Privacy Policy
1. General Provisions
This Privacy Policy regulates the principles of collection, processing, and storage of personal data and applies
together with the Terms and Conditions of the online store. Personal data is processed and stored by
OlliHandmade OÜ (registry code 14477378, address: Uuesauna põik 2, Liivamäe küla), who is the controller of
the personal data (hereinafter referred to as the Controller).
For the purposes of this Privacy Policy, a data subject is a natural person whose personal data is processed by
the Controller. A customer is any natural person who purchases goods from the online store.
The Controller processes personal data in accordance with applicable laws and ensures lawful, fair, and secure
processing.
2. Collection, Processing, and Storage of Personal Data
• Personal data is collected electronically via the website and e-mail.
• By submitting personal data, the data subject grants the Controller the right to collect, use, and process the
data for the purposes defined in this Privacy Policy.
• The data subject is responsible for the accuracy and correctness of the submitted data and must notify the
Controller of any changes.
3. Types of Personal Data Processed
• First name and last name
• E-mail address
• Telephone number
• Delivery address
• Payment-related data (processed by payment service providers)
4. Purpose and Legal Basis for Processing
• Processing and fulfilling customer orders
• Delivery of goods
• Payment processing and accounting
• Customer support and communication
• Compliance with legal obligations
The legal basis for processing personal data is the performance of a contract, compliance with legal obligations,
and the legitimate interest of the Controller, in accordance with Article 6 of the GDPR.
5. Disclosure of Personal Data to Third Parties
• Payment service providers (Maksekeskus AS, Stripe)
• Website platform and hosting service provider (Wix.com Ltd)
• Logistics and courier service providers
• Accounting and IT service providers
The website is built and hosted on the Wix platform, which processes personal data on behalf of the Controller in accordance with its data protection obligations.
6. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes of processing or as required by law.
Accounting-related data is retained in accordance with statutory requirements.
7. Rights of the Data Subject
• Right to access personal data
• Right to rectify inaccurate personal data
• Right to withdraw consent where processing is based on consent
• Right to request deletion or restriction of processing where applicable
• Right to lodge a complaint with the Estonian Data Protection Inspectorate
To exercise their rights, the data subject may contact the Controller at hello@romutea.com.
8. Final Provisions
This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 (GDPR) and the applicable
laws of the Republic of Estonia. The Controller reserves the right to amend this Privacy Policy at any time by
publishing the updated version on the website. The updated version applies from the moment of publication.