DATA PROTECTION STATEMENT:
This Data Protection Declaration gives you an overview of how Elegi trading house OÜ (henceforth “Elegi”) processes your data. It applies to elegi-emarket web shop sites, apps and other benefits and services offered by Elegi.
What you will learn in this Data Protection Declaration:
- Which data elegi-emarket web shop.
- What we do with this data and what it is needed for.
- Which data protection rights and options you have.
- Which technologies and data we use to personalise and coordinate our services in order to offer you a secure, simple, seamless and individual shopping experience.
- Which technologies and data we use for advertising, including the tracking technologies we use.
If you have a question regarding this Data Protection Declaration or the topic of data protection at Elegi in general, you can contact customer service: firstname.lastname@example.org at any time.
1. Which data does Elegi process?
1.1 Profile information
Profile information is personal and demographic information on your person (so-called master data), along with your individual interests, which you share with us when registering for a customer account. Your profile data includes, for example:
- Your first and last names
- Your contact details
Mandatory information is usually your name, your email address and a password you choose yourself. Your email address and the password will later constitute your login details.
1.2 Shopping information
If you order something from elegi-emarket web shop, we collect your shopping data. Depending on the type of purchase and processing status, shopping data may include the following information:
- Order number
- Details on the purchased items (name, size, colour, price etc.)
- Payment method information
- Delivery and billing addresses
- Messages and communication relating to purchases (e.g. notice of revocation, complaints and messages to customer service)
- Delivery and payment status, e.g. “completed” or “dispatched”
- Return status, e.g. “successfully completed”
1.3 Payment details
We offer you the common payment methods in online retail - especially advance payment, credit card. We collect the payment details shared by you in order to execute the payment. We receive further payment details from external payment service providers and credit agencies which we work with in executing payments and carrying out credit checks. We only forward information to our payment service providers which is necessary for processing payment.
Payment details include:
- Preferred payment method
- Credit card details
- Creditworthiness data
The payment details also include other information directly connected to payment processing and credit checking. This applies, for example, to information which external payment service providers use for identification such as your bank ID (if you are paying with Internet bank).
- What does Elegi use my data for?
Elegi processes your data in accordance with all applicable data protection laws. Of course, we observe the principles of data protection law for the processing of personal data. We therefore generally only process your data for the purposes explained to you in this Data Protection Declaration or shared when we collect the data. These are mainly purchase processing and the provision, personalisation and development as well as security of our services. We also use your data within the framework of the strict European data protection law, but also for other purposes such as product development, scientific research (especially in the areas of machine learning, artificial intelligence and deep learning) and market research, for the optimisation of business processes, the needs-based design of our services and personalised advertising.
In this chapter, we also inform you of the legal basis on which we process data for the individual purposes. Depending on the legal basis for our processing of your data, you may have additional data protection rights alongside your permanent rights such as the right to information. For example, in individual cases you have the right to object to the processing of your data. You can find further information under “Which data protection rights do I have?”
2.1 Purchase processing and provision of online, local and personalised services
- The provision, personalisation and needs-based design of our services such as the elegi-emarket web shop (including their respective websites, apps and cross-device and cross-platform functions).
- The execution of purchase agreements and customer service including dispatch and payment processing, claim management as well as the processing of returns, complaints and warranty claims.
- The provision of messages, reports, newsletters and other direct communication, insofar as these are an integral component of our contractual services or the services requested by you.
- The guarantee of the general security, operability and stability of our service including defence from attacks.
- Non-promotional communication with you on technical, security-related and contractually relevant subjects (e.g. fraud warnings, account blocking or contractual changes).
Insofar as the purpose relates to the execution of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6 (1) b GDPR. Otherwise, the legal basis is Article 6 (1) f GDPR, whereby we may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests.
2.2 On the basis of your consent
If you have given us your consent for the processing of personal data, your consent is the primary basis of our data processing. Which of your data we process on the basis of your consent depends on the purpose of your consent. Typical purposes include:
- Subscription to a newsletter.
- Participation in surveys and market research studies.
- The transmission of your data to third parties or to a country outside the European Union.
