To ensure a secure online environment and guarantee data protection, we strictly comply with legal requirements. In this privacy statement, we provide insight into the manner and purpose of data collection, security measures, retention periods, and contact details.
The online store Scandic Organic (hereinafter referred to as the “store”) is operated by:
- Company: Scandic Organic OÜ
- Address: Tallinn, Estonia
- Registration Number: 12933903
- Email: firstname.lastname@example.org
which is also the provider of e-commerce (hereinafter referred to as “vendor” or “Scandic Organic”).
SECTION 1 – PERSONAL INFORMATION WE COLLECT
Purchases can only be made if you are in possession of a personal account. When you create an account or purchase something from our store, as part of the buying and selling process, we collect the following personal information you provide us with:
• First & last name
• Home & Billing address
• Telephone number
• Your gender
• IP address
• E-mail address
• Date of birth
This data is required to accomplish the delivery. Additionally, when you browse our store, we automatically receive your computer’s internet protocol (IP) address. Based on this information, we can optimize your online experience and simultaneously protect our online environment.
Purpose of data collection
We collect and store account-related data for the following purposes:
a. Carry out our obligations arising from any contracts between you and us, and to provide you with the information, products, and services that you request from us;
b. Set up, manage, and contact you about your account and orders;
c. Carry out market research and analyses;
d. Confirm your age and identity, and to identify and prevent fraud.
With your explicit permission, we may send you newsletters about our store, new products, and other updates. We send newsletters based on expressed consent. The following information is collected in the context of the newsletter:
• First & last name
• Your gender
• E-mail address
Purpose of data collection
The collected data is used to:
a. personalize our emails, including your name and your gender to provide gender-specific content;
You may withdraw your consent at any time by using the link provided in the newsletter or the contact information provided in section 2.
1.3 Customer service
In order to be able to offer appropriate support, our customer support employees have access to account-related information. Consequently, their support will be highly effective and pleasant.
SECTION 2 – CONSENT
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery, or return a purchase, we imply that you consent to our collection of this information to use for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
2.1 How to withdraw consent?
If you change your mind after expressing opt-in consent, you may withdraw your consent for us to contact you for the continued collection, use, or disclosure of your information, at any time, by contacting us at: email@example.com
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so.
SECTION 4 – HOW LONG DO WE KEEP YOUR DATA?
At Scandic Organic.org, data minimalism is of great importance. Therefore, we will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however, the longest we will normally hold any personal data is 10 years.
4.1 Account information
Account-related data remains relevant as long as the consumer is in possession of an account. Therefore, the data remains documented for as long as the account exists. When our customers remove an account, the related data will be deleted within a reasonable period. Requests regarding inspection or correction of stored personal data or the removal of an account can be sent to: firstname.lastname@example.org
Newsletter consent and the associated data remains relevant as long as our customers are registered for the newsletter. Periodically (every month), however, we perform a relevance check. Registered customers (and their personal information) will be deleted whenever customers do not respond to our request. Furthermore, our newsletter communication consists of an opt-out function. Consumers can withdraw their consent with the use of this opt-out function.
SECTION 5 – COOKIES
Cookies are small bits of information that tell your computer about previous interactions with our website. These cookies are stored on your hard drive, not our website. Basically, when you use our website, your computer will show us its cookies, telling our site whether you used it before. This allows our site to operate faster, as well as to remember things related to your previous visits (e.g. username), to make it more convenient for you. At Scandic Organic.org, we use two types of cookies: functional and analytical cookies.
5.1 Functional cookies
Functional cookies are used to improve your online experience. These cookies, inter alia, keeps track of what is placed in the shopping cart. The use of these cookies does not require prior permission.
5.2 Analytical cookies
Analytical cookies are used to carry out market research and analyses. Data gathered with these analytical cookies is anonymized, thus becoming useless to others. The use of these cookies does not require prior permission.
SECTION 6 – THIRD-PARTY SERVICES
Third-party services are required to fulfill transactions and perform our services. In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend you read their privacy policies, so you can understand the manner in which your personal information will be handled by these providers.
In particular, certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party, your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Web analysis service (anonymised data)
On this website, we integrated a component of a web analysis service (with the anonymizer function). Web analysis can be defined as the collection, gathering, and analysis of data regarding the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and to carry out a cost-benefit analysis of internet advertising.
In order to complete deliveries, we make use of a courier service. This courier service performs the shipping between our company and the consumer’s address. In order to complete these logistics, the company requires access to information about the consumer’s name and address.
We use an external mail service provider to send the newsletter. This provider has access to limited account information related to opt-in consent (e.g. email address).
Scandic Organic OÜ is supported by a company specialised in marketing activities and communication activities. Their access to personal information is very limited, and mostly anonymised.
We use external payment services to fulfill transactions (e.g. credit card payments).
SECTION 7 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional, generally accepted industry standards. Account-related information is shielded with a hashing method. This method transforms information into a generated hash. As a result, sensitive information is secured, and is even invisible to us. Moreover, our databases are exceptionally protected against unauthorised persons. For example, access to the database is only possible and permitted by approved IP addresses (e.g. at ‘s headquarters). Other attempts and addresses are refused at all times.
Additionally, data has been anonymized as much as possible. Thus, the data cannot be directly linked to a specific consumer. With this data, however, we could perform market research and analysis. Furthermore, third-party stakeholders (e.g. mailing service) are screened prior to our collaboration, are GDPR compliant, and are provided with a processor agreement.
Digital security measures are subject to changes and must meet high requirements to guarantee the safety of online customers. Therefore we appointed a security manager. Periodical checking and improving of security measures (when necessary) is part of the function.