The contoller of personal data of the online store is Unique Beauty Oü (registry code 12007421) located at Katusepapi 4/2-110 Tallinn, Estonia, tel. +372 55979456 and e-mail

What personal data is processed

− name, telephone number and e-mail address;

− address of the goods delivery;

− bank account number;

− cost of goods and services and data related to payments (purchase history);

− customer support details.

For what purpose personal data is processed

Personal data is used to manage customer orders and deliver goods.

Purchase history data (date of purchase, goods, quantity, customer data) is used

to compile an overview of purchased goods and services and analyse customer preferences.

The bank account number is used to return payments to the customer.

Personal information such as email, phone number, customer name is processed in order to settle

issues related to delivery of goods and providing services (customer support).

The IP address of the online store user or other network identifiers are processed by the online

store to provide information society services and for web usage statistics.

Legal basis

Personal data is processed for the purpose of fulfilling the contract concluded with the customer.

The processing of personal data is carried out in order to fulfil a legal obligation (e.g. accounting

and consumer dispute resolution).

Recipients to whom personal data are transmitted

Personal information is passed to the online store customer support to manage purchases and purchase history, and to resolve customer issues.

The name, telephone number and e-mail address will be forwarded to the transport service provider chosen by the customer. In the case of goods delivered by courier, in addition to the contact details, the customer address shall also be provided.

If the online store is accounted for by a service provider, personal data will be transferred to

service provider to carry out accounting operations.

Personal data may be transferred to IT service providers if necessary

to ensure the functionality or data hosting of the online store.

Security and access to data

Personal data is stored on a single server located in a Member State of the European Union or in

in the territory of the countries acceded to the European Economic Area. Data may be

transmitted to countries where:

the level of data protection has been assessed as adequate by the European Commission and by

US companies which joined the Privacy Shield framework.

Access to personal data is provided to employees of the online store who can access personal

data in order to:

solve technical issues related to the use of the online shop and provide customer support service.

The online store shall implement appropriate physical, organisational and information

technology security measures to:

protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorised

use access and disclosure.

Transfer of personal data to authorised processors of the online store (e.g. transport service

provider and data storage) shall take place on the basis of contracts with the online store and with

processors. Authorised processors are required to provide appropriate safeguards when

processing personal data.

Access and rectification of personal data

Personal data can be accessed and rectified in the online store user profile. When the purchase is

made without a user account, personal data can be accessed via the customer support.

Withdrawal of consent

If the processing of personal data is done on the basis of the client’s consent, then the client has

the right to withdraw his / her consent by notifying customer support via email.


Personal data are deleted when a customer account is closed, except for a case when such data

need to be maintained for accounting or to resolve consumer disputes.

If a purchase is made in the online store without a customer account, the purchase history will be

stored for three years. In the case of disputes relating to payments and consumer disputes, the

personal data shall be retained until the claim is fulfilled or the limitation period expires.

The personal data necessary for accounting shall be kept for seven years.


To delete personal data, contact customer support by e-mail. A request for deletion will be

answered no later than in a month and the period for data deletion will be specified.


A request for the transfer of personal data submitted by e-mail shall be answered within a month

at the latest.

Customer support shall identify the identity and inform the personal data to be transferred.

Direct marketing messages

E-mail address and phone number are used to send direct marketing messages if the client has

given their consent. If the customer does not want to receive direct marketing messages, you

must select the e-mail footer for reference or contact customer support.

If personal data are processed for direct marketing purposes (profiling), the customer has the

right both to the initial and subsequent processing of personal data, including to object to

profiling related to direct marketing at any time by notifying the customer support via email

(this information must be provided clearly and separately from any other information).

Dispute settlement

Disputes concerning the processing of personal data are resolved through customer support

(CONTACT DATA). The Supervisory Authority is the Estonian Data Protection Inspectorate


Our company is the controller of personal data, our company transmits the personal data

necessary for the execution of payments to the processor: Maksekeskus AS.