Privacy and data protection policy for wisby.eu services
By registering as a user on the website www.wisby.eu or business.wisby.eu, you entrust your personal data to Bide Technology OÜ (hereinafter 'the company' or 'us') and grant us the right to process the data to the extent, in the manner, and for the purposes set out in this privacy and data protection policy (hereinafter 'the policy') and the rules for purchases and sales in the company's online store (hereinafter 'the rules').
If you do not accept the terms or individual rules set out in the policy, we will not be able to provide you with full access to the services offered by the company.
Before using the services, please read the terms set out in the privacy and data protection policy for the company's services carefully. This policy covers the following topics:
- who we are,
- what constitutes personal data,
- the types of information we collect about you and how we use it,
- how we collect or acquire data about you,
- automated processing,
- profile analysis,
- who has access to your personal data,
- where we store your personal data,
- how long we retain your personal data,
- the security of your personal data,
- your rights and options,
- contact details of relevant parties.
You are required to read this policy independently each time before using the company's services.
Please note that both the policy and its terms may be changed, supplemented, or updated from time to time.
Personal data is any information that is collected about a person or based on which a person can be identified.
We respect your confidentiality, which is why the security of your personal data is a priority for us. We use appropriate organisational and technical measures to ensure that your personal data are always securely protected and that our data processing operations are in accordance with the requirements of data protection legislation, and our internal policies.
We may process your personal data in accordance with this policy on the following legal bases:
- The processing of personal data is necessary to fulfil our legal obligations.
- The processing of personal data is necessary for the performance of the contract concluded with you.
- The processing of personal data is necessary in the legitimate interest of us or a third party, in particular our economic, commercial and financial interests; business continuity; and to protect the security and confidentiality of customer information and products.
- Processing of personal data with your consent.
- THE TYPES OF INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT
1.1. Registration, verification, management, and communication
By registering as a user on the company's website or in our mobile application, you agree to a set of terms of this policy under which you must provide us with the information specified in the table below to enable the company to provide its services. Without providing this information we will not be able to offer our services to you.
By registering, you are declaring that the submitted personal data is accurate and that you are at least 16 (sixteen) years of age. Any inaccuracies in the submitted personal data must be corrected immediately. The company cannot be held liable for any incorrect or incomplete personal data that you have submitted.
Company's form data:
Types of personal data:
First and last name, contact details: delivery address, e-mail address, and phone number
Legal basis for the data processing:
Your consent to use the company's services pursuant to the terms of this policy
Data retention period:
All personal data requested from you will be stored in our customer data system for as long as you use the company's services or for 3 (three) years where this is necessary for us to defend ourselves against claims, complaints, or lawsuits filed against us.
1.2. How and for what purposes we use your form data
The profile created for you on the basis of data submitted via our form (form data) allows us to identify registered users. The purpose of the identification is to enable you to use the company's services under the terms set out in this policy.
We may use the submitted form data to identify you, for example, when you update or modify your data or contact us to receive specific personal information, exercise rights related to the processing of personal data, etc.
We may process your personal data, for example, to contact you and communicate with you if you have forgotten to pick up any items you have purchased or if there is a problem with a transaction, to reply to your enquiries, to provide you with access to your profile, and to ensure the accuracy of the data in your profile.
We may use your mobile phone number to contact you regarding urgent matters where it is crucial to reach you immediately. We may use your e-mail address primarily to provide you with information about the company's services (e.g., changes to the system, terms of use, or this policy, in the event of your user account being blocked, to send you confirmation e-mails about registrations for events, etc.).
It is crucial that the personal data you submit to us will be accurate and complete. Submission of incorrect information or failure to update your information may cause us difficulties in providing our services.
Wisby cannot be held liable for any damage caused to you as a result of the submission of incorrect or incomplete personal data.
If the data changes, we ask you to immediately replace the changed data in the company's web environment under the user account settings. For more information on updating your form data, see section 5.2 of this policy.
The company does not have the capacity to verify the accuracy and completeness of the data you have submitted. Thus, we always assume that you have provided accurate and complete information when filling out the registration form and that all your consents have been given willingly after carefully reading through this policy and its terms.
1.3. Management of your WISBY user account
We may process your personal data for the purpose of managing your user account.