- The execution of a credit check (if it is not necessary for contractual fulfilment or precontractual measures).
Notices of withdrawal:
You can withdraw consent at any time with effect for the future, e.g. by e-mail.
If the relevant service supports this function, you can adjust and withdraw consent to receive newsletters and other notifications in the preference centre. You can find the link to the preference centre in each newsletter. Each newsletter also contains a corresponding unsubscribe link.
You can find further instructions under “Which data protection rights do I have?
3. Personalised services
The development and provision of personalised functionalities and services for you is our top priority. We offer you an individual shopping experience and a range tailored to your individual interests, regardless of location, time and devices used. The processing of your data to personalise our service is therefore an integral part of Elegi’s service.
3.1 What are personalised services?
Personalised services allow us to offer you better, more practical and more secure services. To this end we use the data we have stored about you in order to determine your needs and interests. On this basis we can offer you more relevant content corresponding to your needs and interests. Of course, you still have access to all content. Personalisation allows you to see content which is more relevant to you more quickly, or content is specially presented to you (e.g. in the form of individual product recommendations).
3.2 Why do I need a customer account?
Most of our personalised services require you to set up a customer account so that we can save data we collect on you at a central location.
3.3 Which data is saved on my customer account?
Data which we collect about you is saved on your customer account, along with your customer number (customer ID). The customer number is a randomly generated sequence of numbers which does not contain any personal data. Your data is associated with your customer number, in order to link you to your customer account. The customer number also functions as a pseudonym.
3.4 Which data is used for personalisation?
Personalised content is generally selected on the basis of all data stored on your customer account.
If device and access data is used which is not saved on your customer account, these are only pseudonymised for the relevant personalisation (so e.g. in connection with your customer number, but not in connection with your named or other directly identifying profile data) for the duration of the usage.
- Creditworthiness dat
- Information for campaigns and survey
- Job applications
- Notifications (e.g. from customer service)
3.5 Your options
You can view most of the data we have stored on your customer account at any time. If required you can also edit this data on your account and influence personalisation, perhaps by providing your preferences.
If personalisation is based on device and access data, you can prevent the collection of this data by deactivating the collection of this data by tracking tools. Please bear in mind, however, that you will receive less or no personalised content and services. Please bear in mind that the data used for personalised services are also needed for other purposes (including the provision of our services), in which case the collection of the data required will continue to be collected. However, the advertising presented to you will then not be personalised.
4. Info on websites and apps
We use your data to provide access to the elegi-emarket web shop and apps. Along with the device and access data collected whenever you use these services, the type of data processed as well as the processing purposes depend especially on how you use the functions and services provided via our services. We also use the data collected when you use our services to find out how our online offering is used. We use this information and other information in the course of shopping personalisation to improve our services and for personalised advertising.
You can find the responsible service provider in the imprint of the relevant website or app.
4.2 Which data is collected?
We generally collect all the data which you directly share with us via our services.
Device and access data
Whenever you access our services and databases, we collect device and access data and record it in so-called server log files. The IP address it contains is anonymised shortly after the end of the relevant session, as soon as storage is no longer required to maintain the functionality of the relevant website.
If it is available and activated on your device, we also collect a device-specific ID number (e.g. a so-called “promo ID” if you are using an Android device or an “ad ID” if you are using an Apple device). This device ID is issued by the manufacturer of your operating system and can be read by web shop and apps and used to present content on the basis of your usage habits. If you do not want this, you can deactivate it at any time in your device’s browser settings or system settings.
