Privacy policy

The controller of the personal data of the online shop is BellesNord OÜ (registry code 16728175), located at Kallasmaa tn 4, Maardu, 74111, Estonia, e-mail info@bellesnord.com..

I. Which personal data are processed?

• name, phone number and e-mail address;
• delivery address;
• bank account number;
• cost of goods and services and data related to payments (purchase history);
• customer support data;
• IP address.

II. For which purposes are personal data processed?

• Personal data is used to manage the customer’s orders and to deliver goods.
• Purchase history data (date of purchase, goods, quantity, customer data) are used to put together an overview of the goods and services purchased, to analyse customer preferences and, among other things, for the purposes of resolving consumer disputes.
• The bank account number is used to reimburse payments to the customer.
• Personal data such as the e-mail address, telephone number and name of the customer are processed to handle any issues relating to the provision of goods and services (customer support). E-mail is also used in order to forward invoices and the telephone number is used to notify the customer about their goods arriving in the parcel locker.
• The IP address or other online identifiers of users of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.

III. Legal basis

• The purpose of processing personal data is to fulfil the agreement entered into with the customer (managing the customer’s orders, delivery, returning goods and reimbursing payments).
• Personal data are processed in order to fulfil legal obligations (e.g. for accounting).
• The processing of personal data, i.e. the collection of purchase history data for the purposes of resolving potential consumer disputes, is necessary due to the controller’s legitimate interest.

IV. Recipients of personal data

• Name, telephone number and e-mail address are forwarded to the transport service provider selected by the customer. If the goods are delivered by a courier, the customer’s contact details, as well as their address, are forwarded to the courier.
• If an outside service provider handles the accounting for the online shop, the personal data is forwarded to that service provider to perform the accounting operations.
• Personal data may be forwarded to IT service providers if this is needed to ensure the functionality of the online shop or to host data.

V. Security and access to data

• Personal data are stored in the servers, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be forwarded to states whose level of data protection is sufficient according to the European Commission or to a company of a third state to which a safeguard.
• Personal data can be accessed by the staff of the online shop in order to resolve technical issues related to the use of the online shop and to provide customer support.
• The online shop applies the relevant physical, organisational and IT security measures in order to protect personal data from accidental or unlawful destruction, loss, amendment or unauthorised access and disclosure: data exchange with the online shop is carried out via an encrypted connection (TSL); the customer’s passwords are encrypted (password hashes); standard encryption is used when sending e-mails; there is a firewall and a relevant virus protection to protect the online shop’s servers.
• Personal data are forwarded to processors (e.g. the transport service provider and data hosts) on the basis of contracts between the online shop and processors. Upon processing data, the processors are obliged to ensure the relevant safeguards.

VI. Access to and rectification of personal data

• Personal data can be accessed and rectified via the online shop’s user profile or customer support. If a purchase is made without a user account, personal data can be accessed via customer support. If the request to access personal data has been submitted electronically, the information will also be provided via commonly used electronic means.

VII. Withdrawal of consent

• If personal data are processed with the customer’s consent, the customer has the right to withdraw their consent by making relevant changes in the user account’s settings or by notifying customer support via e-mail.

VIII. Storage

• Personal data are erased upon deleting the online shop’s customer account, except for the personal data (purchase history) which are necessary for accounting or to resolve consumer disputes.
• In the event of disputes regarding payments and consumer disputes, personal data are stored until the claim is settled or the limitation period expires.
• The personal data in original accounting documents is stored for seven years.

IX. Restriction

• If the data are incorrect, incomplete or processed unlawfully, the customer has the right to request the restriction of the processing of their personal data.

X. Objections

• The customer has the right to submit objections regarding the processing of their personal data if they have a reason to believe that there is no legal basis to process their personal data.

XI. Erasure

• For the erasure of personal data, customer support should be contacted by e-mail. Requests for erasure are responded to within 15 days and the period of erasure is specified. The response to the request will also indicate which personal data will not be erased, on which legal basis and why.

XII. Direct marketing messages

XIII. Resolution of disputes

• Disputes concerning the processing of personal data are settled through customer support (info@bellesnord.com). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).