Processing of personal data

PROCESSING OF PERSONAL DATA

The responsible data processor for the Slept online store is United Beds OÜ (registration code 14855165), located at Tartu mnt 56, Tallinn 10115, phone +372 511 4352, and email slept@slept.ee

What Type of Personal Data is Processed

Name, phone number, and email address;
Delivery address of the goods;
Cost of goods and services, and payment-related data (purchase history);
Customer support data;

Purposes of Processing Personal Data

Personal data is used for managing customer orders and delivering goods.
Purchase history data (purchase date, product, quantity, customer data) is used to compile overviews of purchased goods and services and analyze customer preferences.
Bank account number is used for refunding payments to the customer.
Personal data such as email, phone number, and customer name are processed to resolve issues related to the provision of goods and services (customer support).
The user’s IP address or other network identifiers are processed to provide the online store as an information society service and to create web usage statistics.

Legal basis

Processing of personal data is carried out for the fulfillment of the contract with the customer.
Processing of personal data is carried out to fulfill legal obligations (e.g., accounting and consumer dispute resolution).

Recipients to Whom Personal Data is Disclosed

Personal data is transmitted to the online store’s customer support for managing purchases and purchase history and resolving customer issues.
Name, phone number, and email address are transmitted to the delivery service provider chosen by the customer. In the case of courier-delivered goods, the customer’s address is also disclosed.
If the online store’s accounting is handled by a service provider, personal data is transmitted to the service provider for accounting operations.
Personal data may be transmitted to information technology service providers if necessary for ensuring the functionality or data hosting of the online store.

Security and Access to Data

Personal data is stored on servers owned by Zone Media OÜ, located in the territory of a European Union member state or countries belonging to the European Economic Area.
Access to personal data is granted to online store employees who can see the data to resolve technical issues related to using the online store and to provide customer support.
The online store implements appropriate physical, organizational, and information technology security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.
The transmission of personal data to authorized data processors of the online store (e.g., delivery service providers and data hosting) is carried out based on contracts between the online store and authorized data processors. Authorized data processors are obligated to ensure appropriate protective measures when processing personal data.

Accessing and Correcting Personal Data

Users can review and make corrections to their personal data under their user profile in the online store. For purchases made without a user account, users can review their personal data through customer support.

Withdrawal of Consent

If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent by notifying customer support via email.

Retention

Upon closure of the online store customer account, personal data is deleted, unless such data needs to be retained for accounting or consumer dispute resolution.
If a purchase is made in the online store without a customer account, purchase history is retained for three years.
In case of payment and consumer dispute-related disputes, personal data is retained until the claim is fulfilled or the expiry of the claim.
Personal data required for accounting purposes is retained for seven years.

Deletion

To delete personal data, users need to contact customer support via email. A response to the request for deletion is provided no later than within one month, specifying the data deletion period.

Transfer

A response to requests for the transfer of personal data submitted by email is provided no later than within one month. Customer support will verify the user’s identity and provide information on the data to be transferred.

Direct Marketing Notifications

Email addresses and phone numbers are used to send direct marketing notifications if the customer has given the relevant consent on the Slept website. If the customer does not wish to receive direct marketing notifications, they need to select the corresponding link in the email footer or contact customer support.
If personal data is processed for direct marketing purposes (profiling), the customer has the right to object to the initial and later processing of their personal data, including objecting to analyzing their profile related to direct marketing, at any time by notifying customer support via email.

Dispute Resolution

Disputes related to the processing of personal data are resolved through customer support (slept@slept.ee). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).