Privacy Policy: Lami Super Booster

Effective Date: January 2, 2026 (Updated)

1. General Provisions

1.1. This Privacy Policy regulates the principles of collection, processing, and storage of personal data. The personal data is collected and stored by the data controller Paradiisi Ilu OÜ (hereinafter referred to as the “Controller”), registry code 14453531, address Tööstuse 99-8, 10416, Tallinn, Estonia.

1.2. The Controller is committed to protecting the privacy of customers and users (the “Data Subject”). All processing is carried out in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR) and the Estonian Personal Data Protection Act.

1.3. The Controller observes the principles of data minimization and purpose limitation, ensuring that personal data is processed lawfully, fairly, and in a transparent manner.

2. Categories of Personal Data Processed

2.1. Identity Data: First name, surname. 2.2. Contact Data: Email address, telephone number, delivery address. 2.3. Payment Data: Billing address, bank account number, and payment method details. 2.4. Technical Data: IP address, login data, browser type and version, time zone setting, operating system, and platform. 2.5. Purchase Data: Details about products purchased, transaction history, and interactions with the e-Store. 2.6. Communication Data: Records of inquiries made via email, social media, or contact forms.

3. Legal Grounds for Processing

3.1. Performance of a Contract (GDPR Art 6(1)(b)): Processing is necessary to fulfill your order, manage logistics, and provide customer support. 3.2. Legal Obligation (GDPR Art 6(1)(c)): Processing is required for accounting, tax compliance, and responding to legal requests. 3.3. Consent (GDPR Art 6(1)(a)): Processing for newsletter subscriptions, personalized marketing, and certain types of cookies. Consent can be withdrawn at any time. 3.4. Legitimate Interest (GDPR Art 6(1)(f)): For security monitoring, fraud prevention, and analyzing website performance to improve the user experience.

4. Purposes of Data Processing

4.1. Order Fulfillment: To manage the purchase process, verify payments, and deliver Goods to the physical location specified by the Purchaser. 4.2. Customer Relationship Management: To notify customers of order status, provide technical support for professional products, and resolve potential disputes. 4.3. Direct Marketing: To send promotional emails regarding new Lami Super Booster products and special offers (only with explicit opt-in). 4.4. Security and Maintenance: To protect the website against cyber threats and ensure the technical functionality of the e-Store. 4.5. Financial Records: To maintain accounting documents for 7 years as required by the Estonian Accounting Act.

5. Disclosure and Transfer of Data to Third Parties

5.1. The Controller forwards personal data to authorized third-party processors only to the extent necessary for providing the services:

  • Payment Gateways: EveryPay AS and PayPal (Europe) S.à r.l. et Cie, S.C.A.

  • Logistics Partners: Itella Estonia OÜ, Aktsiaselts Eesti Post (Omniva), Unisend Eesti OÜ, DPD Eesti AS.

  • Global Logistics: MBE (Mail Boxes Etc.) and their partner carriers (e.g., FedEx, DHL, UPS) for international deliveries.

  • Marketing & IT: Google (Analytics/Tags), Meta (Facebook Pixel), and Klaviyo for email communication.

  • Accounting: Authorized accounting service providers. 5.2. All third-party processors are bound by contract to implement technical and organizational measures to ensure a high level of data protection.

6. Data Retention Periods

6.1. Personal data is stored for as long as necessary to achieve the purposes for which it was collected:

  • Accounting Documents: 7 years from the end of the financial year.

  • Purchase History: Up to 10 years to resolve potential legal disputes and manage warranty claims.

  • Marketing Data: Until the withdrawal of consent by the Data Subject. 6.2. Once the retention period expires, the data is permanently deleted or anonymized.

7. Security of Personal Data

7.1. The Controller implements industry-standard security measures, including SSL encryption and secure servers, to protect personal data from unauthorized access or accidental loss. 7.2. Access to personal data is restricted to employees and partners who have a “need-to-know” basis to fulfill their contractual duties.

8. Rights of the Data Subject

8.1. Under the GDPR, you have the following rights:

  • Right of Access: To request a report on what data we hold about you.

  • Right to Rectification: To update or correct inaccurate data.

  • Right to Erasure: To request the deletion of your data (subject to legal retention requirements).

  • Right to Restriction: To limit the processing of your data in specific scenarios.

  • Right to Object: To object to processing based on legitimate interest or for direct marketing. 8.2. To exercise these rights, please contact info@lamisuperbooster.com. We will respond to your request within 30 days.

9. Final Provisions and Complaints

9.1. The Controller has the right to amend this Privacy Policy. Any changes will be posted on this page. 9.2. If you believe your data is not being handled correctly, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at info@aki.ee or www.aki.ee.

Supplied by Cookiebot

Cookie Declaration