Privatumo strategija

Privacy Policy

The website www.hoily.eu is an e-commerce portal operated by HOILY OÜ, registry code 17219524.

This privacy policy applies when a customer uses the HOILY OÜ website and/or submits their personal data via the website or other channels.

The data controller of personal data is HOILY OÜ, registry code 17219524.

HOILY OÜ may authorize other legal entities (authorized processors) to process personal data, provided that a contract has been concluded with such processor, under which the authorized processor is obliged to keep the processed personal data confidential and ensure data protection in accordance with the requirements established by law.

Which personal data is processed

  • Name, phone number, and email address;

  • Delivery address of goods;

  • Bank account number;

  • Cost of goods and services and payment-related data (purchase history);

  • Customer support information.

Purpose of personal data processing

  • Personal data is processed for the purpose of fulfilling the purchase agreement concluded with the customer.

  • Personal data is processed to fulfill a legal obligation (e.g., accounting and resolution of consumer disputes).

  • Personal data is used to manage customer orders and deliver goods.

  • Purchase history data (purchase date, goods, quantity, customer data) is used to prepare overviews of purchased goods and services and to analyze customer preferences.

  • Bank account numbers are used to refund payments to the customer.

  • Personal data such as email address, phone number, and customer name is processed to resolve questions related to the provision of goods and services.

Legal basis

  • Personal data is processed for the purpose of fulfilling the contract concluded with the customer.

  • Personal data is processed to comply with a legal obligation (e.g., accounting and resolution of consumer disputes).

  • Data processing is carried out with the customer’s consent for activities such as marketing, informing about new products, and campaigns of interest to the customer.

Transfer of personal data to authorized processors

HOILY OÜ keeps the customer’s personal data confidential and discloses it to third parties only with the customer’s consent, except when the obligation or right to disclose data arises from legal acts.

The e-shop user agrees that HOILY OÜ has the right to process their data to provide suitable services, including transferring customer data to persons involved in providing services to the customer on behalf of HOILY OÜ (accounting, transportation, payment link).

HOILY OÜ transfers the personal data necessary for payment processing to the authorized processor Maksekeskus AS.

Security and access to data

The e-shop implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, and disclosure.

The transfer of personal data to authorized e-shop processors is based on contracts concluded between the e-shop and the authorized processors. Authorized processors are required to ensure appropriate protective measures when processing personal data.

Accessing and correcting personal data

Personal data stored in the e-shop can be viewed and corrected via the user account. If a purchase was made as a guest (without a user account), inquiries or requests to change personal data can be submitted to the authorized representative (employee) of HOILY OÜ.

Withdrawal of consent

If personal data is processed based on the customer’s consent, the customer has the right to withdraw consent by notifying customer support via email: info@hoily.eu

Retention

When a customer account is closed, personal data is deleted, except when such data must be retained for accounting or resolving consumer disputes.

In the case of disputes related to payments or consumer issues, personal data is retained until the claim is fulfilled or until the statute of limitations expires (three years).

Personal data required for accounting is retained for seven years.

Deletion

To delete personal data and a user account stored in the e-shop, the customer must submit a written request to info@hoily.eu. Data will be deleted if retention is not required for accounting or resolving consumer disputes.

Direct marketing messages

Email addresses are used to send direct marketing messages if the customer has given consent. If the customer does not wish to receive direct marketing messages, they should use the relevant link in the email header or contact customer support at info@hoily.eu.

Dispute resolution

Disputes related to the processing of personal data are resolved via customer support at info@hoily.eu.

The supervisory authority is the Estonian Data Protection Inspectorate – info@aki.ee