We set up password-protected personal access for users who register for a customer account or another service. If you do not log out again after logging in with your login details, most services automatically keep you logged in. Depending on the type of service, a cookie or similar technology is used for this. This function allows you to use part of our services without having to log in again every time. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your profile information or submit an order. You can find more information under “Personalised services”
Our services may contain social plug-ins (“plug-ins”) from various social networks. These plug-ins allow you, for example, to share content or recommend products. The plug-ins are deactivated as standard and therefore do not send any data. You can activate the plug-ins by clicking on the corresponding button (e.g. “activate social media”. The plug-ins can also be deactivated again with a click. If the plug-ins are activated, your web browser sets up a direct connection to the web servers of the relevant social network. The content of the plug-ins is then transferred by the social network directly to your web browser and integrated by the latter into our web shop. Integrating the plug-ins allows the social network to receive the information that you have called up the relevant page of our internet offering and can collect your device and access data. If you are logged into the social network, the latter may also assign the visit to your account with the relevant social network. If you interact with the plug-ins, for example by clicking the Facebook “like” button or making a comment, the corresponding information will be transmitted by your browser directly to the social network and stored there. The purpose and scope of the data collection, and the further processing and use of the data by the particular social networks and your rights and configuration options concerning this to protect your privacy, can be found in the privacy notices of the respective social networks and websites. You can find the links to these below. Even if you are not registered with the social networks, websites with active plug-ins may send data to the networks. An active plug-in will place a cookie with an ID each time you call up the website. Because your web browser sends this cookie without being asked every time you connect to a server, the social network could in principle create a profile of which websites the user belonging to the ID had called up. And it would also be quite possible to assign this ID to a person, for example if they later registered with the social network.
Facebook & Instagram social plug-ins
Our services use the device and access data from the usage analysis, which are collected when you use our service, for shopping personalisation. Depending on the type of service, this may include common tracking technologies using tracking pixels and identification cookies or similar Ids (so-called tagging). In addition, our advertising partners may collect your device and access data in this way, in order to provide us with information on your interests and demographic data (such as age, gender, region) during your use of our services. This allows us to present you with advertising and/or particular offerings and services which correspond to your interests (for example product recommendations based on the fact that you have only viewed trainers in the last few days). Our goal when doing this is to make our offering as attractive to you as possible and to present you with advertising corresponding to your interest areas. Of course, you can continue to use all content and functions. This on-site optimisation does, however, allow us to first show you content and functions which are more relevant for you. On-site optimisation is carried out automatically by our systems, which recognise that users have repeatedly called up products and content from particular categories.
If you do not want on-site optimisation, you can deactivate this function at any time:
- To do this, please deactivate the “data processing” function (in the Elegi app you will find this function on the info menu under the point “About us”).
- In other services, please do this by deactivating web analysis or app analysis.
Info on website cookies
The cookies used by our website may come from Elegi or advertising partners. If you only wish to accept the Elegi cookies, but not our advertising partners’ cookies, you can choose the corresponding setting in your browser (e.g. “block third-party cookies). The help function in your web browser’s menu bar generally shows you have to reject new cookies, and to turn off cookies which have already been received. We recommend that you completely log out after you finish using our website on shared computers which are set to accept cookies and Flash cookies.
Our services use three categories of cookies:
- Necessary cookies: These cookies are required for optimal navigation and operation of the web shop. For example, these cookies are used to implement the basket function, such that the goods in your basket stay saved while you continue with the purchase. The necessary cookies also serve to save particular inputs and settings which you have made so that you don’t have to constantly repeat them, and to adapt Elegi content to your individual interests. Only limited use of the web shop is possible without necessary cookies.
- Statistical cookies: These cookies collect device and access data to analyse the use of our web shop, such as which areas of the web shop site are used how (so-called surfing behaviour), how fast content is loaded and whether errors occur. These cookies only contain anonymous or pseudonymous information and are only used to improve our web shop and to find out what our users are interested in, and to measure how effective our advertising is. Statistical cookies can be blocked without adversely affecting the navigation and operation of the website.
- Marketing cookies (“tracking cookies”): These cookies contain identifiers and collect device and access data, in order to adapt personalised advertising on elegi-emarket web shop to your individual interests. Our advertising partners who operate online advertising networks also collect device and access data on our web shop. This allows us to display personalised advertising on other web shop and in other providers’ apps which fits your interests (so-called retargeting). Marketing cookies can be blocked without adversely affecting the navigation and operation of the web shop. Shopping personalisation may, however, not be possible.
We have collected country-specific overviews of all cookies used in the elegi-emarket web shop. You can find these under “Information on individual websites”.
