Free Shipping for orders over 59€ in Estonia and over 120€ worldwide

EST

Privacy

Personal Data Processing Policy

1. Data Controller

The data controller for the www.hoiahomespa.com online store (hereinafter referred to as the “Online Store”) is HTM Karolin OÜ (registry code 12619762), located at Loo 1, Kudjape, Saaremaa vald, Estonia.
For inquiries related to personal data processing, please contact:
📞 +372 508 1665
✉️ info@hoiahomespa.com

2. Personal Data Collected

The Online Store processes the following personal data:

  • Identification data: Name, phone number, and email address
  • Payment and transaction data: Bank account number, payment history, and purchase details
  • Order information: Purchase history, including date, products, and quantities
  • Customer support data: Any communications related to customer service inquiries
  • Technical data: User IP address and network identifiers for website functionality and analytics

3. Purpose of Data Processing

Personal data is collected and processed for the following purposes:

  • Order Management & Delivery: Ensuring efficient order processing and fulfillment
  • Customer Service: Handling inquiries, complaints, and support requests
  • Purchase Analysis: Evaluating customer preferences and purchase history for service improvement
  • Payment Processing & Refunds: Processing transactions and issuing refunds when necessary
  • Website Functionality & Security: Maintaining the Online Store as an information society service and analyzing usage statistics

4. Legal Basis for Processing

Personal data is processed based on the following legal grounds:

  • Performance of a contract: Data processing is necessary to fulfill the contract between the Buyer and the Online Store
  • Legal obligations: Compliance with regulatory requirements, such as accounting and dispute resolution
  • Legitimate interest: Ensuring secure and efficient operation of the Online Store

5. Data Recipients

Personal data may be shared with:

  • Customer support team: For managing orders, resolving issues, and processing complaints
  • Logistics providers: The recipient’s name, phone number, and email address are shared with the selected delivery service. If courier delivery is chosen, the shipping address will also be provided
  • Accounting service providers: If bookkeeping is outsourced, personal data necessary for accounting compliance will be transferred to the service provider
  • IT service providers: Personal data may be processed by technology partners to ensure website functionality and data security

6. Data Security & Access

  • Personal data is stored on www.hoiahomespa.com servers located in the European Union (EU) or European Economic Area (EEA).
  • Data may be transferred to countries outside the EU/EEA only if the European Commission has deemed their data protection standards adequate or if the recipient is part of the Privacy Shield framework.
  • Only authorized employees of the Online Store have access to personal data, strictly for technical and customer service purposes.
  • The Online Store implements appropriate security measures to protect personal data from unauthorized access, loss, or alteration.
  • Personal data shared with third-party processors (e.g., logistics and IT service providers) is handled under legally binding agreements that ensure compliance with data protection regulations.

7. User Rights

7.1. Access & Correction

Buyers can review and update their personal data by contacting customer support.

7.2. Withdrawal of Consent

If data processing is based on consent, the Buyer can withdraw it at any time by notifying customer support via email.

7.3. Data Retention
  • Personal data is retained for as long as necessary to fulfill contractual and legal obligations:
    • Customer account data: Deleted upon account closure unless required for legal purposes
    • Purchase history (for non-account buyers): Retained for 3 years
    • Accounting data: Retained for 7 years (as required by law)
    • Dispute-related data: Retained until the dispute is resolved or the limitation period expires
7.4. Data Deletion

To request the erasure of personal data, Buyers must contact customer support via email. Requests will be processed within one month, and the exact deletion timeline will be confirmed.

7.5. Data Portability

Requests for data transfer must be submitted via email and will be processed within one month. Customer support will verify the Buyer’s identity before providing the requested data.

8. Direct Marketing & Profiling

  • The email address and phone number may be used for direct marketing if the Buyer has given consent.
  • Buyers can opt out of marketing communications at any time by clicking the unsubscribe link in an email footer or contacting customer support.
  • If personal data is used for profiling in direct marketing, the Buyer has the right to object and request termination of such processing by notifying customer support via email.

9. Dispute Resolution

If a Buyer has concerns regarding the processing of personal data, they may:

  1. Contact customer support at +372 508 1665 or info@hoiahomespa.com
  2. If the issue remains unresolved, complaints can be submitted to the Estonian Data Protection Inspectorate at info@aki.ee