Privacy Policy and Personal Data Processing

We place great importance on the protection of your personal data and comply with all legal requirements regarding its processing. Below is a description of how we process your data:

Purpose of personal data processing:

• Processing and fulfillment of orders (payment, delivery, etc.)
• Establishing and maintaining contact with you
• Improving the quality of our services
• Providing a loyalty program in the physical store and on the website
• Fulfilling obligations to you as a customer in accordance with the terms of sale

The data controller of the online store irondust.eu is IRONDUST OÜ, registry code 17177576, phone +372 5880 6001, and email sales@b2birondust.eu (hereinafter referred to as the “merchant”).

WHAT PERSONAL DATA WILL BE PROCESSED?

• Name
• Contact information such as phone number and email address
• Billing and delivery address
• Bank account number
• Price of goods and services and payment-related data (purchase history)
• Customer support data
• Other information related to customer surveys and/or offers

FOR WHAT PURPOSES WILL PERSONAL DATA BE PROCESSED?

Personal data is processed for the performance of a contract concluded with the customer. Processing is also carried out to fulfill legal obligations (e.g., accounting and consumer dispute resolution).
Personal data is used to manage customer orders and deliver goods.
Purchase history data (purchase date, product, quantity, customer data) is used to generate an overview of purchased goods and services and to analyze customer preferences.
Bank account numbers are used to issue refunds to customers.
Personal data such as email address, phone number, and customer name is processed to resolve issues related to the provision of goods and services (customer support).
The IP address or other network identifiers of the online store user are processed to provide information society services and to compile internet usage statistics.

TRANSFER OF PERSONAL DATA TO AUTHORIZED PROCESSORS

The seller keeps the customer’s personal data confidential and discloses it to third parties only with the customer’s consent, except where disclosure is required or permitted by law. The online store user agrees that the seller may process customer data for the purpose of providing services, including transferring data to parties involved in service delivery. Authorized processors include:

Delivery providers:

• DPD
• Itella
• Omniva
• Venipak

Payment providers:

• Paysera
• Swedbank
• SEB
• Luminor
• LHV
• Coop Bank
• Payment Center
• PayPal
• Pocopay

Analytics and statistics:

• Google Analytics
• Facebook

Loyalty programs:

• Loyalty program in the physical store
• Loyalty program on the website

SECURITY AND ACCESS TO DATA

Personal data is stored on servers located within the territory of an EU Member State or a country belonging to the European Economic Area. Data may be transferred to countries recognized by the European Commission as providing an adequate level of data protection, as well as to companies in the United States participating in the Privacy Shield program.
The online store implements appropriate physical, organizational, and technical security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.
Processing by authorized processors is carried out based on agreements concluded with the online store. Processors are required to ensure appropriate security measures when processing personal data.

ACCESS TO AND CORRECTION OF PERSONAL DATA

Personal data stored in the online store can be viewed and corrected in the user account management section. If a purchase was made as a guest (without a user account), a request for personal data can be sent via email to sales@b2birondust.eu.

RETENTION

When a customer account is closed, personal data is deleted unless retention is required for accounting purposes or consumer dispute resolution.
For guest purchases, personalized purchase history is stored for 1 year.
In the case of payment or consumer disputes, personal data is retained until the claim is resolved or the limitation period expires (3 years).
Data required for accounting purposes is retained for 7 years.

DELETION

Personal data stored in the online store, including user accounts, can be deleted by sending an email to sales@b2birondust.eu. You may also request deletion of other personal data via email.

DIRECT MARKETING COMMUNICATIONS

Email addresses and phone numbers are used to send direct marketing communications if the customer has given consent. If the customer does not wish to receive such messages, they may unsubscribe via the link in the email header or contact customer support.
If personal data is processed for direct marketing (profiling), the customer has the right to object at any time to such processing, including profiling related to direct marketing, by notifying customer support.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies to improve user experience and optimize our website. Cookies are small text files stored on your device when you visit the site.

We use the following categories of cookies:
Essential cookies
These cookies are always active and necessary for the proper functioning of the website. They provide core functionality, including security, network management, accessibility, and basic operations. They are typically set in response to user actions such as setting privacy preferences, logging in, or filling out forms. They cannot be disabled.
Analytics cookies
These cookies collect information about how users use the website. This helps us analyze traffic, evaluate marketing effectiveness, and improve website structure and content.
Advertising cookies
These cookies are used to display more relevant advertising based on user interests and may limit ad frequency. The collected information may be shared with advertising partners.
Other cookies
These cookies do not fall into the main categories and may support additional website functionality or services that are not strictly necessary for the site to function.
Users can manage cookie settings at any time via the Cookie Settings section on the website.

LOYALTY PROGRAM AND DISCOUNT CARDS

We may use a loyalty program that includes issuing discount cards. For issuing and using discount cards, we collect and process the following personal data: name, phone number, and email address.
The data is used solely for loyalty program services, including customer identification, issuance and management of discount cards, and providing related customer benefits.

SMS AND EMAIL MARKETING

We may send SMS messages and emails to users who have provided their phone number and/or email address.
Such messages may include service information, transactional notifications, and marketing offers related to our products and services, where permitted by applicable law.
SMS and email communications are sent in compliance with applicable legislation, including reasonable sending frequency and consent requirements where necessary. Users may opt out of marketing messages at any time via the unsubscribe link or other available contact methods.

DISPUTE RESOLUTION

Disputes related to personal data processing are resolved through customer support. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee), as well as the Consumer Protection Commission and the ODR platform.