4.3 Usage analysis
We use common tracking technologies to evaluate device and access data. This allows us to find out how our offering is being used by our users in general. We do this using identification cookies and similar identifiers. This allows us to find out, for example, which content and topics are particularly popular, when our services are used the most, from which regions (down to the city level) our services are used and which browsers and devices our users generally use.
We may also carry out so-called A/B tests in the course of usage analysis. A/B tests are a special kind of usage analysis. A/B testing (also known as split testing) is an approach to comparing two versions of a website or app in order to find out which version performs better, is more popular or lets users find their desired content quicker. Producing a version A and version B and testing both versions provides data which makes it easier and faster to make changes to services and content.
You can find out which tracking tools our websites and apps use under “Information on individual websites”.
You can also find information there on deactivating usage analysis.
You can deactivate the processing of your data for usage analysis at any time:
- To do this, please deactivate the “Data processing” function in the elegi-emarket web shop. You can find this function in the Elegi app in the info menu under the point “About us”. In the elegi-emarket web shop you can find this function directly next to the link to this Data Protection Declaration.
- In other services, please do this by deactivating usage analysis.
We offer you various newsletter services. When you register for a newsletter service you will receive information on the topics dealt with by the individual newsletters. There are also service-specific newsletters, which are integral components of a particular service. When you use our newsletters we also connect device and access data.
5.1 How do I register?
When sending out our notifiable newsletters (such as the elegi-emarket web shop newsletter), we use the so-called double opt-in procedure or single opt-in procedure (country-dependent), i.e. we will only send you the newsletter if you have given explicit prior consent to us activating the newsletter. If a double opt-in is required in your country, you must also have confirmed that the email address you have shared with us belongs to you. For this purpose we will send you a notification email and ask you to confirm by clicking on one of the links in this email that you are the owner of the email address you have shared with us. We may waive this measure if you have already confirmed to us in this way for another purpose that you are the owner of this email address.
If you no longer wish to receive emails from us, you can withdraw your consent at any time without incurring any costs other than the transmission costs according to basic tariffs. A notification in text form email to the Elegi company responsible for the relevant newsletter is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter.
5.3 Which data is collected?
If you subscribe to a newsletter, we automatically save your IP address and the time of your subscription and confirmation. This way we can prove that you actually subscribed and identify any unauthorised use of your email address.
We collect device and access data which arise when you interact with a newsletter. For this evaluation, the newsletters contain links to image files stored on our web servers. When you open a newsletter, your email programme loads these image files from our web server. We collect the device and access data which then arises in pseudonymised form under a randomly generated ID number (newsletter ID), which we will not use to identify you without your consent. This way we can understand whether and when you have opened which issues of a newsletter. The links contained in the newsletters likewise contain their newsletter ID so that we can determine which content you are interested in. We use the data collected here to create a user profile for your newsletter ID in order to personalise newsletter content according to your interests and usage habits and to statistically analyse how our users use the newsletter service. We connect this data to data which we collect within the framework of usage analysis.
This shopping personalisation is an integral component of the elegi-emarket web shop newsletter.
You can object to newsletter analysis at any time by deactivating the corresponding newsletter service. Of course, you will also find an unsubscribe link in every issue of our newsletter. You can also find further information under “Which data protection rights do I have?”
Alternatively, you can deactivate the display of images in your email programme. In this case, however, the newsletter will not be displayed to you in full.
We use the data submitted when ordering Elegi vouchers to check and process the order and to issue and redeem the voucher. This also includes the recording and processing of the data connected to use of the voucher, especially for fraud prevention.
We also stored the following data for this purpose:
- Date of issue
- Voucher value
- Voucher code
- Personalisation data (if you provide this)
- Name of voucher holder (for personal vouchers)
- Time of voucher redemption
- Name of the redeeming party and the customer account ID of the account used for redemption.
7. How does Elegi use my data for advertising?
We and our advertising partners use your data for personalised advertising presented to you in Elegi’s services and on other providers’ websites and apps. We and our advertising partners use the prevailing market technologies for this purpose. This allows us to advertise in a more targeted way in order to display as many adverts and offers to you which are actually relevant to you. This allows us to better meet our users’ needs as regards personalisation and discovering new products and to interest you in our service in the long run by providing a more personalised shopping experience.
