Privacy Policy
1. General Provisions
1.1. This privacy policy regulates the principles of collection, processing, and storage of personal data. Personal data is processed and stored by OÜ Tarnavska Hair , who is the controller of the personal data ( hereinafter the controller).
1.2. For the purposes of this privacy policy, a data subject means the customer or another natural person whose personal data is processed by the controller.
1.3. For the purposes of this privacy policy, a customer means anyone who purchases goods or services on the controller's website.
1.4. The controller processes personal data lawfully, fairly, and securely in accordance with applicable legislation.
2. Collection, Processing, and Storage of Personal Data
2.1. Personal data is collected electronically, mainly through the website and email.
2.2. By sharing their personal data, the data subject grants the controller the right to collect, use, and manage that data for the purposes defined in this privacy policy.
2.3. The data subject is responsible for the accuracy of the submitted data and must notify the controller of any changes.
2.4. The controller is not liable for any loss resulting from incorrect data submitted by the data subject.
3. Types and Purpose of Personal Data Processing
3.1. The controller may process the following personal data:
- First and last name
- Email address
- Phone number
- Delivery address
- Payment method ( bank or card- related info where applicable)
3.2. Legal basis for processing includes:
- Consent
- Fulfilment of a contract
- Legal obligation
- Legitimate interest
3.3. Purpose of processing and storage periods:
- Security – up to 5 years ( or as defined by law)
- Order fulfillment – up to 3 years
- Customer service and management – up to 3 years
- Accounting and legal compliance – up to 7 years ( according to law)
- Marketing ( with consent) – until unsubscribed or 2 years from last activity
3.4. The controller may share personal data with third parties such as payment processors ( e.g. Maksekeskus AS ) , courier services, accountants, and authorized data processors. Only data necessary for performing the service will be shared.
3.5. Technical and organizational security measures are in place to protect data against accidental or harmful destruction, loss, or unauthorized access.
4. Rights of the Data Subject
4.1. The data subject has the right to access and review their personal data.
4.2. The data subject has the right to request correction of inaccurate data.
4.3. The data subject has the right to withdraw consent at any time ( if data processing is based on consent).
4.4. To exercise these rights, please contact tarnavska. beauty@ gmail. com .
4.5. If the data subject believes their rights have been violated, they may file a complaint with the Estonian Data Protection Inspectorate .
5. Final Provisions
5.1. This policy is based on the EU General Data Protection Regulation ( GDPR) and Estonian law.
5.2. The controller reserves the right to update this policy by publishing changes on the website: https:// tarnavska. beauty