The entity responsible for processing personal data is Metsalugu OÜ (registry code 16064462, postal address Mai 9a, 11621 Tallinn, Estonia, phone +372 5086 261, email

What types of personal data is collected, saved and used (processed)?

  • Client’s name, address, phone number and email;
  • delivery address;
  • payment info (name, bank, banking account number, payment details, reference number etc);
  • order contents, amount and payment data, plus all communication in regards to the order (order history);
  • user or visitor’s IP address and other (web)identifiers collected through cookies.

What is the purpose of personal data collection and retention and what is it used (processed) for? 

  • Personal data is first and foremost needed for processing and delivering orders, but also to fulfill our accounting obligations.
  • Order history (date, goods, quantities, cost, customer data) is used for drawing up overviews and sales statistics, in order to analyze purchasing behavior, preferences etc of consumers.
  • Payment info will also be used for refunds.
  • Customer’s contact details, including name, email address and phone number, will be processed to settle issues with orders or goods.
  • Customer’s contact details, including name, email address and phone number, may also be used to send out newsletters and direct marketing messages.
  • Data collected through cookies will be used for drawing up webshop user statistics and for targeted advertising.

On which legal grounds are we processing personal data?

  • Personal data is first and foremost processed to fulfill our contract with the customer (General Data Protection Regulation, hereinafter the General Regulation, article 6.1.b).
  • We also process personal data to fulfill our legislative obligations, e.g. accounting, resolving disputes (General Regulation, article 6.1.c).
  • Personal data is processed on grounds of legitimate interest (General Regulation, article 6.1.f) in order to develop products and enhance user experience, as well as preventing fraud and ensuring information security.
  • With agreement of the client, data is also processed for product advertising and marketing, including sending out direct marketing messages and newsletters (General Regulation, article 6.1.a).

Who do we share personal data with?

  • Metsalugu OÜ is responsible of processing personal data.
  • In order to fulfill our contract with the client we transfer personal data to our business partners, including:
    • For delivery purposes we transfer client’s contact details (name, phone number, email address, postal address) to a transportation service provider chosen by the client.
    • If needed we may transfer data to a legal services provider.
  • Personal data may be transferred to our business partners to fulfill our legislative obligations or exercise our rights, including:
    • to fulfill our accounting obligations we transfer personal data to relevant service provider(s).
  • Third persons to whom we transfer personal data to, may use and process that data only for the purposes noted in our privacy policy, and are obligated to ensure that relevant security measurements are used when processing personal data.

Marketing and advertising, including newsletters and direct marketing messages 

  • Email address and phone number are used for marketing and advertising, including sending out newsletters and direct marketing messages, if the client has given consent to do so.
  • The client is entitled to withdraw the agreement at any given time, by clicking on a relevant link at the bottom of an email or by informing us at (the message should be a clear statement that is separate from any other information).

How do we use cookies?

  • On grounds of legitimate interest we use cookies on our webpage. A cookie is a small text file that is saved on the visitor’s computer or mobile device. Cookies provide us with statistical data, that help us analyze visitor behavior, and use that information to improve user experience and for marketing purposes. For example cookies enable us to save user’s IP address, that afterwards allows us to introduce our services and offers to the user through Google and Facebook.
  • We use the following cookies on our webpage:
  • Google Analytics, i. e analytical cookie, that we use to collect analytical data about webpage visitors. We may also use that data to target ads on Google.
  • Facebook Pixel, i. e cookie for targeting ads and monitoring results on Facebook.
  • Polylang, i.e cookie, which we use to remember the language selected by the user
  • Sumo, i.e cookie, which we use to send newsletters to users
  • WooCommerce, i.e cookie, which saves the products selected by the user to the shopping cart
  • Used to memorize whether JavaScript is enabled on visitor’s browser. JavaScript code is used to create interactive functionality for the webpage. Used to memorize whether user has agreed with the cookies policy or if respective information should be shown.
  • We use both session and permanent cookies on our webpage. Session cookies will be deleted automatically after each visit, permanent cookies are stored for up to 2 years.
  • You can limit or ban the storage of cookies on your device and you can also delete all previously stored cookies. In order to do that you will need to change the privacy settings on your web browser.


  • We keep personal data on digitally and physically secure servers that are located on the grounds of a Member State of the European Union or a State that has joined the European Economic Area.
  • Personal data is accessible only to our staff and employees of our business partners, who need that data for fulfilling their duties stated in our privacy policy, and who are obligated to follow legislations governing the protection of personal data and our privacy policy when processing personal data.

Retention of personal data

  • We generally keep personal data for one year.
  • In case of a dispute we keep personal data up to a year after the dispute has been solved or the limitation period has ended.
  • Personal data needed for accounting is kept for seven years.

Questions, requests, disputes and complaints

  • Please contact us via email, if you wish to:
    • see the personal data we’ve collected about you;
    • change or complement your personal data;
    • delete your personal data or restrict the processing or transfer of data;
    • object to the processing of personal data; or
    • if you need any additional information about personal data processing.
  • We are doing everything we can to comply with all the requirements and not pose any harm to your rights, but if you believe we have done something unlawful or have violated your rights, please contact us ( or +372 5086 261) and we will try to come up with a solution together.
  • The lawfulness of personal data processing is monitored by Estonian Data Protection Inspectorate (, to whom you have the right to file a complaint if you think your rights have been violated.

In case the privacy policy is modified the amendments will enter into force once the new version is published on our webpage.