The controller of personal data of the online store ledhouse.ee is LED House OÜ (registry code 10194229), located at Kadaka tee 3/3, Tallinn, Harjumaa, Estonia.
Tel (+372) 56 202 303 and e-mail email-info.
What personal data is processed
Name, phone number and e-mail address; delivery address; bank account number (for refunds); cost of goods and services and payment-related data (purchase history); customer support data; IP address and other network identifiers.
Purposes of processing personal data
Personal data is used to manage customer orders, deliver goods and communicate with customers.
Purchase history data (date of purchase, product, quantity, customer data) is used for accounting, handling warranties and complaints, and analysing customer preferences.
The bank account number is used solely for processing refunds.
Contact details are processed for providing customer support and resolving issues related to goods and services.
The IP address and other network identifiers are processed to ensure the technical functioning of the online store, security, and the preparation of web usage statistics.
Legal basis
Personal data is processed for the performance of a contract concluded with the customer (GDPR Art. 6(1)(b)).
Personal data is processed for compliance with legal obligations (e.g. accounting and consumer dispute resolution) (GDPR Art. 6(1)(c)).
For direct marketing purposes, personal data is processed based on the customer’s consent (GDPR Art. 6(1)(a)) or legitimate interest where permitted by law.
Recipients of personal data
Personal data is transferred to transport service providers for the delivery of goods (name, phone number, e-mail address and, where necessary, delivery address).
Personal data may be transferred to accounting service providers for accounting operations.
Personal data may be transferred to IT and hosting service providers to ensure the functionality of the online store.
Data processors are bound by agreements ensuring compliance with data protection requirements.
Security and access to data
Personal data is stored on servers located within the European Union or the European Economic Area. If data is transferred outside the EU/EEA, this is done only where an adequate level of data protection is ensured in accordance with a European Commission decision or appropriate safeguards are applied (e.g. Standard Contractual Clauses).
Access to personal data is granted only to employees and service providers who require it to perform their duties.
Appropriate organisational, technical and physical security measures are implemented to protect personal data against unauthorised processing, disclosure, alteration or destruction.
Access and correction
Customers with a user account can view and correct their personal data in their user profile. If a purchase was made without creating an account, personal data can be accessed via customer support.
Data subject rights
The customer has the right to request access to their personal data, rectification, erasure, restriction of processing, data portability, and to object to the processing of personal data.
Withdrawal of consent
If personal data is processed on the basis of consent, the customer has the right to withdraw their consent at any time by notifying customer support via e-mail.
Retention
Upon closure of a customer account, personal data will be deleted unless retention is required to comply with legal obligations or to resolve disputes.
Purchase history for purchases made without a user account is retained for three years.
Personal data required for accounting purposes is retained for seven years in accordance with legal requirements.
In the event of disputes or claims, personal data is retained until the claim is resolved or the limitation period expires.
Erasure
To request the deletion of personal data, the customer must contact customer support by e-mail.
Requests are responded to within one month.
Data portability
Requests for data portability are responded to within one month. Customer support may verify the identity of the applicant before providing the data.
Direct marketing
E-mail addresses and phone numbers are used for sending direct marketing communications only where the customer has given consent or where permitted by law.
The customer has the right at any time to object to the processing of personal data for direct marketing purposes, including profiling.
Dispute resolution
Issues related to the processing of personal data can be resolved through customer support (email-info, tel (+372) 56 202 303).
The supervisory authority is the Estonian Data Protection Inspectorate (infoaki.ee, www.aki.ee).
We use cookies to improve your experience on our site and to show you personalised ads.
Read More: Processing personal data