PRIVACY POLICY

Processing of Personal Data

The data controller for the online store https://blacksunset.ee/epood/ is Blacksunset OÜ (registry code 16513658), located at Hariduse põik 1, Kõrveküla alevik, Tartu vald, Tartu maakond, 60512, Estonia.
Contact: info@blacksunset.ee, tel +372 58 200 900.

What personal data is processed

  • First and last name, phone number, email address

  • Delivery address

  • Bank account number (for refunds)

  • Purchase history and payment data

  • Customer support inquiries and communication history

  • Technical data from website visits

Purposes of processing

  • Order management and delivery of goods

  • Providing customer support and resolving issues

  • Processing refunds

  • Analysing purchase preferences and user experience

  • Ensuring the functionality and security of the online store

  • Direct marketing and personalised offers (with consent)

Legal basis

  • Contractual relationship with the customer

  • Legal obligation (e.g. accounting, consumer disputes)

  • Customer consent (e.g. newsletters, profiling)

Disclosure of personal data

  • To transport service providers (including necessary data for couriers)

  • To accounting service providers

  • To IT service providers (e.g. hosting, e-shop management)

  • To payment solution providers (e.g. Montonio Finance OÜ)

Security and access

  • Data is stored in the EU or in countries with equivalent data protection levels

  • Access is granted only to designated employees on a need-to-know basis

  • Technical and organisational security measures are in place

  • Contracts ensuring data protection have been concluded with authorised processors

Managing personal data by the customer

  • Customers can view and correct their data via their user account or through customer support

  • Consent can be withdrawn at any time by writing to info@blacksunset.ee

  • Deletion and portability of personal data is possible; requests will be responded to within 30 days

  • Data is retained in accordance with the law:

    • Account-related data for as long as the account is active

    • Purchase history for 3 years

    • For accounting purposes for 7 years

Direct marketing and profiling

  • Email is used for newsletters only with the customer’s consent

  • Consent can be withdrawn at any time

  • Customers may prohibit the use of personal data for profiling and direct marketing

Dispute resolution