7.1 Advertising formats and channels
The advertising formats used by Elegi and Elegi’s advertising partners include presentations in the elegi-emarket web shop (within the framework of on-site and in-app optimisation), adverts on social networks (e.g. Facebook ads, Instagram ads) and advertising spaces mediated via the online advertising networks used by Elegi such as DoubleClick by Google.
Elegi does not sell any personal data. When our advertising customers book a Elegi advertising format with, they do not receive any data which could be used to contact or identify you without your express consent. Our advertising customers only receive anonymous, aggregated reports with information on the effectiveness and reach of the advertising services we provide. These reports are based on Elegi own surveys, and sometimes also take into account summarised reports which we receive from our advertising partners and social networks. These show, for example, how our advertising services have affected sales to various groups of customers.
7.2 Information which we use to create target groups
In creating target groups we use our own findings from data analysis on our users’ usage and purchasing behaviour and customers as well as our market research on user segmentation which we apply to the user data collected by Elegi. In doing this we especially consider aggregated, pseudonymised or anonymised shopping data, search histories, interests data and demographic profile data as well as device and access data.
Our advertising partners also have the option to provide us with their own data for user segmentation, which was collected by the advertising partners themselves. The advertising partners must undertake only to provide Elegi with aggregated, encrypted or anonymous data, so that we cannot assign the data to any particular person, especially any particular user of the elegi-emarket web shop. Some target groups are created on the basis of the users’ surfing behaviour. This is the case if advertising is only intended to be presented to users who have recently visited a particular website or searched for particular content.
7.3 How do we use this information in online advertising on the elegi-emarket web shop and in other Elegi services
We use the above information within the framework of on-site optimisation in order to present you with more relevant information and content when you search for products, call up your feed or visit a product area. On-site and in-app optimisation is based on cookies and similar identification technologies for the pseudonymous collection of device and access data. This data is not used to identify you personally, but rather to evaluate your usage pseudonymously. Your data is never permanently combined with other personal data we have stored on your person. This technology allows us to present you with products and/or particular offerings and services with content based on your device and access data.
If you do not want on-site optimisation, you can deactivate this function at any time by send emailing.
7.4 on social networks
If we advertise via advertising formats offered by social networks (e.g.Facebook, Instagram), we have the option of forwarding encrypted information on Elegi users (e.g. device and access data such as advertising and cookie IDs, email addresses) which we believe belong to an advertising customer’s target group or show particular features (e.g. age group, region, interests).
The relevant social network will then - either on our behalf as an order processor or with the consent of the relevant user - decrypt the transmitted data and display the advertising booked by us to the user as part of his existing usage relationship with the relevant social network (if he is a member of the relevant social network).
If you do not want us to use your data to present you with personalised advertising on social networks, you can deactivate the forwarding of your data:
To do this, please deactivate the “Data processing” function in the elegi-emarket web shop. You can find this function in the Elegi app in the info menu under the point “About us”. In the elegi-emarket web shop you can find this function directly next to the link to this Data Protection Declaration.
In other services, please do this by deactivating web analysis or app analysis.
If you have consented to the forwarding of your data to social networks, you can withdraw your consent at any time.
You may also have the option of deactivating the use of your data for personalised advertising by the social networks you use by directly contacting the relevant providers. For further information, directly contact:
Facebook (Facebook, Instagram):
- Information on Facebook adverts
- Advertising settings for Facebook
Google (Google advertising network, YouTube, Google search):
- Information on Google adverts
- Advertising settings for Google
8. Who is my data forwarded to?
Elegi only forwards your data if this is allowed by Estonian & European law. We work particularly closely with certain service providers, in the area logistics companies (e.g. postal companies such as Ecompartners). These service providers may generally only process your data on our behalf under special conditions. Where we use them to process orders, the service providers only receive access to your data in the scope and for the time period required for provision of the relevant service. If you shop with a Elegi partner, we forward particular shopping data regarding you to the Elegi partner (e.g. your name and your delivery address), so that the Elegi partner can send you the goods ordered.
