Privacy & Cookies Policy

USE OF COOKIES

The online store uses cookies. A cookie is a small text file that the web browser automatically saves to the device used by the client. Cookies are used to collect information about how the client uses the online store, with the aim of offering a better user experience.

The following types of cookies are used in the online store:

• Session cookies, which enable the use of the online store;

• Persistent cookies, which remember the client's preferences in the online store;

• First-party and/or third-party cookies, used to display relevant advertisements and offers to the client;

• Third-party analytics cookies, used for optimizing marketing communication.

Clients can delete and/or block cookies stored on their devices by adjusting the relevant settings in their web browser. If cookies are not used, the online store may not function as intended and/or some functionalities may not be accessible to the client.

In addition to analytics cookies, the online store uses pixels (pixel tags, web beacons) to monitor usage of the seller's website. No personally identifiable information is processed during this activity.

PROCESSING OF PERSONAL DATA

The data controller of the personal data in the BLUMMiN B2B online store is BLUMMIN OÜ (registry code [insert registry code]), located at Soosepa tee 47-1, 74020 Pärnamäe village, Viimsi municipality, Estonia. Email: b2b@blummin.ee

WHAT PERSONAL DATA IS PROCESSED

• Name, phone number, and email address;

• Shipping address;

• Bank account number;

• Data related to purchased goods and services, including payment details (purchase history);

• Customer support information.

PURPOSES OF PERSONAL DATA PROCESSING

• To manage customer orders and deliver goods;

• Purchase history (purchase date, item, quantity, customer details) is used to compile an overview of purchased goods and analyze customer preferences;

• Bank account numbers are used for refunding payments to customers;

• Contact details such as email, phone number, and name are used to resolve issues related to goods and services (customer support);

• IP address and other network identifiers are processed for providing online store services and compiling web usage statistics.

LEGAL BASIS

• Processing of personal data is based on the performance of a contract with the customer;

• Processing is also based on legal obligations (e.g. accounting and resolving consumer disputes).

RECIPIENTS OF PERSONAL DATA

• Personal data is shared with the online store’s customer support to manage purchases and resolve customer issues;

• Name, phone number, and email address are shared with the transport service provider selected by the customer. If delivery is via courier, the customer’s address will also be provided;

• Accounting services are provided by a third party, and personal data is shared with the service provider for accounting purposes;

• Personal data may also be shared with IT service providers if necessary for the functionality or data hosting of the online store.

SECURITY AND ACCESS TO DATA

Personal data is stored on ShopRoller.com servers located within the territory of an EU Member State or a country within the European Economic Area. Data may also be transferred to countries deemed to have an adequate level of data protection by the European Commission or to U.S. companies that comply with the Privacy Shield framework.

Access to personal data is granted to employees of the online store who need the data to resolve technical issues or provide customer support.

The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.

Transfers of personal data to authorized processors (e.g. transport service providers, data hosting providers) occur based on contracts. These processors are required to implement appropriate safeguards when handling personal data.

ACCESS AND CORRECTION OF PERSONAL DATA

Personal data can be accessed and edited via the online store user profile. If the purchase was made without a user account, the data can be accessed through customer support.

WITHDRAWAL OF CONSENT

If data processing is based on customer consent, the customer has the right to withdraw their consent by notifying customer support via email.

DATA RETENTION

Upon account closure, personal data will be deleted unless retention is required for accounting or resolving consumer disputes.

If a purchase was made without a customer account, purchase history is retained for three years.

In case of payment or consumer-related disputes, personal data will be retained until the claim is resolved or the limitation period expires.

Data required for accounting purposes will be retained for seven years.

DELETION

To request the deletion of personal data, contact customer support via email. A response will be provided no later than within one month, including a clarification of the deletion period.

DATA PORTABILITY

Requests for data portability submitted via email will be responded to within one month. Customer support will verify identity and inform the client of the data that can be transferred.

DIRECT MARKETING

Email addresses and phone numbers may be used to send direct marketing messages if the customer has given their consent. If the customer no longer wishes to receive these messages, they can click the relevant link in the email footer or contact customer support.

If personal data is processed for direct marketing purposes (including profiling), the customer has the right to object to both initial and further processing of their data, including profiling related to direct marketing, at any time by contacting customer support via email. This information must be provided clearly and separately from all other information.

DISPUTE RESOLUTION

Disputes related to personal data processing are resolved through customer support at b2b@blummin.ee. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).