Privacy policy

The controller of the Garlumami online store www.garlumami.com is Starmaker OÜ (registry code 10412838), located at Vanaturu kael 12, Tallinn, Estonia, telephone +372 565 5981 and e-mail info@garlumami.com. 

Starmaker OÜ is committed to protecting the privacy of its customers and users. For this purpose, we have developed this Privacy Policy, which describes the principles of collecting, using, disclosing, transferring, and storing customer data.

Our online store operates in compliance with all applicable laws and regulations of the Republic of Estonia, including the requirements of the European Union General Data Protection Regulation (GDPR).

Purpose of personal data processing

We process personal data in order to manage and fulfil your orders and to ensure the delivery of goods.

What personal data do we process

We collect and process the following personal data:

– name, phone number and e-mail address; 

– delivery address; 

– bank account number; 

– cost of goods and services and payment-related data (e.g. purchase history); 

– customer support data; 

– IP address. 

We use purchase history data (e.g. date, product, quantity, delivery address) to analyse purchased goods and services and to resolve any issues or disputes that may arise. 

We use your bank account number to refund payments if necessary. 

We use your first and last name, e-mail address, phone number and contact address to provide services, including courier services. 

We process your IP address or other network identifiers in our online store for the purpose of providing information society services and compiling web usage statistics.

Other information that you have voluntarily shared with us by providing feedback.

Legal basis 

We process your personal data on four legal bases:

  1. To fulfil contractual obligations and process data necessary for the provision of services. 
  2. To fulfil legal obligations, including obligations arising from accounting or tax laws or decisions made by public authorities. 
  3. Based on legitimate interest, provided that such processing does not override your interests or fundamental rights and freedoms, including the preparation and submission of legal claims in the event of a contractual breach.
  4. Based on your consent, if you have given us your explicit consent for a specific purpose and scope, such as sending direct mail and newsletters. You have the right to withdraw your consent at any time. 

Recipients of personal data 

We may transfer your personal data to the online store’s customer support service for the managing purchase history and resolving customer issues, if customer support is provided by a third party. 

We transfer your name, phone number and address to the transport service provider in order to ensure the delivery of goods. We may disclose your personal data to public authorities (police, courts) in cases required by law in connection with the enforcement of public authority decisions.

Security and access to data 

Your personal data is stored on Zone servers located within the territory of European Union Member States or European Economic Area countries. 

We do not transfer your data outside the European Economic Area.

Data retention 

Your personal data will be deleted when you close your online store customer account, except for personal data (e.g. purchase history) that is necessary for accounting purposes or for resolving legal disputes. 

We will retain personal data related to your payments and/or disputes until the claim has been resolved or the statutory limitation period has expired. We retain personal data contained in original accounting documents for 7 years. 

We retain details related to your contract for 3 years a after the termination or expiry of the contract in order to protect our rights or to establish or defend legal claims.

We retain e-mail correspondence and customer inquiries for up to 6 months from the date of the inquiry.

Your rights regarding your personal data

  1. Right of access

You can access your personal data via your online store user account or through customer support. If you placed an order without a user account, you can access your data through customer support.

  1. Right to rectification and restriction of processing

If your data is inaccurate, incomplete, or has been processed unlawfully, you have the right to request the rectification of your personal data or the restriction of its processing.

  1. Right to erasure 

To request the erasure of personal data, you must submit a request to customer support by e-mail. We will respond to your request within one month and specify the deadline for data deletion. In our response, we will also indicate any data that we are legally required to retain and the reason for such retention.

  1. Right to object

You have the right to object to the processing of your personal data if you believe that there is no lawful basis for such processing.

  1. Right to withdraw consent 

If your personal data is processed based on your consent, you have the right to withdraw your consent at any time by adjusting your user account settings or by notifying customer support by e-mail.

  1. Right to data portability 

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another company, provided that the technical means for such transfer exist.

  1. Right to be informed of data breaches 

You have the right to be notified in the event of a personal data breach that may significantly affect your rights and freedoms.

Dispute resolution 

You have the right to request additional clarifications from customer support regarding the processing of your personal data and, if necessary, to submit a follow-up inquiry to info@garlumami.com.

You have the right to lodge a complaint with the Data Protection Inspectorate or to seek legal protection of your rights in court. The supervisory authority is the Estonian Data Protection Inspectorate – Tatari 39, Tallinn 10134, e-mail info@aki.ee, www.aki.ee 

Personal data protection

We use SSL certificates on our website www.garlumami.com to ensure the security of your user data. We take precautions to protect your personal data. We apply technical and organizational security measures, including physical and technical access control to premises and equipment; a centralized user authentication solution and password policy; password-protected screen lock; VPN connection between systems; encryption of sensitive documents; logs of authentication activities and file operations. All company employees are required to follow internal rules and data processing procedures, including rules for the use of computers and devices.

Website privacy policy

The website www.garlumami.com uses cookies. 

A cookie is a small text file that websites send and store on a user’s computer when they visit the website. Cookies are stored in the user’s web browser file directory. If the user has visited the website before, the web browser reads the cookie and transmits the corresponding information to the web page or object that originally stored the cookie. For more information about cookies, visit http://www.aki.ee/et/kupsised. 

Cookies enable us to track website usage statistics, headline popularity and other activities on the website. The information obtained from cookies is used to improve the usability and content of the website.

A cookie file contains information that is used to improve the user experience for visitors to a particular website. Cookies are used to collect information and statistical data in order to provide customers with relevant and interesting content and to store visit history to ensure a more convenient and secure user experience.

The types of cookies used are as follows:

Persistent cookies are essential for navigating the website and using its features. Without persistent cookies, the user would not be able to use all of the website’s features.

Session cookies allow the website to remember the user’s previous choices (e.g. username, language selection, etc.) and thus provide more efficient and personalised features. 

Tracking cookies collect data on user behaviour on the website. The information collected by tracking cookies helps improve user comfort on the website.

Advertising cookies collect data about the user’s web browsing habits, which enables the display of advertising content tailored to the user’s preferences. These cookies also allow us to measure the effectiveness of advertising campaigns.

Users have the right to refuse to allow cookies to be stored on their computers. To do so, the user must change their browser settings. Different browsers use different methods for disabling cookies. More detailed information is available at http://www.aki.ee/et/kupsised.

If cookies are blocked, the user must be aware that some website functions may no longer be available or may not work properly.

Transfer of personal data via cookies

Personal data may be transferred to third parties only to the extent necessary for the provision of services, such as the delivery of goods.

We also use partial data transfer via cookies. We do not transfer your name, email address or telephone number. Data is transferred using the IP address. This information is used by our service providers (such as Google Analytics, Facebook Pixel, Hotjar) to analyse website usage and to improve user experience and marketing activities.