Terms of privacy
- What types of personal information does Astri process?
- Personal identification information and general information – name, surname, personal identification number, gender, Online shop username;
- Contact information – postal address, e-mail address, telephone number;
- Consumer behaviour data – preferred parcel machines, preferred payment methods, preferred Centres, previously viewed products, data from previous searches, sizes for clothes and footwear, etc.;
- Purchase data – receipt numbers, discount codes, account number, completed orders and purchases (including products, sums, store), gift card usage, etc.;
- Customer feedback – favourite products, favourite stores, ratings, e-mail statistics, etc.;
- Online store digital data – online cookies, login information, etc.
How does Astri collect personal information?
- registers an Astri ID account (hereinafter account);
- enters the account information;
- performs searches and selects goods;
- makes a purchase and places an order;
- participates in campaigns (e.g., coupon campaigns organised at the Centres);
- participates in the loyalty programme;
- transfers information via the Astri Group Customer Support.
- Astri collects online cookies for all Web site visitors (including non-registered users).
What is the purpose of processing personal information?
- Astri processes the user’s first name, telephone number, address (if you choose delivery by courier), and e-mail address primarily for the purposes of selling and delivering goods and preparing, concluding, executing of a contract, as well as resolving any contractual disputes.
- If the user has transferred personal information to Astri, the user may also voluntarily give Astri permission to provide the user with information about their products (including Online store and various Centres) and services (direct marketing offers). If such permission is given, the Astri will process personal information for submitting offers, including personalised offers. The user can register the corresponding permission during signup or later on their account page https://astri.ee/account/ (hereinafter via their account). To receive better offers, the user can add info about their gender, preferred location of purchase, favourite products, personal identification code, etc. Granting consent to direct marketing offers is voluntary and the user is entitled to withdraw their consent at any time via their account. This means that processing is terminated after consent is withdrawn.
- Astri may also process personal information in other cases, where consent is given (for example, in the case of a loyalty programme or during participation in campaigns), in which case the purpose of processing shall be specified in the consent acquisition process. Each consent given for processing is voluntary and can be withdrawn at any time. This means that processing is terminated after consent is withdrawn.
- Astri processes personal information to ensure fulfilment of the obligations arising from legislation. These obligations derive mainly from the European Union General Data Protection Regulation, the Personal Data Protection Act, the Law of Obligations Act, and other applicable laws. For example, data on user purchases is processed by Astri as part of these legal obligations, which is required for accounting purposes.
- Astri processes personal information if the company has legitimate interest, including for business interests and security (detection and prevention of fraud) reasons. For example, Astri has a legitimate interest in maintaining user information to protect their rights during the limitation period for claims arising from the contract. Astri may also process data related to consumer behaviour based on legitimate interest. Astri collects data on user preferences for payment methods, parcel machines, and postal addresses, shops viewed, products and offers, searches, participation in campaigns, and other consumer behaviour, to provide the user with the most satisfying shopping experience and personalised service. In each case, Astri thoroughly assesses whether their interests for processing outweigh the interests and rights of the user. If Astri finds that processing is justified, they shall take adequate measures to ensure the protection of the user’s rights, including the fairness, impartiality, and accuracy of processing.
How long does Astri store personal data?
- Because of legislation, Astri has the right and the responsibility to store collected personal data. Astri shall not store personal information for longer than is necessary for the performance of Astri’s obligations arising from the legislation or those taken towards the user, or for the submission or defence of legal claims, unless the user has given permission for the extended storage and processing of data.
- Data related to the user account and purchases is usually stored by Astri during the active period of the account and three years and three months after account deletion. If Astri has a reason to believe that the user has deliberately violated obligations taken towards Astri, then Astri is entitled to store user data for 10 years and three months after account deletion. You can submit an application for the deletion of your account via your account.
- Astri will keep your account within 5 years of your last purchase (active account), unless you have directly expressed the wish for deleting the account. If you have not made any purchases within 5 years, Astri will send you an inquiry to verify the activity of the account. If you do not respond to the inquiry within the time limit specified therein, Astri shall assume that your account is inactive and may delete your account.
- Astri maintains accounting records, including personal data contained therein, for a seven-year period from the end of the financial year, during which the business transaction was recorded in the accounting register as specified in the source document.
- If you would like more information about how your data is being stored, please submit an application via your account.