User account data
Types of personal data:
Data submitted upon registration on the company's website www.wisby.eu, user account login data, information on actions of logged in users, incl. technical browsing data (IP address, web browsing activity, and technical information). Your first name, surname, e-mail address, postal address, phone number, delivery address, date and time of purchase and delivery, product names, quantities, purchase prices and discounts, payment method and payment details.
Legal basis for the data processing:
Your consent to use company's services pursuant to the terms of this policy
Data retention period:
All personal data requested from you will be stored in our customer data system for as long as you remain a user of the company's services or for 3 (three) years where this is necessary for us to defend ourselves against claims, complaints, or lawsuits filed against us. The vehicle registration number is retained until the order is fulfilled.
Upon registering as a user on the website www.wisby.eu, you are deemed to have consented to the processing of your personal data in accordance with these terms.
1.4. Processing of your purchase details
When providing you with the company's services and other benefits, such as participation in campaigns, discounts, etc., we may process the details of the purchases you have registered on the company's website (hereinafter purchase details).
Your purchase details enable us to correct errors in our operations for your benefit. For example, should we discover that some goods were sold to our customers at the wrong price or that a discount was not applied, purchase details allow us to identify the customers concerned and correct our errors (by refunding the amount paid in excess, etc.).
Purchase details processed for the purpose of the provision of services
Types of personal data:
First name and surname, e-mail address, phone number, delivery addresses, date and time of purchase and delivery, names and quantities of purchased products, purchase price and applied discount, payment method and payment details.
Legal basis for the data processing:
Your consent to use company's services pursuant to the terms of this policy
Data retention period:
Purchase details are retained for 7 (seven) years after the date of purchase, after which your details and other personal information will be deleted permanently.
1.5. Management of personal offers and other benefits
We may process your personal information on the basis of your consent in order to manage personal offers and other benefits, such as campaigns, invitations to special events and games, etc. In addition, on the basis of your consent, we may send you company newsletters, information about offers from us and the company's partners, as well as surveys regarding offered products and services. We will only process personal data that will be necessary for the specific offer.
1.5.1. Direct marketing
We may process your personal data for the purpose of sending direct marketing messages, such as personal and important information and offers, to the communication channel of your choice: e-mail, SMS, company user account and/or social networks.
Please note that if you wish to receive direct marketing messages from us via a social network, we may use your mobile phone number or e-mail address to contact you on those social networks.
Personal data processed for the purpose of direct marketing
Types of personal data:
Your name, e-mail address and/or mobile phone number, company's user account
Legal basis for the data processing:
Your consent to receive direct marketing messages
Data retention period:
The data will be retained for the duration of your consent to receive service offers and information. Your consent and proof thereof may be retained for 3 (three) years in cases where it is needed to defend ourselves against claims, complaints, or lawsuits filed against us.
You may opt out of receiving service offers and information from us or change the methods (channels) used to send you such messages at any time by requesting via e-mail sales@wisby.eu. Opting out of receiving service offers and information from us will not prevent you from using WISBY services.
1.5.2. Data profiling for submission of personal offers
By agreeing to the profiling of your personal data for the purpose of preparing personal offers for you, you are allowing us to get to know you, tailor our offers to your needs, and offer other benefits specifically designed for you.
When profiling data, we use automated decision-making processes to prepare personalised offers and offer you other company benefits. To this end, we group and analyse your form data and/or purchase details and provide you with up-to-date, interesting, and useful offers and other information based on your purchasing habits and/or other characteristics (e.g., gender, place of residence, specific purchasing operations, etc.).
Personal data processed for the purpose of submission of personal offers
Types of personal data:
First name and surname, address, e-mail address and phone number, purchase details (incl. date and time of purchase, names and quantities of purchased goods, total purchase price), history of personal offers sent to you and information about their use.
Legal basis for the data processing:
Your consent to receive and profile the company's service offers and information
Data retention period:
The data will be retained for the duration of your consent to receive service offers and information. Your consent and proof thereof may be retained for 3 (three) years in cases where it is needed to defend ourselves against claims, complaints, or lawsuits filed against us.
Please note that our data analysis and profiling operations will not have any legal consequences for you nor any significant impact on you.
If you do not want your data to be profiled for the submission of personal offers, you do not have to give us your consent, and, once given, you can withdraw your consent at any time. However, in the case of refusal to give your consent or withdrawal of your consent, we cannot guarantee the full provision of our services.
