Last update: January 2020
Our website www.bymukk.com (SITE) and www.mukk.eu (SITE) are provided to you by Mukk Cosmetics OÜ, an Estonian company with registry code 14095335, (by mukk, us or we). The SITE provided by us is referred to as our SERVICE. If you choose to use our SERVICE, then you as a CLIENT/CUSTOMER/USER agree to the collection and use of information in relation to this policy.
What personal data are processed?
-name, phone number, and email address;
-delivery and billing address (street name and number, postal code, city, region, and country);
-payment details and bank account number
-cost of goods and services and data related to payments (purchase history);
-customer support data.
Why personal data are processed?
We retain and use your personal data for the following purposes:
Responding to your questions by email or by phone
Personal data such as email, phone number and the CUSTOMER'S name are processed to handle any issues relating to the provision of goods and services (customer support)
Fulfilling and managing your orders and delivering goods
We will use your personal data when fulfilling and managing matters related to your order and for proper handling also share your information with third parties. The bank account number is used to reimburse payments to the CUSTOMER. We will also use your information to contact you with matters relating to your order.
Updating you about our policies
Informing you about the products, services, and promotions
We send out a newsletter to keep you updated about the offers and news that take place on our SITE. You will be added to the newsletter mailing list. Each newsletter contains a link through which it is possible to unsubscribe from our newsletter.
Data research and development
The IP address or other web identifiers of a USER of the SITE are processed for the provision of the SITE as an information society service and for web use statistics.
Purchase history details (date of purchase, goods, quantity, customer’s data) are used for preparing summaries of goods and services purchased and for analyzing customer preferences.
- Personal data are processed for the purpose of performing a contract concluded with the CUSTOMER.
- Personal data are processed for performing legal obligations (such as accounting and the settlement of consumer complaints).
RECIPIENTS OF PERSONAL DATA
We process your data within our company and may need to provide your personal data to third parties.
Personal data are transmitted to the customer support of the SITE for managing purchases and purchase history and for settling any problems that the CUSTOMERS may have.
The name, phone number, and email address are transmitted to the transport service provider selected by the CUSTOMER. When the goods are delivered by a courier (Itella Estonia OÜ or DPD Eesti AS), the CUSTOMER’S address is also transmitted together with the contact details.
Our SITE is kept by a service provider and the personal data are transmitted to the service provider for performing accounting operations.
Personal data may be transmitted to IT service provider Edicy OÜ for ensuring the functionality of the SITE or for data hosting.
Mukk Cosmetics OÜ is the responsible personal data processor, Mukk Cosmetics transmits the necessary personal data for the execution of payments to the processor Maksekeskus AS.
In exceptional circumstances, such as in the event of suspicion of fraud or misuse of the site, we may hand over personal data to the appropriate authorities.
SECURITY AND ACCESS TO DATA
All our employees and business partners are obliged to process your personal data on our instructions and are subject to a duty of confidentiality.
Personal data are stored in centralized databases, which are located in Estonia, on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to the countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the USA who have joined the Privacy Shield framework.
Personal data can be accessed by the staff of the SITE in order to settle technical issues related to the use of the SITE and to provide customer support.
The SITE takes appropriate physical, organizational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.
Personal data are transmitted to the data processors of the SITE (such as the providers of transport and data hosting services) and processed under contracts concluded between the SITE and the processors. The processors must ensure appropriate safeguards when processing personal data.
We have security measures in place to reduce the likelihood of misuse, loss, and unwanted disclosure of, and unauthorized access to, personal data.
Online purchases are stored for three years in the purchase history.
In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period.
Personal data needed for accounting purposes are stored for seven years.
Right to access and rectify your data
You have the right to receive information if we process your Personal Data and require your Personal Data to be corrected if it is incorrect. Personal data can be accessed through customer support.
Right to withdraw consent
Where personal data are processed on the basis of the CUSTOMER’S consent, the CUSTOMER has the right to withdraw his/her consent by notifying customer support by email.
Right to erasure your data
In certain cases, you have the right to have your Personal Data deleted. This applies for example if the processing is based on consent and consent is withdrawn. For the erasure of the personal data, customer support must be contacted via email. The requests of erasure are responded to no later than within one month and the period of erasure shall be specified.
Right to transfer of your data
Requests to transmit personal data submitted via email are responded to within one month. Customer support identifies the person and indicates what personal data are to be transmitted.
Right to object direct messages
Email addresses and phone numbers are used for sending direct marketing messages if the CUSTOMER has given the respective consent. If the CUSTOMER does not want to receive direct marketing messages, the CUSTOMER should select the relevant link at the footer of the email or contact customer service.
Right not to be subject to automated decision-making, including profiling
Where personal data are processed for direct marketing purposes (profiling), the CUSTOMER has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support thereof via email (the respective information must be submitted clearly and separately from any other information).
Right to submit complaints
Disputes concerning the processing of personal data are settled through customer support email@example.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access. The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).