data is stored on WebCraft servers located in EU member states or countries part of the EEA. Data may be transferred to countries with adequate data protection levels as assessed by the European Commission or to U.S. companies participating in the Privacy Shield framework. Employees of the online store have access to personal data to resolve technical issues and provide customer support. The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure. Data transfer to authorized processors (e.g., transport or hosting providers) is based on contracts, and processors are required to ensure appropriate protection of personal data.
Access and correction:
You can access and correct personal data in your user profile. If the purchase was made without an account, data can be accessed through customer support.
Withdrawal of consent:
If data processing is based on consent, the customer has the right to withdraw consent by notifying customer support via email.
Retention:
When a customer account is closed, personal data is deleted unless it must be retained for accounting or consumer dispute purposes. If a purchase was made without an account, purchase data is retained for three years. In case of disputes related to payments or consumers, data is retained until the claim is fulfilled or the limitation period expires. Data necessary for accounting is retained for seven years.
Deletion:
To delete personal data, contact customer support via email. A response will be provided within one month, including information about the deletion period.
Data portability:
Requests for data portability submitted via email will be responded to within one month. Customer support will verify identity and provide information on the data to be transferred.
Dispute resolution:
Disputes related to personal data processing are resolved through customer support (CONTACT DETAILS). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).
