We will do everything in our power to protect the privacy of our customers.
By using our websites, you agree to our rules for and terms and conditions of data processing.
We confirm that our personal data (hereinafter also ‘data’) processing complies with the relevant legislative acts of the Republic of Estonia and the European Union.
Collection of data
We primarily collect personal data when it is necessary for the identification of customers and contacting them to offer a product or a service or performing a contract as well as fulfilling obligations under the law.
We collect data:
- when you order our services or products, subscribe to a service or an online service, and under other similar circumstances;
- when you use our various online services (for example, the online store) or other services we provide;
- when you visit our website and cookies or the information disclosed on the user account are used;
- when we have legitimate interest (for example, we consider it necessary for developing a product or a service);
- from other sources, if necessary (such as from other service providers or from public registers, for example, from the population register, commercial register, etc.), if it is required for concluding, performing, or ensuring the performance of a contract or fulfilling obligations under the law. In addition, data can be processed based on consent.
Personal data is information which can be directly or indirectly linked to a specific user as a private person. The source of personal data indicates the channel through which or whom we receive personal data.
When placing an order, the data that the person ordering submits is classified as obligatory and voluntary.
Submitting the following information is obligatory for a person placing an order:
(a) First name and surname – necessary for performing and ensuring the performance of the contract;
(b) personal identification code/date of birth – necessary for performing and ensuring the performance of the contract. If the person who places an order plans to pay for the product based on an e-invoice, the personal identification code of the person is necessary for using the banking services. It is also needed if the person ordering does not fulfill their obligations to Chemi-Pharm so the company has to rely on legal remedies;
(c) place of residence/location – this is necessary for performing the contract when ordering products; otherwise, performing the contract becomes impossible, i.e. delivering products is not possible. If the person ordering places an order on behalf of a third party, then the details of the place of residence are not needed; instead, the order should contain the address of the location which is the destination of the products;
(d) email address – necessary for performing and ensuring the performance of the contract and for submitting invoices;
(e) phone number – necessary for performing and ensuring the performance of the contract, including sending notifications in the event of any interruptions in the availability of the services.
Information that can be disclosed voluntarily includes the contact information of the customer if they have consented to the use of their personal data for direct marketing, in the course of which marketing messages might be sent to them. However, customers have the right to opt out of direct marketing communication at any time by sending an email to that effect to our customer service: email@example.com or [email protected].
We provide the visitors of our website with an option to register as a user. When registering as a user, you must disclose certain personal data, such as your name, email address, etc. We can use this information to:
– contact the user;
– inform the user of promotional campaigns as well as new products and services;
– collect data about website traffic and the use of our services.
When using our services, the user must sometimes disclose personal data which they want to forward to another party (recipient), such as their name, email address, etc.
We are entitled to use this information to:
– forward it to the party (recipient) indicated by the user.
When contacting us through our ‘Contact us’ page, the user must enter certain personal data, such as their name, email address, etc. We are entitled to use this information to:
– contact the user;
– respond to a query submitted by the user.
We do not forward personal data to any third parties without the consent of the user, unless such disclosure is required by law.
We also collect statistical data about the website traffic on our websites. This data does not contain any personal data of the users that would enable to identify them and is collected solely for statistical purposes. We are entitled to forward this data to third parties if we so wish.
Identifying visitors of our websites (cookies)
A cookie is a small text file which is sent to the web browser of the user and saved in the device of the user.
We use the following types of cookies:
– session cookies, which are automatically deleted after each visit;
– permanent/persistent cookies, which will remain on the device for repeated visits;
– third-party cookies used by the websites of our partners to which we link (such as Facebook, Google, banks); we do not control these cookies, so please read about the rules of their use on the relevant websites.
Data processing and other authorised persons
Data entered by the user when placing an order is added to our customer register and used for providing the sale service and offering goods.
The customer data needed for mailing goods is forwarded to the company that provides postal services. We undertake to refrain from forwarding registered personal data to unauthorised persons, except in instances provided by law.
The partners of Chemi-Pharm are physical or legal persons who process data on behalf of Chemi-Pharm, the latter being the controller. The third parties are not allowed to use data for any purpose other than to provide the agreed service pursuant to the regulations established by us.
Our partner companies are generally located in Estonia; however, in isolated instances, they could also be located outside Estonia. In case of the latter, we as the controller implement appropriate measures to ensure that the data protection rights of the customers continue to be safeguarded.
According to data processing agreements concluded with our partners, in certain cases, we may be joint controllers of the data, meaning that both Chemi-Pharm and the data processor share the responsibility for data processing equally. In this case, the terms and conditions of data protection of the partner also apply in addition to the terms and conditions of Chemi-Pharm.
We may forward information about our customers to competent state authorities (such as security and surveillance agencies, for example the police, courts, Emergency Response Centre (112)) if such obligation is stipulated by law.
In addition, we may process anonymous or aggregated data which is not linked to you as a private individual. Such data is no longer considered personal data and they can be shared for other purposes and with other parties.
We implement the necessary organisational, physical, and IT security measures to ensure the confidentiality, integrity, and availability of data. The purpose of information security activities is the protection of information by implementing an appropriate level of security, mitigating risks, and preventing threats. The necessary measures are established by the internal security guidelines of Chemi-Pharm.