1.6. Statistical analysis and market research
Market and customer behaviour research and statistical analysis are vital to us, as they allow us to make important business decisions, for example, regarding our product portfolio, pricing, etc. When compiling the necessary reports, we use automated data analysis, which does not include processing your name, contact details, or other information that could be used to directly identify you.
Data processed for the purposes of statistical, market, and customer behaviour research:
Types of personal data:
Place of residence with settlement and county accuracy, purchase details (incl. date and time of purchase, name, quantities, and total price of goods and discounts)
Legal basis for the data processing:
Our legitimate interest in analysing data and preparing reports necessary for business operations in order to evaluate our activities and create value for both you and the company.
Data retention period:
Your purchase details are retained for 7 (seven) years after the date of purchase.
All personal data requested from you will be stored in our customer data system as long as you remain a user of the company's services.
Please note that our data analysis operations will not have any legal consequences for you nor any significant impact on you.
1.7. Customer enquiries, complaints, requests, and feedback
We may use your personal data with your consent for the purpose of answering your enquiries and questions (hereinafter enquiries) objectively and accurately, providing you with the necessary information, processing your claims, etc. We may also analyse data collected from enquiries to improve the quality of our operations and services in consideration of your opinions and recommendations.
Data processed in relation to customer enquiries, complaints, requests, and feedback
Data categories:
Your identification and contact details:
first name and surname, phone number, e-mail address, delivery address.
The contents of your request:
your request, its circumstances, date, place, claim or response, object, and other information in the request.
Other documents and/or particulars related to the request:
for example, purchase receipt details; photos; phone calls when you call the customer service helpline.
Legal basis for the data processing:
Obligation to respond to customers' enquiries and process requests (including legal liability to the consumer), as well as our legitimate interest in assessing the satisfaction of our customers in order to improve the quality of the services offered by the company.
Data retention period:
We process your enquiries, complaints, and the related data until we are able to respond or make the relevant decisions. Your personal data are retained as follows:
- enquiries submitted by e-mail – 6 (six) months;
- complaints – 12 (twelve) months;
- information phone line recordings – 14 (fourteen) days;
- ratings (Star Storage) – 12 (twelve) months;
- private messages on social media – 6 (six) months.
In the event that your enquiry results in a dispute or a risk thereof, the company will be entitled to retain and process your data for a longer period: until the expiry of the claim/complaint (three years) and/or until the final decision takes effect.
Upon expiry of the period for processing and retention of data set out in these terms, we will permanently destroy and/or delete your data and other personal information within a period that is reasonably required for this, but as soon as possible.
- 2. SOURCES FROM WHICH WE COLLECT YOUR PERSONAL DATA
Almost all personal data are collected from you personally (for example: in writing, by e-mail, when you call our customer support phone line or submit a request, etc.). Form data are collected by us directly when you fill out our registration form and submit purchase details.
To evaluate submitted enquiries appropriately and objectively, we may need to collect additional information or specify the circumstances of the enquiry. As such, we may collect additional information, for example, from your previous enquiries, purchase transactions, user account usage history, correspondence with the company's employees, etc.
- 3. TRANSMISSION OF PERSONAL DATA TO THIRD PARTIES
In order to fulfil our obligations to you, we may share your personal data with companies that provide services to us. These may include suppliers, database management service providers, server space and cloud service providers, direct marketing service providers, market research or business analytics service providers, etc. We only share as much data with data processors as is necessary for the performance of the specific task or provision of the specific service. The data processors who work for us may only process your personal data in accordance with our instructions and may not use them for any other purposes or transmit them to other individuals without our permission. In addition, they must ensure the security of your data in accordance with applicable legislation and written agreements with us.
The company is the data controller of your personal data. In the event of civil liability and/or material claims and damage, we may transmit your data and claims to an insurance company. Insurance companies operate and process data in accordance with their internal policies.
Where necessary for the fulfilment of our legal obligations or defence of our statutory rights, your personal data may be transferred to law enforcement agencies and state and local government agencies.