To whom does Astri transmit personal information?
- In general, Astri guarantees that the processing and storage of information takes place on the territory of the European Union, except for the user’s e-mail address, which the user has allowed to be used for making direct marketing offers. Astri may also use the services of data processors whose servers are located outside the European Union. Astri will ensure the complete security of your personal data, based on, among other things, the EU-US Privacy Shield Framework, or through the use of other data protection measures required by law.
- Astri will also disclose personal information if Astri has a legal obligation to do so. Such an obligation for data disclosure may arise, for example, at the legitimate request of the authorities.
Which rights does the user have with regard to the processing of their personal data?
- Astri processes personal information in a manner consistent with the user’s rights and freedoms and in accordance with applicable law.
- The user is entitled to receive information about the types and sources of personal information collected, as well as the purposes for which they are being used. The user can view the collected data in the Online store on their account page. The user is entitled to receive copies and extracts of the personal data processed by Astri. The user has the right to demand the transfer of personal data, including the transfer of personal data to another data controller. The required data is transmitted by e-mail in a machine-readable format.
- If the data is incorrect or inaccurate, the user has the right to request to have their data updated or corrected.
- The user has the right to request the deletion of personal data. User data shall not be deleted and processing shall not be terminated if the request is in conflict with the obligation to process personal data or if another reason for the continued processing exists. The termination of the processing of personal data may hinder the provision of services. In particular, the user has the right to request the termination of the processing of and the deletion of personal information if:
- the personal data is no longer needed for the purpose for which Astri processed them;
- the user withdraws their consent for processing and no other legal basis for the processing of their personal data exists;
- the user objects to the processing of personal data and no legitimate overriding reasons for continued processing exist;
- personal data has been processed illegally;
- personal data must be erased to comply with a legal obligation.
- Please send all questions and requests regarding the processing of your personal information via your account. If you do not have a personal Online store account or you are unable to use it for some reason (for example, you are unable to log in), then you can contact Astri by e-mail: firstname.lastname@example.org. Astri will respond to questions and requests within one month of notification of the question or request. Disputes shall be resolved through negotiation.
- If the user is of the opinion that Astri has violated the user’s rights and it has not been possible to resolve the dispute by negotiation, the user has the right to contact the Data Protection Inspectorate or a competent court.
- Astri collects cookies from all visitors of the website (including non-users). Cookies are small
text files stored on your device (computer, phone, tablet, etc.) by your browser. Cookies are
used primarily to ensure the good and efficient operation of the website and a more
convenient and personal user experience. Cookies collect information about how you use
the website. They also store data on your device to help you log in to your account and
remember the contents of your shopping cart in the online store and analyse your visits to
our website. Cookies do not collect data from your device.
disable cookies at any time by changing your browser settings. If you wish to remove
previously stored cookies from your device, you must change your browser settings or
delete the cookies manually. You can disable all cookies in your browser. When disabling
cookies, not all parts of the website may function properly and you may experience
disruptions in using the website.
- The website of Astri uses session cookies and persistent cookies. Session cookies are stored
on your device when you use the browser and deleted from your device after you close the
browser. Persistent cookies are stored on your device in-between browser sessions.
Persistent cookies allow saving your preferences or activities when using the website.
Persistent cookies remain on your device after you close your web browser and are stored
until you delete the cookies from web browser.
- The website of Astri uses the following types of cookies: necessary cookies, analytical
cookies, and third-party cookies.
Necessary cookies are used to ensure the correct and secure operation of the website. They
are essential for using the website and making sure that all of its functions are available.
Analytical cookies collect information about our website traffic, how people reach the
website, etc. Analytical cookies help us to improve the overall user experience. Third-party
cookies enable us to display personalised and relevant ads that a visitor may also see later
when they visit other websites.
- Please note that the website of Astri contains links to various public social media channels
of the Astri Group and its online store partners, as well as to the websites of third parties.
Astri is not responsible for the content or security of third-party websites. It is the
responsibility of the owners of these websites. If you visit any third-party websites or social
- If you post messages, pictures, or comments on the public social media pages of Astri or
share Astri’s social media messages on your social media account, please note that the
information on public social media channels is available to any user and visitor of that social
media channel. If you share data on social media, we recommend that you make sure in
advance that this is the data you wish to disclose.