8.1 Shipping companies
We work cooporation Ecompartners OÜ ,which uses with external shipping companies (e.g. DHL, DPD) to deliver orders. These shipping companies receive the following data to execute the relevant order:
- Your name
- Your delivery address
- Your post number if applicable (if you wish to have the order delivered to a DHL packing station)
- Your email address (if the shipping company wishes to inform you of delivery date by email) or alternatively
- Your phone number (if the shipping company wishes to inform you of delivery date by text message or a phone call)
8.2 Credit agencies
Cooperation with external credit agencies for fraud prevention, payment method selection and credit checks is country-specific, in order to take account of country-specific features and requirements.
8.3 Social media networks
As part of advertising campaigns we forward data to social network providers within the scope of data protection law. You can find further information under “How does Elegi use my data for advertising?”.
8.4 Authorities and other third parties
If we are obliged by an official or court decision or it is for prosecution purposes, we will if necessary forward your data to prosecution authorities or other third parties.
9. Which data protection rights do I have?
You have the following legal data protection rights under the relevant legal conditions: Right to information (Article 15 GDPR), right to deletion (Article 17 GDPR), right to correction (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with a supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7 (3) GDPR) as well as the right to object to particular data processing measures (Article 21 GDPR). You can find the contact details for your applications under “Mail To Use” the envelope symbol web site on the right side.
- In order to ensure that your data is not disclosed to third parties in the course of requests for information, please attach sufficient proof of identity to your request by email or post.
- You can change most of your information yourself in your customer account. For other cases please contact customer service.
- The responsibilities of the data protection authorities depend on the seat of the competent authorities. You may, however, contact the data protection authority, which will then forward your complaint to the responsible authority. The authority responsible for Elegi is the Estonia Commissioner for Data Protection and Freedom of Information, Tatari 39, Tallinn 10134, Estonia.
- If you have given consent for the processing of your data, you may withdraw it at any time. Withdrawal has no effect on the admissibility of the processing of your data which took place before the withdrawal.
- You may object to the processing of your data for advertising purposes, including direct marketing (including in the form of data analysis) at any time without giving reasons.
- If we are processing your data on the basis of balancing of interests according to Article 6 (1) f GDPR (e.g. the reporting of creditworthiness to an external credit agency), you may object to the processing. When asserting your objection, we ask you to give the reasons why you do not wish us to continue processing your data. In the event of a justified objection, we will check the state of affairs and either stop or adjust the processing, or inform you of the urgent reasons worthy of protection why we are entitled to continue the processing.
10. When will my data be deleted?
We will store your personal data as long as is necessary for the purposes named in this Data Protection Declaration, especially for the fulfilment of our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us store it for particular purposes, including for defence against legal claims.
If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing.
Blocking will occur, for example, in the following cases:
- Your order and payment details and perhaps other details are generally subject to various legal retention obligations, such as those in the Estonia sales law and the Tax Code. The law obliges us to retain this data for tax audits and financial audits for up to ten years. Only then can we finally delete the relevant data.
- Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing or prosecution or legal defence (e.g. in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation periods. After the relevant limitation periods expire, the relevant data will finally be deleted.
Deletion may be waived in the cases allowed by law if the data is anonymous or pseudonymous and deletion would rule out or seriously hinder processing for scientific research or statistical purposes.
11. How does Elegi protect my data?
We transmit your personal data securely using encryption. This applies to your order and your customer login. We do this using the coding system SSL (Secure Socket Layer). We also use technical and organisational measures to secure our website and other systems against loss, destruction, access, change or dissemination by unauthorised persons.
12. Changes to this Data Protection Declaration and points of contact
If you have any questions regarding data protection at Elegi, please contact our data protection officer. The easiest way to contact him is at email@example.com
Contact details for Elegi’s data protection officer:
Elegi Trading House OÜ
Pikk tn 7 korter 3, Harku alevik
76902 Harku vald, Harju maakond