The communication between the person placing an order and the banks is protected by the SSL security protocol, which ensures that the information exchanged cannot be intercepted or altered by unauthorised persons. The information exchanged between us and the banks is digitally signed.
We follow the principle that forwarding and collecting personal data should be as secure as possible. Nevertheless, it must be taken into account that certain risks exist and no technological system is perfectly secure.
Our employees must comply with requirements regarding the confidentiality of data and personal data protection; they participate in personal data protection courses and the employees are responsible for fulfilling these obligations. Our partners must ensure that their employees follow the same rules as we do and that their employees are responsible for compliance with the regulations regarding the use of personal data.
Although we prioritise the protection of personal data of our clients, the clients also have an important role in successful data protection.
Before disclosing or entering your data to anyone or anywhere, you must always consider whether you know the recipient of the data and the level of its security.
Sharing passwords, user names, ID-card information, and other such sensitive data and means with others is prohibited! In the case of communication and internet services, you should consider that allowing other parties access to your data due to negligence or any other reason also enables them to access the details of services and the data of related persons.
Rights of the customer regarding data
Right of access to personal data
The customer is entitled to access their personal data in our possession at any time. In addition, the customer has a right to be informed about the purposes of processing, types of personal data, the retention period of personal data, and the recipients of personal data to whom we disclose such data. You can access your data by submitting an application to that effect in a format which can be reproduced in writing. Chemi-Pharm has the right to reply to such queries within 30 days.
Right to the rectification of personal data
If a customer has accessed their data and discovered inaccuracies or if the personal data of the customer has changed, the data can always be corrected by informing our customer service.
Right to the erasure of personal data
Under certain circumstances, the customer has a right to have their personal data deleted. This primarily concerns data processing based on consent and justified interest. This includes, for example, marketing profiles, etc. Often, it is not possible to delete personal data completely because we use data for other purposes as well and deleting data related to these purposes prematurely is not allowed due to contractual or legal reasons.
Right to object
The customer is entitled to object to the processing of their personal data, conducted based on our justified interest, at any time. In the case of an objection, we take into consideration our legitimate interest and stop processing the data in question if possible.
This right cannot be relied on when we need to prepare, submit, or defend a legal claim (for example, we believe that the person has violated a contract, and therefore, we must have recourse to court or other law enforcement authority to protect our rights).
Right to restriction of processing
In certain instances provided by law, the customer can restrict the processing of their personal data by informing us expressly through our customer service.
At that, the customer should consider that exercising this right presumes that the objective is stated very clearly and under certain circumstances could result in temporarily suspending the exercise of contractual rights and the fulfilment of obligations.
Right to data portability
The right to data portability provides the customer with additional control over their personal data. We enable the transfer of data in instances stipulated by law.
Data retention period
We retain data for as long as it is necessary for achieving the objectives of using the data or until the statutory limitation period is over and the document storage period provided by law has come to an end (seven years pursuant to the Value-Added Tax Act and the Accounting Act).
The right of recourse to Chemi-Pharm, a supervisory authority, or a court
If clients would like to receive additional information about the use of their personal data or help for exercising their rights, they can always contact our customer service by calling at +372 677 8806 or emailing at [email protected] or [email protected].
The customer is always entitled to have recourse to the Estonian Data Protection Inspectorate or a court to protect their right to privacy and personal data. The Data Protection Inspectorate is a state authority which, among other things, provides consultations or help regarding issues of personal data protection.
Processing of personal data
Personal information which was entered by you on placing the order shall be entered to the Customer register and will be used for provision of sales service and for offering the Goods.
Protection of personal data is secured by security measures. Your personal information that is necessary for mailing of the Goods shall be forwarded to the company providing postal services. We will undertake not to transmit the registered personal data to third parties except for cases prescribed by law.
Communication between You and the bank is protected by SSL security protocol that ensures that the exchange of information cannot be intercepted or altered by unauthorized persons. The information exchanged between us and the Bank is equipped with digital signatures.
Our`s setout principle is that the transfer and collection of personal information should be as secure as possible. Nevertheless, you should consider that certain risks always exist and no technological system is perfectly secure.
WE allow the visitors of the web page to sign up as users. When signing up as a user you have to submit certain data about yourself. For example name, e-mail, etc.
We may use this information for the following purposes:
– to contact you;
– to inform you of special offers, new products and services;
– to collect data on your visiting frequency and services you use.
When signing up as a user you have to submit certain data about yourself, for example name, e-mail, etc. We may use this information for the following purposes:
– to send respective information to the person identified by you (Recipient).
When contacting us via the “Contact” page you have to submit certain data about yourself, for example name, e-mail, etc. We may use this information for the following purposes:
– to contact you;
– to answer to the query submitted by you.
We do not send personal information to any third party without your permission, unless required by legislation.
Automatically collected non-personal information
We may collect statistical data about the frequency of visits and the users of its web page. This information does not contain any identifiable personal information on the users and is collected for statistical purposes only. We may forward the data to third parties.
For the purpose of compiling visitor statistics this web page may use technology that enables us collect technical information of certain type, like for example your IP address, operational system of your computer, type of browser, traffic flows and addresses of any referring websites.