The Data Administrator is VJN OÜ, registered in the Estonian e-Business Register with
- registration number: 16201597,
- address: Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115.
What data is collected, how it is collected and used
- When you visit the website, a session identifier is created and stored in a cookie on your machine. A guest record is stored on the server with the session identifier, your IP address, referer, browser's preferred language, operating system type and version, browser type and version. This data is used for statistics and preventing misuse of the website.
- When you add a product to the shopping cart, the cart's contents are stored on the server and linked with the guest record. Updating the shopping cart updates it on the server. At checkout, entering the name, e-mail, company name, VAT number, phone number and addresses stores them on the server. This happens regardless of whether the checkout is completed and an order created. If you create an account, the data is linked with the account. This data is stored to allow you to later return to the cart or checkout process and possibly finish creating the order.
- When you send a review on a product (you must be registered to do so), your name and surname will be displayed publicly along with your review.
- When you send us a message through the contact form, your e-mail, IP address and user agent are stored along with the message on the server. This data is linked to the guest record or registered account. The e-mail is used to reply to the message, and the IP address and user agent are used for preventing misuse of the website.
Sharing the data with third parties
When you create an order, your name, e-mail, phone number and address are shared with:
- the payment provider for processing the payment;
- the shipment provider for shipping the order and processing returns.
When you use the credit/debit card payment method, the card data is sent to the payment provider.
If you are redirected to the website of a payment provider and/or your bank to complete the payment, handling of any data you provide on those websites is governed by their own policies.
Modification and removal of the data
You can modify or remove your data in the following ways.
If you are not registered:
- You can modify or empty your shopping cart in the shopping cart section.
- You can modify or delete your name, e-mail, company name, VAT number, phone number and addresses in the checkout section.
- You can request your personal data or its removal by using the contact form or emailing us at firstname.lastname@example.org. You must provide data to identify the data that should be removed: if you provided your e-mail or name on the website, specify that; if you did not actively provide anything, specify your IP address.
If you are registered, in addition to the above:
- You can modify your name and e-mail on My account -> Information page (also accessible with My account / Personal info link in the page footer).
- You can modify or delete your name, e-mail, company name, VAT number, phone number and addresses on My account -> Addresses page (also accessible with a link in the page footer).
- You can download your data in PDF or CSV format on My account -> GDPR - Personal data page.
All data transferred between the server and your device (besides the initial redirect from the http endpoint) is encrypted with TLS, so any data you provide is encrypted in transit and the website you see is exactly what is sent by the server.
Customer account passwords are stored as hashes.
Backups of the website data are encrypted at rest.