Wisby uses Google Analytics and Facebook Pixel web analytics on its website, so-called cookies provided by Google, Inc. and Facebook, Inc. Google Analytics and Facebook Pixel have been added to collect information about how visitors use the website. We use this information to compile reports and improve our website. Cookies are also used to display advertisements and offers to you based on your browsing preferences or shopping interests. Cookies collect anonymous information about, for example, the number of visitors to the website, the IP address, and the time, place, and frequency of website visits. This information is usually transmitted to and stored on Google's and Facebook's servers. Google's privacy policy can be found here: https://www.google.com/intl/eng/policies/privacy/
Facebook's privacy policy can be found here: https://www.facebook.com/policies/cookies
If you do not want your browsing activities to be analysed on our website, you can change your browser settings and disable the use of cookies at any time. Disabling cookies may result in some service features becoming unavailable to you. For more information, see our cookie policy.
- 4. WHERE WE PROCESS YOUR PERSONAL DATA
We always process your personal data within the European Union and the European Economic Area. Your personal data will not be transferred to or processed in countries outside these regions.
- 5. YOUR RIGHTS
The Personal Data Protection Act grants several rights to data subjects regarding the processing of personal data. This section provides information about your specific rights and how to exercise them.
Please familiarise yourself with your rights carefully.
5.1. Access to personal data
You have the right to request information from us and access to your personal data that we process. You can log in to your user account at any time and access the information we have about you, such as your name, contact details, purchases, invoices from the last 12 (twelve) months, personal offers, etc.
You also have the right to receive information from us about the personal data we process, the purposes of the data processing, categories of data, categories of data recipients, duration of data processing, sources of data, and automated decision-making, including profiling and its meaning and consequences.
Most of the data and the purposes for which it is being processed are described in this policy for your benefit.
If the information provided in this policy and in your user account is not sufficient for you or if you would like to review the history of purchase transactions from more than 12 (twelve) months ago, please contact us as specified in section 7 (seven) of this policy.
5.2. Rectification of personal data
If the information we have about you is incorrect or incomplete, you are entitled to edit, clarify, or rectify it yourself or request us to do so for you. You can edit some of this information yourself on the company's website at business.wisby.eu by logging in with your user account or by contacting us with the appropriate request pursuant to the procedure set out in section 7 (seven) of this policy.
5.3. Withdrawal of consent
As we process your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of your personal data at any time. In some cases, this may mean that we can no longer provide our services to you.
Your consent and proof thereof may be retained for 3 (three years) in cases where this is needed to defend ourselves against claims, complaints, or lawsuits filed against us.
5.4. Objection to data processing for direct marketing purposes
You have the right to object to the processing of your personal data for direct marketing purposes at any time.
You have the right to withdraw your consent to receive offers and newsletters and to the profiling of your personal data for the purpose of submission of personal offers. Withdrawal of these consents will not prevent you from continuing to use the company's services, but it does mean that we will not be able to provide you with other benefits and special offers.
You can cancel direct marketing by logging in to the company's user account on the website business.wisby.eu or call our customer support phone line.
5.5. Lodging of complaints
If you believe that the processing of your data constitutes a violation of your rights and the provisions of data protection legislation, please contact us first. We will do our best to resolve your complaints and eliminate any doubts or possible errors.
If you are not satisfied with the solution proposed by us or if you believe that we are not taking the necessary action in accordance with your wishes, you have the right to lodge a complaint with the relevant supervisory authority, which in the Republic of Estonia is the Data Protection Inspectorate.
From 25 May 2018, following the entry into force of the General Data Protection Regulation of the European Union (2016/679/EU), you also have the following rights:
5.6. Objection to data processing based on legitimate interests
You have the right to object to the processing of your personal data where the processing is based on our legitimate interests. If you do not consent to the processing of your data for the purposes described in this section, we will respect your decision. Given the purposes of the company's services and the balance of the legitimate interests of both parties (both the data subject, i.e. you, and the data controller, i.e. us), your objection may mean that we will not be able to provide the company's services to you, if you deny processing based on our legitimate interests.
To exercise this right, please submit the corresponding written request to our Data Protection Officer in accordance with the procedure set out in section 7 (seven) of this policy.
5.7. Erasure of data (right to be forgotten)
Under certain circumstances, you have the right to request that we erase your personal data (for example, if the personal data is processed unlawfully, there is no legal basis for the processing of the data, etc.). Note that this does not apply in cases where we are required by law to retain your data.
To exercise this right, please submit the corresponding written request to our Data Protection Officer in accordance with the procedure set out in section 7 (seven) of this policy.
