Privacy Policy

PROCESSING OF PERSONAL DATA

The contoller of personal data of the online store CHIBO.EU is Modulfix OÜ (registry code 12628425) located at Vinkli 13, 12618 Tallinn, Estonia, tel. +372 538 19 238 and e-mail info@chibo.eu

What personal data is processed

− name, telephone number and e-mail address;

− address of the goods delivery;

− bank account number;

− cost of goods and services and data related to payments (purchase history);

− customer support details.

For what purpose personal data is processed

Personal data is used to manage customer orders and deliver goods.

Purchase history data (date of purchase, goods, quantity, customer data) is used 

to compile an overview of purchased goods and services and analyse customer preferences.

The bank account number is used to return payments to the customer.

Personal information such as email, phone number, customer name is processed in order to settle 

issues related to delivery of goods and providing services (customer support).

The IP address of the online store user or other network identifiers are processed by the online 

store to provide information society services and for web usage statistics.

Legal basis

Personal data is processed for the purpose of fulfilling the contract concluded with the customer.

The processing of personal data is carried out in order to fulfil a legal obligation (e.g. accounting 

and consumer dispute resolution).

Recipients to whom personal data are transmitted

Personal information is passed to the online store customer support to manage purchases and purchase history, and to resolve customer issues.

The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer address shall also be provided.

If the online store is accounted for by a service provider, personal data will be transferred to

service provider to carry out accounting operations.

Personal data may be transferred to IT service providers if necessary

to ensure the functionality or data hosting of the online store.

Our company is the controller of personal data, our company transmits the personal data 

necessary for the execution of payments to the processor: Maksekeskus AS.

Security and access to data

Personal data is stored on a single server located in a Member State of the European Union or in 

in the territory of the countries acceded to the European Economic Area. Data may be 

transmitted to countries where:

the level of data protection has been assessed as adequate by the European Commission and by 

US companies which joined the Privacy Shield framework. 

Access to personal data is provided to employees of the online store who can access personal 

data in order to: 

solve technical issues related to the use of the online shop and provide customer support service.

The online store shall implement appropriate physical, organisational and information 

technology security measures to:

protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorised 

use access and disclosure.

Transfer of personal data to authorised processors of the online store (e.g. transport service 

provider and data storage) shall take place on the basis of contracts with the online store and with 

processors. Authorised processors are required to provide appropriate safeguards when 

processing personal data.

Access and rectification of personal data

Personal data can be accessed and rectified in the online store user profile. When the purchase is 

made without a user account, personal data can be accessed via the customer support.

Withdrawal of consent

If the processing of personal data is done on the basis of the client’s consent, then the client has 

the right to withdraw his / her consent by notifying customer support via email.

Retention 

Personal data are deleted when a customer account is closed, except for a case when such data 

need to be maintained for accounting or to resolve consumer disputes.

If a purchase is made in the online store without a customer account, the purchase history will be 

stored for three years. In the case of disputes relating to payments and consumer disputes, the 

personal data shall be retained until the claim is fulfilled or the limitation period expires.

The personal data necessary for accounting shall be kept for seven years.

Deletion

To delete personal data, contact customer support by e-mail. A request for deletion will be

answered no later than in a month and the period for data deletion will be specified.

Transfer

A request for the transfer of personal data submitted by e-mail shall be answered within a month 

at the latest.

Customer support shall identify the identity and inform the personal data to be transferred.

Direct marketing messages

E-mail address and phone number are used to send direct marketing messages if the client has 

given their consent. If the customer does not want to receive direct marketing messages, you 

must select the e-mail footer for reference or contact customer support.

If personal data are processed for direct marketing purposes (profiling), the customer has the 

right both to the initial and subsequent processing of personal data, including to object to

profiling related to direct marketing at any time by notifying the customer support via email

(this information must be provided clearly and separately from any other information).

Dispute settlement

Disputes concerning the processing of personal data are resolved through customer support

(CONTACT DATA). The Supervisory Authority is the Estonian Data Protection Inspectorate 

(info@aki.ee).