Personal Data Processing Policy

PERSONAL DATA PROCESSING
The data controller of the online store www.biohealthclinic.ee (hereinafter the Online Store) is Bio Health Clinic OÜ (registry code 12513727), hereinafter referred to as the Company, located at Tuleviku 4, Rakvere, Lääne-Virumaa, email: info@biohealthclinic.ee, phone: +372 5624 0039.

Personal data is any information the Company holds about the Client (such as personal data, contact information, transaction data, etc.). 

What personal data is processed:
- Name, phone number, and email address;
- Delivery address;
- Bank account number;
- Information about products/services purchased and payment data (purchase history).

Purpose of processing personal data
Personal data is used to manage customer orders and deliver goods.

Purchase history data (purchase date, item, quantity, customer details) is used to compile an overview of purchased goods and services.

The bank account number is used to refund payments to the customer.

Personal data such as email, phone number, and name are used to resolve issues related to goods and services.

The IP address or other network identifiers of the online store user are processed for providing the service and compiling web usage statistics.

Legal basis
Processing of personal data is based on the fulfillment of a contract concluded with the customer.

Processing may also be necessary for compliance with legal obligations (e.g., accounting, consumer dispute resolution).

Recipients of personal data
Personal data is accessible to Bio Health Clinic OÜ employees for managing purchases, purchase history, and customer support.

Name, phone number, and email address are shared with the delivery service provider chosen by the customer. If the goods are delivered by courier, the customer’s address will also be provided.

If accounting is outsourced, relevant data will be shared with the accounting service provider.

IT service providers may also be given access to ensure the functionality and hosting of the online store.

Data security and access
Personal data is stored on Virtuaal.com servers, an accredited registrar by the Estonian Internet Foundation and an official partner of cPanel, the most widely used server management software. Typically, Virtuaal.com processes data within the EU/EEA.

Bio Health Clinic OÜ employees have access to personal data only to resolve technical issues related to the online store or to provide customer support.

The online store applies appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.

Data is shared with authorized processors (e.g., delivery service providers, hosting providers) under written agreements. These processors are required to ensure adequate protection of the personal data.

Access to personal data
Personal data can be accessed through customer support.

Withdrawal of consent
If data is processed based on the customer’s consent, the customer may withdraw consent at any time by emailing info@biohealthclinic.ee.

Data retention

Purchase history: retained for 3 years.

Data related to payments and disputes: retained until claims are fulfilled or statute of limitations expires.

Accounting data: retained for 7 years.

Deletion
To request deletion of personal data, contact the Company by email. A response will be provided within one month, along with a timeline for deletion. 

Data will not be deleted if: It is required to comply with legal obligations; it is needed to prepare, present, or defend legal or debt claims; deletion is technically unfeasible or would require unreasonable effort.

Data portability
Requests for data portability submitted via email will be answered within one month. The Company will verify identity and inform the client which personal data can be transferred.

Direct marketing messages

If personal data is processed for direct marketing purposes (including profiling), the customer may object to such processing at any time by emailing info@biohealthclinic.ee.

Dispute resolution
Disputes related to personal data processing are handled via customer support at info@biohealthclinic.ee. The supervisory authority is the Estonian Data Protection Inspectorate (email: info@aki.ee).