Privacy policy

1. General

1.1. This Privacy Policy governs the principles of collecting, processing and storage of personal data. Personal data is collected, processed and stored by InToRINGY OÜ as the data controller (hereinafter “Controller”).

1.2. For the purposes of this Privacy Policy, the data subject is a customer or other natural person whose personal data is processed by the Controller.

1.3. For the purposes of this Privacy Policy, a customer or other natural person is anyone who purchases goods or services on the Controller’s website.

1.4. The Controller complies with the data processing principles set out in applicable legislation and the Controller processes personal data lawfully, fairly and securely. The Controller is able to demonstrate that personal data has been processed in accordance with the provisions of applicable legislation.

2. Collection, processing and storage of personal data

2.1. The personal data collected, processed and stored by the Controller is collected electronically, mostly on the website and by e-mail.

2.2. By submitting personal data, the data subject allows the Controller to collect, organize, use and manage his/her personal data directly or indirectly submitted while purchasing goods or services on the website, as long as processing serves the purposes set out in this Privacy Policy.

2.3. The data subject is responsible for the accuracy, correctness and completeness of the personal data submitted by him/her. Knowingly submitting incorrect data is considered a breach of this Privacy Policy. The data subject undertakes to immediately notify the Controller of any changes in the data submitted.

2.4. The Controller is not liable for any damage incurred by the data subject or third parties due to submission of incorrect data.

3. Processing of customers’ personal data

3.1. The Controller may process the following types of the data subject’s personal data:

3.1.1. Given name and surname;

3.1.2. Date of birth;

3.1.3. Phone number;

3.1.4. E-mail address;

3.1.5. Delivery address;

3.1.6. Bank account number;

3.1.7. Payment card details.

3.2. In addition to the above, the Controller is entitled to collect publicly available data on the customer from public registers.

3.3. The legal basis of processing of personal data is Article 6 (1) (a), (b), (c) and/or (f) of the GDPR:

  • (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • (b) the processing of personal data is necessary for the performance of a contract to which the data subject is party, or for the implementation of precontractual measures which take place at the request of the data subject;
  • (c) the processing of personal data is necessary to fulfil a legal obligation to which the Controller is subject;
  • (f) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3.4. Personal data is processed for the following purposes:

  • security and safety;
  • fulfilment of orders;
  • ensuring the operation of the Controller’s online store;
  • customer relations management;
  • financial transactions and accounting; and
  • marketing.

3.5. The Controller may share the customers’ personal data with third parties such as authorized processors, accountants, providers of transport and courier services, providers of payment services. The Controller is the controller of personal data. The Controller shares the personal data needed to make payments with EveryPay AS, a processor.

3.6. The Controller shall apply organizational and technical measures when processing the data subject’s personal data so as to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure or other unlawful processing.

3.7. The Controller stores the personal data of data subjects only for as long as necessary to achieve the purposes described in this Privacy Policy or required by applicable legislation. 

3.8. Most of the personal data of data subjects is stored for the duration of the contractual customer relationship between the data subject and the Controller and 3 years after the end of the contractual customer relationship. Some personal data may be retained after the contractual customer relationship has ended, if applicable legislation so requires or allows. For example, the Controller shall store accounting source documents (e.g. copies of sales contracts and invoices) for 7 years as of the end of the financial year of the transaction, as required by applicable legislation. The Controller shall store certain personal data relating to contracts for 10 years as of the end of the contractual relationship, which is the maximum limitation period in case of intentional breaches.

3.9. When the storage of personal data of data subjects is no longer required by applicable legislation or in view of the rights and obligations of parties, the Controller shall permanently delete the personal data unless the data subject has instructed the Controller otherwise or the parties have concluded an agreement for longer storage of personal data.

4. Data subject’s rights

4.1. The data subject has the right to access his/her personal data.

4.2. The data subject has the right to receive information on the processing of his/her personal data.

4.3. The data subject has the right to supplement, update, amend or correct inaccurate personal data.

4.4. If the Controller is processing the data subject’s personal data on the basis of his/her consent, the data subject has the right to withdraw such consent at any time.

4.5. The data subject has the right to request the restriction of processing of personal data or object to the processing of his/her personal data.

4.6. The data subject has the right to data portability, i.e. the right to receive his/her personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller at his/her discretion.

4.7. To exercise the abovementioned rights, the data subject may contact the Controller’s customer service at the e-mail address  

4.8. The data subject has the right to file a complaint to the data protection authority of his/her location. In Estonia, this authority is the Data Protection Inspectorate. Contact details of the Data Protection Inspectorate are available here:

5. Use of cookies

5.1. The Controller may use cookies on its website in order to improve and enhance the user experience on its website. A cookie is a small text file that the browser automatically stores in the user’s device.

5.2. We use cookies to gather anonymized and aggregated statistics relating to the number of visitors of our website, to collect information on how the website is used and to improve the user-friendliness and functionality of the website. The Controller may also use third-party cookies that are stored in the user’s browser only with the data subject’s consent. The data subject may choose not to allow the use of such cookies. If the data subject does not agree to the use of cookies, he/she may block the use of cookies in the device. This can be done by editing browser settings. If cookies are not allowed, the website may not work properly and certain functions may not be available.

6. Final provisions

6.1. This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the Personal Data Protection Act of the Republic of Estonia and other relevant Estonian and EU legislation.

6.2. The Controller reserves the right to amend this Privacy Policy or parts thereof by notifying data subjects of the amendments on the website.

Our site use cookies