Skip to content

Shipping to 🇪🇪 🇫🇮 🇸🇪 🇩🇰 🇱🇻 🇱🇹 🇵🇱 • Free delivery over 60€

Cart

Privacy policy

1. General Provisions

1.1. This Privacy Policy regulates the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller.
1.2. The data controller of the online store
https://www.lashweb.eu/ is Paist Trading OÜ, registry code 14643766, address Vetevana tee 8, Rannamõisa village, Harku municipality, Harju county, 76906, phone (+372) 5125 011 , e-mail info@lashweb.eu (hereinafter: data controller).
1.3. A data subject within the meaning of this Privacy Policy is a customer or another natural person whose personal data is processed by the data controller.
1.4. A customer within the meaning of this Privacy Policy is anyone who purchases goods from the data controller’s website.
1.5. The data controller complies with the principles of data processing established by law, including processing personal data lawfully, fairly, and securely. The data controller is able to confirm that personal data has been processed in accordance with applicable legal requirements.

2. Collection, Processing, and Storage of Personal Data

2.1. Personal data collected, processed, and stored by the data controller is obtained electronically, mainly via the website and e-mail, including by means of cookies and similar technologies.
2.2. By sharing their personal data, the data subject grants the data controller the right to collect, organize, use, and manage the personal data for the purposes defined in this Privacy Policy, which the data subject directly or indirectly shares with the data controller when purchasing goods or services through the website. The legal basis for processing personal data is set out in section 4 and depends on the purpose of processing.
2.3. The data subject is responsible for ensuring that the data they provide is accurate, correct, and complete. Knowingly providing false information is considered a violation of this Privacy Policy. The data subject is obliged to notify the data controller immediately of any changes to the provided data.
2.4. The data controller is not responsible for any damage caused to the data subject or third parties due to the provision of false information by the data subject.

3. Personal Data Processed

3.1. The data controller may process the following personal data of the data subject:

  • first and last name, phone number, and e-mail address;
  • buyer and delivery address;
  • bank account number;
  • cost of goods and services and payment-related information (purchase history);
  • technical data (IP address; device type, browser type and version, time zone, cookies);
  • other information related to customer surveys and/or offers, including consent to receive marketing;
  • authentication data when creating and logging into an account (e.g., via Google or other third parties) (username, login time, IP address);
  • log of consents and objections (e.g., marketing preferences)
  • security and error log data (to ensure the security and functioning of the service).

3.2. In addition to the above, the data controller has the right to collect customer data available from public registers.

4. Legal Basis

4.1. Processing of personal data is carried out for the purpose of fulfilling a sales contract concluded with the customer (managing orders, delivery, returns of goods and payments).
4.2. Processing of personal data is carried out to fulfill a legal obligation (accounting, responding to inquiries from public authorities in cases and to the extent permitted by law, resolving consumer disputes).
4.3. Processing of personal data is carried out on the basis of the data subject’s consent for one or more purposes (e.g., direct marketing, non-essential cookies for analytics).
4.4. Personal data is also processed on the basis of legitimate interests (e.g., security, fraud prevention, customer communication history), while the customer has the right to object.

5. Purpose of Processing Personal Data

5.1. Personal data is used to manage customer orders and deliver goods.
5.2. The bank account number is used to refund payments to the customer.
5.3. Personal data such as e-mail, phone number, and customer name is processed to resolve issues related to the provision of goods and services (customer support).
5.4. E-mail is also used for sending invoices and order confirmations, and phone numbers are used for delivery notifications.
5.5. Purchase history data (purchase date, goods, quantity, customer details) is used to compile an overview of purchased goods and services, sales statistics, and to analyze purchasing preferences and consumer habits.
5.6. The online store user’s IP address or other network identifiers are processed for the provision of the online store as an information society service and for web usage statistics.
5.7. Personal data is used for the handling of legal claims (consumer disputes) and the fulfillment of legal obligations.
5.8. Personal data is used (with the data subject’s consent) to prepare direct marketing offers and send newsletters.
5.9. The data controller follows the principle of data minimization, processing only the data and to the extent necessary for achieving the specific purpose. If the data controller intends to process collected personal data for purposes not mentioned above, they will provide information about the new purpose before further processing, along with any relevant additional information.

