The Data Controller of the webshop www.goldlightcodes.com is Helve Parna www.goldlightcodes.com (registration code 91376900600010), 44 AV DE GRASSE, 06400 CANNES / AIDA TN 7-41, ESTONIA, tel +372 5301 9025 and e-mail info@goldlightcodes.com.

What personal data is processed

• – name, telephone number and e-mail address;
• – delivery address;
• – bank account number;
• – the cost of goods and services and payment details (purchase history);
• – customer support details.
• – IP address

Purposes for which personal data is processed

Personal data is used for the management of customer orders and the delivery of goods.

Purchase history data (date of purchase, goods, quantity, customer details) is used to compile an overview of goods and services purchased, to analyse customer preferences and for the purpose of, among other things, resolving consumer disputes.

The bank account number is used to return payments to the customer.

Personal data, such as e-mail, telephone number, customer name, are processed in order to resolve issues related to the provision of goods and services (customer support). Email is also used to send invoices and the telephone number is used to notify the parcel machine of the arrival of the goods.

The IP address or other network identifiers of the user of the online shop are processed for the purpose of providing the online shop as an information society service and for the purpose of web usage statistics.

Legal basis

The processing of personal data is carried out for the purposes of the performance of the contract with the customer (management of customer orders, delivery, return of goods and payments).

The processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting).

The processing of personal data is necessary for the purposes of the legitimate interest pursued by the controller in collecting the purchase history for the settlement of possible consumer disputes.

Recipients to whom personal data are disclosed

Personal data will be transferred to the online shop’s customer support for the purpose of managing purchases and purchase history and resolving customer issues. (only applies if the customer support service is provided by another person, i.e. a person outside the e-shop).

The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods to be delivered by courier, the customer’s address will be provided in addition to the contact details.

If the accounting of the online shop is carried out by the service provider, the personal data will be transferred to the service provider for the purpose of carrying out accounting operations.

Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online shop or to ensure data availability.

Security and data access

Personal data is stored on the servers of the Web hosting service, which are located in the territory of a Member State of the European Union or in the territory of countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to an undertaking in a third country which has been subject to a safeguard measure as referred to in Articles 46 or 47 or 49(1) of the GDPR.

Access to personal data is granted to the employees of the online shop, who can access personal data in order to resolve technical issues related to the use of the online shop and to provide customer support services.

The online shop implements appropriate physical, organisational and information technology security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure, such as: firewall and appropriate antivirus protection of the online shop servers, regular backups are created and kept separately from the online shop server.

Transfers of personal data from the online shop to recipients (e.g. transport service providers and data aggregators) are based on contracts between the online shop and the processors. Controllers are required to ensure appropriate safeguards for the processing of personal data in accordance with Article 28 of the GDPR.

Accessing and correcting personal data

Personal data can be accessed and corrected in the online shop’s user profile or via customer support. If the purchase has been made without a user account, you can access the personal data via the login. If the request for access is made by electronic means, the information shall also be provided by commonly used electronic means.

Withdrawal of consent

Storage at

When you close your online shop customer account, your personal data will be deleted, except for personal data (purchase history data) that need to be stored for accounting purposes or to resolve consumer disputes.

In the case of disputes relating to payments and consumer disputes, personal data will be kept until the claim is settled or the limitation period expires.

Personal data contained in the accounting records are kept for seven years.

Restriction

You have the right to request the restriction of the processing of your personal data if the data is inaccurate or incomplete or if your personal data is processed unlawfully.

Objections

The customer has the right to object to the processing of his/her personal data if he/she has reason to believe that there is no lawful basis for the processing of his/her personal data.

Deletion

In order to delete personal data, you must contact customer support by e-mail. A reply to the deletion request will be given within one month at the latest, specifying the period of deletion. The reply to the request will also indicate which personal data will not be deleted and on what legal basis and for what reason.

Transfer to

Requests for the transfer of personal data made by e-mail will be answered within one month at the latest. The customer support will verify the identity and notify the personal data to be transferred.

Direct marketing communications

The email address and telephone number will be used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing communications, he/she should select the appropriate reference in the footer of the e-mail or contact customer support.

Dispute resolution

Disputes relating to the processing of personal data can be resolved through the Customer Support at info@goldlightcodes.com. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).