5.8. Restriction of data processing
Under certain circumstances (for example: unlawful processing of personal data, contesting the accuracy of the data, disagreement with data processing based on our legitimate interests, etc.), you have the right to restrict the processing of your personal data. Please note that restricting the processing of your data may affect your use of the services provided by the company.
To exercise this right, please submit the corresponding written request to our Data Protection Officer in accordance with the procedure set out in section 7 (seven) of this policy.
5.9. Data portability
You also have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, as well as the right to transmit the data to another data controller without hindrance from us (right to 'data portability'). This right only pertains to data which you have provided to us with your consent or under an agreement and which will be processed automatically. Upon request and where technically feasible, we will transfer the data to the other data processor specified by you.
To exercise this right, please submit the corresponding written request to our Data Protection Officer in accordance with the procedure set out in section 7 (seven) of this policy.
- 6. PROCEDURE FOR PROCESSING REQUESTS
In an effort to protect the personal data of all of our customers from unlawful disclosure, we may ask you to identify yourself when submitting a request, in order to verify that the company's user account belongs to you. For this purpose, we may ask you to send us the form data submitted via the registration form (e.g., your name, e-mail address, or phone number) so that we can check whether the information provided in your request matches the corresponding form data. During the verification of your identity, you may be sent an electronic message (by SMS or e-mail), using the contact details indicated in the company's registration form, and asked to perform an authorisation procedure. If the identification process fails (e.g., your form data does not match the data in the company's registration form or you fail to authorise the data based on the SMS or e-mail sent to you), we will be forced to conclude that you are not the subject of the requested data, in which case we must reject your request.
We will inform you about the actions taken on the basis of your requests as quickly as possible, but no later than 1 (one) month after the submission of the request and the verification of your identity. Depending on the complexity and content of the request, we may be entitled to an extension of the one-month period by an additional two (2) months. In such a case, we will contact you before the end of the first month and state the reasons for the extension.
In the case of requests submitted electronically we will send you a reply using the same channel, unless this is technically unfeasible (e.g., the volume of the information is too great) or you have asked us to reply to you by other means.
If we are forced to refuse to grant your request due to legal requirements, we will contact you and state the reasons.
- 7. WHO TO CONTACT IF YOU HAVE QUESTIONS
In matters related to data processing, you can contact us in the following ways:
Contact details of the company processing your personal data
BIDE TECHNOLOGY OÜ
Business registry code: 16156603
Registered address: Kastani str 42, Tartu 50410
Customer support contact details
E-mail address: sales@wisby.eu
Website: www.wisby.eu
Contact details of Data Protection Officer
E-mail address: sales@wisby.eu
Postal address: Kastani str 42, Tartu 50410
Addressee: Bide Technology OÜ Data Protection Officer
- 8. THE SECURITY OF YOUR PERSONAL DATA
We are committed to ensuring the security of your personal data and employ appropriate measures to achieve this.
We always do our utmost to protect your personal data and implement strict measures and security systems to prevent unauthorised access to your data.
We employ a variety of security technologies and practices to prevent unlawful access to, use of, and disclosure of your personal data.
We choose our suppliers carefully and demand that they also ensure the confidentiality of your data and the security of your personal information.
Although we do everything we can to protect your personal data, the exchange of data over the Internet can never be completely secure. Any transfer of personal data is at your own risk. Once we have received your personal data, we will strictly comply with the requirements set out in this policy and data protection legislation and will take appropriate security measures to prevent unauthorised access to your personal data.
9. EXTENDED RETENTION OF PERSONAL DATA
Upon expiry of the period for processing and retention of data set out in these terms, we will permanently destroy and/or delete your data and other personal information within a reasonable period of time, but as soon as possible.
Your data may be retained for an extended period of time where required or permitted by law or necessary for the fulfilment of other legal obligations, in particular where:
- there are reasonable grounds to suspect illegal activity and an investigation is underway;
- your data is necessary for proper resolution of a dispute or complaint;
- there exist other grounds provided by law.
- 10. VALIDITY AND AMENDMENT OF THIS POLICY
This policy has been effective since 01 January 2021.
This policy may be amended as necessary. The latest, valid version of this policy will always be available on the webpage https://business.wisby.eu/en/privacy-