6. Transfer of Personal Data to Authorized Processors

6.1. The online store may use third-party service providers (authorized processors) to process customer personal data, who provide necessary services to the online store (software development, payment and postal services, statistics collection, etc.). Authorized processors may process personal data only in accordance with the instructions received from the data controller, and contracts have been concluded with the authorized processors to ensure the confidentiality of personal data. In addition, the online store has the right to transfer personal data to supervisory, investigative, and law enforcement authorities, and third parties, if such an obligation arises from law.
6.2. List of authorized processors:
6.2.1. IT service provider – Made By OÜ (ensuring website functionality and data hosting).
6.2.2. Accounting software provider – Erply Software OÜ (accounting operations).
6.2.3. Payment service providers – Montonio Finance UAB and Shopify Finance (payment solutions).
6.2.4. Bank link and other payment service providers – Swedbank, SEB Bank, LHV Bank, Luminor, Coop Bank, Citadele, Revolut, N26 Bank, Apple Pay, Google Pay.
6.2.5. Postal service providers – DPD, Itella, Omniva (delivery of orders to the customer).
6.2.6. Statistics and analytics service providers – Google Analytics, Meta, Hotjar (improving user experience of the online store, used only with consent).

7. Data Retention Period

7.1. The data controller retains personal data as long as necessary to achieve the purpose of its use or until the withdrawal of consent, if the processing is based on consent. For compliance with legal obligations, data is retained according to statutory deadlines (e.g., 7 years under the Value Added Tax Act and the Accounting Act).
7.2. In processing and storing personal data, the data controller applies organizational and technical measures that protect personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing. Access to modify and process personal data is restricted to authorized persons only.

8. Rights of the Data Subject

8.1. The data subject has the right to access and review their personal data.
8.2. The data subject has the right to receive information regarding the processing of their personal data.
8.3. The data subject has the right to supplement or correct inaccurate data.
8.4. The data subject has the right to request the deletion of their data (“right to be forgotten”), restriction of processing, data portability, and to object to processing, including for direct marketing purposes.
8.5. If the data controller processes personal data based on the data subject’s consent, the data subject has the right to withdraw consent at any time.
8.6. To exercise their rights, the data subject may contact the online store’s customer support by e-mail at info@lashweb.eu. Additional information may be requested to verify identity.
8.7. The data subject has the right to contact the Estonian Data Protection Inspectorate (
https://www.aki.ee/) or a court for the protection of their rights.

9. Direct Marketing Messages

9.1. The online store sends newsletters and offers to the customer’s e-mail address only if the customer has given the appropriate consent. If the customer does not wish to receive direct marketing messages, they should select the link in the footer of the e-mail or contact customer support via e-mail (info@lashweb.eu). 
9.2. The customer may unsubscribe from offers and newsletters at any time by following the instructions in the e-mail containing the offers or by contacting customer support via e-mail.
9.3. The online store may process personal data for direct marketing purposes (profiling) to better understand customer preferences and thereby offer better goods and services. In such cases, the customer has the right to object to the processing of their personal data, including profiling related to direct marketing, at any time by notifying customer support via e-mail.

10. Use of Cookies

A cookie is a small text file that the web browser automatically saves on the device used by the user. Cookies are used to collect information about how the user uses the website, with the aim of providing the user with a better experience. More detailed information about the use and storage of cookies can be found here.

11. Final Provisions

11.1. These data protection terms are drawn up in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR), the Personal Data Protection Act of the Republic of Estonia, and the legislation of the Republic of Estonia and the European Union.
11.2. The data controller has the right to amend and supplement the Privacy Policy at any time. The valid Privacy Policy is always available on the website
www.lashweb.eu.