Personal data processing is any action executed with the personal data of the user of the Website (hereinafter: User) – data collection, processing, storage, rectification or deletion.
Users are all persons who visit the Website, purchase products or send any information to SS20 by sending a request via e-mail, for example.
Products are all products sold on the SS20 Website.
Personal data processing
SS20 will collect the personal data below via the Website in the following manner:
- User’s e-mail address – when the User joins the mailing list or sends an e-mail;
- User’s name, address, phone, e-mail address, product purchased, amount, price, date – when the User makes a purchase;
- Website traffic statistics – via Google Analytics, Facebook Pixel.
Usage of personal data
SS20 uses personal data:
- for selling products to the User, interacting with the User, sending products and the issuing of invoices;
- for notifying the User by e-mail of new products, campaign offers, raffles and blog posts, but only with the prior consent of the User.
SS20 uses Website traffic statistics to improve the user experience and ensure more efficient marketing.
The User has the right to prohibit the processing of his or her personal data at any time, except when such processing is needed for fulfilling a contractual requirement, including for the sale of the products.
Transfer of personal data to third parties
A third party is a contractual or cooperation partner of SS20, who processes the personal data and whose products or services allows SS20 to provide services to the User.
In its daily operations, SS20 uses third parties who provide:
- payment solutions (banks, Maksekeskus AS*),
- transportation of products,
- Web hosting,
- IT support for the Website,
- e-mail sending and management,
- collection of user statistics for the Website,
- social media use,
- use of accounting software.
In the provision of such services, contractual and cooperation partners may have access to the User’s personal data and/or may process such data. Contractual and cooperation partners have a legal obligation to implement and apply security measures to ensure the privacy and security of the personal data.
* SS20 is the controller of the personal data and transfers the personal data required for processing the payments to the processor, Maksekeskus AS.
Personal data storage and security
SS20 stores the personal data until necessary for achieving the purpose of the processing or until required by law. For example, the personal data accompanying a purchase or the e-mail address in the mailing list are stored until the User requests that they be deleted. Accounting data, for example, are stored for 7 years after the end of the financial year, according to legislation.
SS20 applies all reasonable means to protect the personal data processed. Access to the personal data for modification and processing is only granted to authorised persons and the personal data of all users are treated as confidential information.
Rights of the User
The User has the right at any time to:
- request access to his/her personal data;
- request the amendment or rectification of the personal data;
- request the deletion of his/her personal data;
- request restriction of the processing of his or her personal data;
- request the transfer of his/her personal data.
To exercise his or her rights, the User must send a request to the e-mail address firstname.lastname@example.org.
If the User has joined SS20’s mailing list, he/she can delete himself/herself from the mailing list and unsubscribe from future e-mails via the link at the end of the e-mail.
If the User believes his/her rights to be violated during the processing of personal data, he/she has the right to turn to the Estonian Data Protection Inspectorate.
By using SS20’s website, the User accepts the use of the cookies according to the procedure described in this Policy.
A cookie is a small text file automatically stored by the web browser in the device used by the User. Cookies may be created by various service providers, such as Google and Facebook, for example. Cookie files do not harm the computer in any way.
Cookies come in two types:
- Persistent cookies oare permanent and not removed until the User deletes them or when they expire (depending on the duration period of the cookie). Persistent cookies can be used for identifying the User as a repeat visitor of the Website and for adapting the content of the Website according to the User’s needs, or for collecting statistical data.
- Temporary cookies or session cookies are temporary and removed when the User leaves the Website or closes his/her web browser. Session cookies can be used for enabling certain functions of the Website to allow purchasing a product, for example, etc.
Cookies are used to collect information on the use of the Website to provide a more personal and user-friendly user experience. Furthermore, cookies help to collect user statistics to measure and improve the functioning of the Website and provide source data for efficient marketing activities.
The User is deemed to have accepted the cookies if cookies are enabled in his/her web browser settings.
Most web browsers have cookies automatically enabled. The User can block the cookies in the web browser but should keep in mind that doing this may lose some of the functions needed for the proper functioning of the Website SS20. Instructions on how to delete cookies and change cookie settings are available here: Firefox, Chrome, Internet Explorer.
To collect user statistics, SS20’s Website uses Google Analytics, which collects information on the content pages visited, the time of visits, visitor numbers, the devices used, the traffic sources and other statistics.
However, Google Analytics may collect data on user activity without using any cookie files. To prevent Google Analytics from using the data, the User can install an application blocking Google Analytics: Google Analytics Opt-out Browser Add-on, which is compatible with all major web browsers.