Terms of privacy
- What types of personal information does Astri process?
- Personal identification information and general information – name, surname, personal identification number, gender, Online shop username;
- Contact information – postal address, e-mail address, telephone number;
- Consumer behaviour data – preferred parcel machines, preferred payment methods, preferred Centres, previously viewed products, data from previous searches, sizes for clothes and footwear, etc.;
- Purchase data – receipt numbers, discount codes, account number, completed orders and purchases (including products, sums, store), gift card usage, etc.;
- Customer feedback – favourite products, favourite stores, ratings, e-mail statistics, etc.;
- Online store digital data – online cookies, login information, etc.
How does Astri collect personal information?
- registers an Astri ID account (hereinafter account);
- enters the account information;
- performs searches and selects goods;
- makes a purchase and places an order;
- participates in campaigns (e.g., coupon campaigns organised at the Centres);
- participates in the loyalty programme;
- transfers information via the Astri Group Customer Support.
- Astri collects online cookies for all Web site visitors (including non-registered users).
What is the purpose of processing personal information?
- Astri processes the user’s first name, telephone number, address (if you choose delivery by courier), and e-mail address primarily for the purposes of selling and delivering goods and preparing, concluding, executing of a contract, as well as resolving any contractual disputes.
- If the user has transferred personal information to Astri, the user may also voluntarily give Astri permission to provide the user with information about their products (including Online store and various Centres) and services (direct marketing offers). If such permission is given, the Astri will process personal information for submitting offers, including personalised offers. The user can register the corresponding permission during signup or later on their account page https://astri.ee/account/ (hereinafter via their account). To receive better offers, the user can add info about their gender, preferred location of purchase, favourite products, personal identification code, etc. Granting consent to direct marketing offers is voluntary and the user is entitled to withdraw their consent at any time via their account. This means that processing is terminated after consent is withdrawn.
- Astri may also process personal information in other cases, where consent is given (for example, in the case of a loyalty programme or during participation in campaigns), in which case the purpose of processing shall be specified in the consent acquisition process. Each consent given for processing is voluntary and can be withdrawn at any time. This means that processing is terminated after consent is withdrawn.
- Astri processes personal information to ensure fulfilment of the obligations arising from legislation. These obligations derive mainly from the European Union General Data Protection Regulation, the Personal Data Protection Act, the Law of Obligations Act, and other applicable laws. For example, data on user purchases is processed by Astri as part of these legal obligations, which is required for accounting purposes.
- Astri processes personal information if the company has legitimate interest, including for business interests and security (detection and prevention of fraud) reasons. For example, Astri has a legitimate interest in maintaining user information to protect their rights during the limitation period for claims arising from the contract. Astri may also process data related to consumer behaviour based on legitimate interest. Astri collects data on user preferences for payment methods, parcel machines, and postal addresses, shops viewed, products and offers, searches, participation in campaigns, and other consumer behaviour, to provide the user with the most satisfying shopping experience and personalised service. In each case, Astri thoroughly assesses whether their interests for processing outweigh the interests and rights of the user. If Astri finds that processing is justified, they shall take adequate measures to ensure the protection of the user’s rights, including the fairness, impartiality, and accuracy of processing.
- Because of legislation, Astri has the right and the responsibility to store collected personal data. Astri shall not store personal information for longer than is necessary for the performance of Astri’s obligations arising from the legislation or those taken towards the user, or for the submission or defence of legal claims, unless the user has given permission for the extended storage and processing of data.
- Data related to the user account and purchases is usually stored by Astri during the active period of the account and three years and three months after account deletion. If Astri has a reason to believe that the user has deliberately violated obligations taken towards Astri, then Astri is entitled to store user data for 10 years and three months after account deletion. You can submit an application for the deletion of your account via your account.
- Astri will keep your account within 5 years of your last purchase (active account), unless you have directly expressed the wish for deleting the account. If you have not made any purchases within 5 years, Astri will send you an inquiry to verify the activity of the account. If you do not respond to the inquiry within the time limit specified therein, Astri shall assume that your account is inactive and may delete your account.
- Astri maintains accounting records, including personal data contained therein, for a seven-year period from the end of the financial year, during which the business transaction was recorded in the accounting register as specified in the source document.
- If you would like more information about how your data is being stored, please submit an application via your account.
To whom does Astri transmit personal information?
- In general, Astri guarantees that the processing and storage of information takes place on the territory of the European Union, except for the user’s e-mail address, which the user has allowed to be used for making direct marketing offers. Astri may also use the services of data processors whose servers are located outside the European Union. Astri will ensure the complete security of your personal data, based on, among other things, the EU-US Privacy Shield Framework, or through the use of other data protection measures required by law.
- Astri will also disclose personal information if Astri has a legal obligation to do so. Such an obligation for data disclosure may arise, for example, at the legitimate request of the authorities.
Which rights does the user have with regard to the processing of their personal data?
- Astri processes personal information in a manner consistent with the user’s rights and freedoms and in accordance with applicable law.
- The user is entitled to receive information about the types and sources of personal information collected, as well as the purposes for which they are being used. The user can view the collected data in the Online store on their account page. The user is entitled to receive copies and extracts of the personal data processed by Astri. The user has the right to demand the transfer of personal data, including the transfer of personal data to another data controller. The required data is transmitted by e-mail in a machine-readable format.
- If the data is incorrect or inaccurate, the user has the right to request to have their data updated or corrected.
- the personal data is no longer needed for the purpose for which Astri processed them;
- the user withdraws their consent for processing and no other legal basis for the processing of their personal data exists;
- the user objects to the processing of personal data and no legitimate overriding reasons for continued processing exist;
- personal data has been processed illegally;
- personal data must be erased to comply with a legal obligation.
- Please send all questions and requests regarding the processing of your personal information via your account. If you do not have a personal Online store account or you are unable to use it for some reason (for example, you are unable to log in), then you can contact Astri by e-mail: firstname.lastname@example.org. Astri will respond to questions and requests within one month of notification of the question or request. Disputes shall be resolved through negotiation.
- If the user is of the opinion that Astri has violated the user’s rights and it has not been possible to resolve the dispute by negotiation, the user has the right to contact the Data Protection Inspectorate or a competent court.