The controller of personal data on the website is:
MaiWistik OÜ (hereinafter, e-store)
Malmi 6-3, Tallinn
Phone +372 56285173
The personal data processed is as follows:
contact information (telephone number and e-mail address);
payer and delivery address;
bank account number;
cost of goods and services and data related to payments (purchase history);
customer support information;
other information related to customer surveys and/or offers.
The purposes of processing personal data are as follows:
to perform the contract entered into with the client;
to fulfill and secure a legal obligation;
to manage customer orders and transport goods to the destination;
to compile summaries of purchased goods, analyze customer preferences, and improve product quality;
to create and send invoices;
customer support and answering customer questions;
the customer's IP address or other network identifiers are processed for the provision of the e-store as an information society service and for the production of web usage statistics;
to make promotional offers. If a customer does not wish to receive direct marketing communications, they must select the appropriate link in the email footer or contact customer support.
Sharing personal data to a third party
Herbazen keeps the customer's personal data confidential, which has become known to him during the registration and use of the user account, and discloses it to third parties only with the customer's consent, except when the obligation or right to disclose data arises from legislation. The user of the e-store agrees that Herbazen has the right to process his/her data in order to provide services suitable for the customer, including forwarding the customer's data to persons who are involved in the provision of the service by the merchant to the customer.
Personal data is transferred to the authorized processors of the e-store; personal data is processed on the basis of agreements concluded with the e-store and the authorized processors. Authorized processors are obliged to ensure the appropriate safeguards for the processing of personal data.
Upon closing the customer’s e-store account, personal data will be deleted, unless such data needs to be stored for accounting or resolving consumer disputes.
If the purchase in the e-store has been made by a guest (without a user account), the personalized purchase history will be stored for three years.
In the case of disputes related to payments and consumer disputes, personal data will be kept until the claim is fulfilled or the limitation period expires (three years).
Personal data required for accounting purposes shall be kept for seven years.
Personal data stored in the e-store, together with the user account, can be deleted by logging into the e-store account.
Disputes related to the processing of personal data are resolved through MaiWistik OÜ - firstname.lastname@example.org. The supervisory authority is the Estonian Data Protection Inspectorate (email@example.com). Consumer Protection Commission and ODR platform.