Política de privacidad

Last updated: February 20, 2025

This privacy policy is designed to provide you with a safe and transparent shopping experience while protecting your personal data. Please read this Privacy Policy carefully.

This Privacy Policy describes how MyMara OÜ (the "Site", "we", "us", or "our", "data controller") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from www.mymara.ee (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you", "your", "data subject" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depend on how you interact with our Site and use our Services. When we use the term "personal information," we are referring to information that identifies, relates to, describes, or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

  • Contact details, including your name, address, phone number, and email.
  • Order information, including your name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account information, including your username, password, security questions, and other information used for account security purposes.
  • Customer support information, including the information you choose to include in communications with us, such as messages sent through the Services.
  • Credit card information, required to process payments.
Some features of the Services may require you to provide us with certain information. If you choose not to provide this information, you may not be able to access certain features.

Information We Collect about Your Usage

We may automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include:
  • Device and browser information
  • Information about your network connection
  • IP address
  • Interaction details with the Services

Information We Obtain from Third Parties

We may also obtain information about you from third parties, including vendors and service providers who collect information on our behalf, such as:
  • Companies supporting our Site and Services, such as Shopify.
  • Payment processors, who collect payment information to fulfill orders and provide requested services.
  • Marketing partners, for promotional and advertising purposes (only with your consent).

Legal Bases for Processing (EEA Residents)

We process your personal information based on the following legal grounds:
  • Contractual Necessity (Art. 6(1)(b) GDPR): To provide products and services, including processing payments, fulfilling orders, and shipping products.
  • Legitimate Interest (Art. 6(1)(f) GDPR): For security, fraud prevention, analytics, and improving our Services.
  • Consent (Art. 6(1)(a) GDPR): For marketing, advertising, and non-essential cookies (users must opt in).
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws, such as tax or legal reporting requirements.

Data Retention

We retain personal information only as long as necessary for the purposes stated in this Privacy Policy, including:
  • Order Data: Retained for 7 years for tax and accounting compliance.
  • Marketing Data: Retained until you withdraw consent.
  • Account Data: Retained for the lifetime of your account, unless deleted by request.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve our Site. By default, we only store strictly necessary cookies. Other types of cookies (such as analytics and marketing cookies) require your explicit consent.

You can adjust your cookie settings through our cookie banner or browser settings. More details are available at Shopify's cookie policy.

How We Share Your Personal Information

We share your personal information with:
  • Vendors and service providers
    • Shopify - e-commerce platform provider
    • Maksekeskus AS – payment service provider (credit cards, bank links)
    • Omniva AS, Italla SmartPost, DPD, Venipak, Unisend – delivery service providers
  • Marketing and business partners (only with your consent).
  • Legal authorities, when required to comply with legal obligations.

User-Generated Content

Our Services may allow you to post product reviews and other user-generated content. Any content you submit to public areas of the Services will be considered non-confidential and may be publicly accessible. Please be mindful of the information you share, as we cannot control who will access and use publicly shared information. If you choose to submit user-generated content, you acknowledge that you do so at your own risk.

International Data Transfers

We may transfer your personal information outside the EEA. When doing so, we rely on:
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions for countries ensuring GDPR-equivalent protection.

Your GDPR Rights

If you are a resident of the EEA, you have the following rights:
  • Right to Access – Request access to personal information we hold about you.
  • Right to Delete – Request deletion of your personal information.
  • Right to Correct – Request correction of inaccurate information.
  • Right to Data Portability – Request a copy of your personal information in a portable format.
  • Right to Restriction of Processing – Ask us to limit how we use your data.
  • Right to Withdraw Consent – Withdraw consent for processing based on consent.
You can exercise these rights by contacting us at info@mymara.ee.

Children’s Data

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal data from individuals under this age. If you believe a child has provided us with their data, please contact us for deletion.

Security Measures

We take the security of your personal data seriously and implement industry-standard measures to protect it. These include:
  • Encryption – Data transmission is secured using SSL/TLS encryption to protect sensitive information.
  • Access Controls – Access to personal data is restricted to authorized personnel only, based on the principle of least privilege.
  • Data Minimization – We only collect and store the minimum amount of personal data necessary for the intended purposes.
  • Fraud Detection & Monitoring – We use automated tools to detect and prevent unauthorized access, fraudulent activities, and potential data breaches.
While we take every reasonable precaution to safeguard your information, no online system is completely secure. If you suspect any unauthorized access to your account or personal data, please contact us immediately at info@mymara.ee.

Questions and Disputes

If you have any questions, please contact our customer support: info@mymara.ee

If you believe we have processed your personal data unlawfully, you have the right to file a complaint with the Estonian Data Protection Inspectorate at info@aki.ee.

Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:
✉️ Email: info@mymara.ee
📍Address: Oksa tänav 6, Luige, 75404, Estonia

For the purposes of applicable data protection laws, MyMara is the data controller of your personal information.