0

Personal data processing

Home
/
Personal data processing

Privacy Policy

The data controller for the personal data of the padellocus.com online store is TOMAND OÜ (registry code 16531308) located at (Akadeemia tee 47, 12601, Tallinn, Estonia), tel +372 58237676 and email info@padellocus.com.
The controller has appointed a data protection officer whose contact details are: tel 58237676 and email toomas@padellocus.com (applies to those who have an appointed data protection officer).

What personal data is processed

  • name, phone number, and email address;
  • delivery address for goods;
  • cost of goods and services and payment-related data (purchase history);
  • customer support data;
  • IP address;
  • This is a non-exhaustive sample list;
The list should only include the types of personal data that are actually processed/collected. It is definitely recommended to coordinate or double-check this technical info with the e-store creator/developer regarding which network identifiers and other data the web server stores in the log.

For what purpose personal data is processed

Personal data is used to manage customer orders and deliver goods.

Purchase history data (date of purchase, item, quantity, customer details) is used to compile overviews of purchased goods and services, analyze customer preferences, and, among other things, resolve consumer disputes.

The bank account number is used to issue refunds to the customer.

Personal data such as email, phone number, and customer name are processed to resolve issues related to the provision of goods and services (customer support). Email is also used for sending invoices, and the phone number is used to notify the customer of goods arriving at a parcel terminal.

The IP address or other network identifiers of the online store user are processed to provide the online store as an information society service and for web usage statistics.

This is a sample list that must correspond to the list in the previous point, and the purpose of processing for each type of personal data must match the actual processing purpose.

Legal basis

Personal data is processed for the purpose of performing the contract concluded with the customer (managing customer orders, delivery, returning goods and payments).

Personal data is processed to fulfill a legal obligation (e.g., accounting).

Processing of personal data is necessary for the controller’s legitimate interest, which consists of collecting purchase history data for the purpose of resolving potential consumer disputes.

Before using legitimate interest, a legitimate interest assessment must be prepared (guide). The analysis must be added either to the privacy policy or a specific reference must be added on how to access the legitimate interest assessment (e.g., to review the legitimate interest assessment, send an email to dataprotection@company). See GDPR Article 13(1)(d).

Data processing takes place with the customer’s consent for the following activities: _____ (applies to those who process personal data
outside the terms of use, e.g., profiling, direct marketing.

The customer must be informed of the processing in advance, and a separate confirmation must be obtained for consent).

Recipients to whom personal data is transferred

Personal data is transferred to the online store’s customer support for managing purchases and purchase history and for resolving customer issues. (applies only if the customer support service is provided by another party external to the e-store)

Name, phone number, and email address are transferred to the transport service provider chosen by the customer. In the case of goods delivered by courier, the customer’s address is also transferred in addition to the contact details.

If the online store’s accounting is handled by a service provider, personal data is transferred to the service provider for accounting operations.

Personal data may be transferred to information technology service providers if necessary to ensure the functionality of the online store or data hosting.

Security and access to data

Personal data is stored on ____ servers located in the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission or to a company in a third country that is subject to a safeguard measure referred to in Article 46, 47, or 49(1) of the General Data Protection Regulation.

A specific safeguard measure and a reference to how a person can access it must be highlighted (e.g., if the e-store additionally relies on the European Commission’s standard data protection clauses with a third-country service provider). See GDPR Article 13(1)(f).

Access to personal data is granted to online store employees who can review personal data to resolve technical issues related to the use of the online store and provide customer support services.

The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure, which include: (list the security measures used in the e-store here. For example, data exchange with the e-store takes place via an encrypted connection (TLS), customer passwords are stored encrypted (hashes), standard encryption is used when sending emails, a firewall and appropriate antivirus software are implemented to protect e-store servers, regular backups are created and stored separately from the e-store server, etc.)

The transfer of personal data to recipients who are authorized processors of the online store (e.g., transport service provider and data hosting) takes place on the basis of contracts concluded between the online store and the authorized processors.

Authorized processors are required to ensure appropriate safeguards when processing personal data in accordance with Article 28 of the General Data Protection Regulation.

Accessing and correcting personal data

Personal data can be accessed and corrections made in the online store user profile or via customer support. If the purchase was made without a user account, personal data can be accessed via customer support. If the request for access to personal data is submitted electronically, the information will also be provided through commonly used electronic means.

Withdrawal of consent

If personal data is processed on the basis of the customer’s consent, the customer has the right to withdraw consent under the customer account settings or by notifying customer support via email.

Retention

When an online store customer account is closed, personal data is deleted, except for personal data (purchase history data) that needs to be retained for accounting purposes or for resolving consumer disputes.

In the case of disputes related to payments and consumer disputes, personal data is retained until the claim is satisfied or the limitation period expires.

Personal data contained in accounting source documents is retained for seven years.

Restriction

The customer has the right to request the restriction of the processing of their personal data if the data is incorrect or incomplete, or if their personal data is being processed unlawfully.

Objections

The customer has the right to object to the processing of their personal data if they have reason to believe that there is no legal basis for processing their personal data.

Deletion

To delete personal data, contact customer support via email. Deletion requests will be answered no later than within a month, and the period for data deletion will be specified.

The response to the request will also highlight the personal data that will not be deleted and on what legal basis and for what reason.

Portability

Requests for the portability of personal data submitted via email will be answered within a month at the latest. Customer support will verify the identity and notify of the personal data subject to portability.

Direct marketing messages

The email address and phone number are used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, they should select the corresponding link in the footer of the email or contact customer support.

If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to both the initial and further processing of their personal data, including profiling related to direct marketing, by notifying customer support via email (this information must be presented clearly and separately from any other information).

If profiling takes place, information must be provided about the logic used and the significance and envisaged consequences of such processing of personal data for the data subject (see GDPR Article 13(2)(f), Article 14(2)(g), and GDPR Recital 60).

Dispute resolution

Disputes related to the processing of personal data are resolved through customer support (CONTACT DETAILS). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).

Padellocus.com

Facebook Instagram Tiktok Youtube Telegram

Our physical store is located in the Cool Padel hall. Akadeemia tee 47, Tallinn.
Entrance with door code 1199#.

Store opening hours:
Tue, Wed, Thu, Fri - 12:00 PM-7:00 PM
Sat, Sun - 11:00 AM-5:00 PM
Mon - Closed

Shop

Information

Company

Tomand OÜ

Tel.: +372 58 23 76 76
Email: info@padellocus.com
Reg. code: 16531308
Address: Akadeemia tee 47, 12601 (in Cool Padel hall), Tallinn, Estonia

Padellocus 2025 | All rights reserved | Website by Digituul

Shopping Cart0

No products in the cart.