Please thoroughly examine the privacy terms before providing data to Fenestra, using the services or entering into contracts.
Processing personal data in Fenestra
The data controller is FENESTRA AS (registry code 10333205), registered office at Kaabli 23 a, 10112 Peetri small town, Rae rural municipality, Harju county, telephone +372 606 3260, e-mail: firstname.lastname@example.org
What personal data is processed?
- Name, phone number and e-mail address
- Delivery address
- Bank account number
- Cost of goods and services and payment details (purchase history)
- Customer support details
For what purpose are data processed?
- Personal data is used to manage the customer’s orders and to deliver products.
- Purchase history details (date of purchase, goods, quantity and customer data) are used to prepare overviews of goods and services purchased and to analyse customer preferences.
- The bank account number is used to verify the receipt of payments.
- Personal data such as e-mail address, telephone number and customer’s name are processed in order to resolve issues relating to the provision of products and services (customer support).
- The IP address or other online identifiers of users of the website are processed for the provision of the website as an information society service and for web use statistics.
Legal grounds for processing personal data
Personal data are processed for the purpose of performing a contract entered into with the customer. It is also necessary for performing legal obligations (such as accounting and the resolution of consumer complaints).
The processing of information takes place with the consent of the customer to send newsletters and information on customer surveys and/or offers.
To whom is personal data forwarded?
Personal data is forwarded to customer support to manage purchases and purchase history and to resolve any problems that customers may have.
The name, telephone number, delivery address and e-mail address are forwarded to the provider of transport and installation services.
If an outside service provider handles the accounting, the personal data is forwarded to that service provider to perform the accounting operations.
Personal data may be forwarded to IT service providers if this is needed to ensure the functionality of the website or to host data.
Security and access to data
Personal data is stored in Fenestra’s servers, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to countries whose data protection levels have been assessed as adequate by the European Commission and to companies in the United States that have joined the Privacy Shield framework.
Personal data can be accessed by Fenestra’s employees in order to resolve technical issues related to the use of the website and to provide customer support.
Fenestra takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
Personal data are forwarded to Fenestra’s data processors (such as the providers of installation and data hosting services) and processed under contracts entered into between Fenestra and the processors. The processers must ensure appropriate safeguards when processing personal data.
Access to and rectification of your own personal data
You can access your personal data through customer support and send proposed modifications to email@example.com
Withdrawal of consent
If personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw their consent. To do this, send an e-mail to customer support firstname.lastname@example.org
Retention of personal data
Proceeding from legislation, Fenestra has both the right and obligation to retain collected personal data. Fenestra never retains personal data for longer than necessary to meet its obligations, unless you have consented to further retainment and processing of your data. Fenestra generally retains your personal data for up to 10 years. Data in accounting documents are retained for seven years as required by law.
Deletion of personal data
Personal data deletion requests submitted by e-mail are responded to within no later than one month. Customer support identifies the person and indicates which personal data is to be deleted.
Transfer of personal data
Personal data portability requests submitted by e-mail are responded to within no later than one month. Customer support identifies the person and indicates which personal data is to be transferred.
Direct marketing messages
The e-mail address and telephone number are used for sending direct marketing messages if the customer has consented to receiving such messages.
If the customer no longer wants to receive direct marketing messages, the customer should contact customer service: email@example.com
Where personal data is processed for the purposes of direct marketing (profiling), the customer has the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time. To do this, send an e-mail to customer support: firstname.lastname@example.org
Disputes concerning the processing of personal data are settled through customer support by writing to email@example.com
The supervisory authority is the Estonian Data Protection Inspectorate (firstname.lastname@example.org).
Links to other websites
Fenestra’s website includes links to websites of other companies or organisations, but Fenestra takes no liability for the contents of or the privacy and security measures implemented on such websites.