Free delivery over €99 within the EU
Based in Estonia · Shipping across the EU
Carefully selected for kids’ spaces
Privacy Policy
PRIVACY POLICY
This Privacy Policy explains how Cinamel OÜ (“we”, “us”, or the “Service Provider”) collects, uses, stores, and shares personal data when you visit our website, use our services, place an order, or otherwise interact with us through our online store (hereinafter the “Website”). In this document, “you” or “user” refers to any individual whose personal data is processed, including website visitors, customers, and other users of our services.
DATA CONTROLLER
The data controller responsible for processing your personal data is:
Cinamel OÜ
Registry code: 12702807
VAT number: EE102962127
Address: Side 9-82, Pärnu, Estonia
Email: cinameltrade@gmail.com
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our services, business operations, or legal requirements. The most recent version will always be published on our Website along with the date of the latest update.
PERSONAL DATA WE COLLECT
We collect personal data that you voluntarily provide to us. This may include your name, postal address, email address, and phone number. We also collect order-related information such as billing and delivery addresses and order details. If you create a user account, we may process login credentials and other security-related information. In addition, we store communication related to customer support.
We do not store payment details such as card numbers or online banking authentication data ourselves. Payments are processed securely through payment service providers.
When you use the Website, we also automatically collect certain technical and usage data. This may include your IP address, device and browser type, and information about how you use the Website and which pages you visit. These data are collected through cookies and similar technologies.
We may also receive certain data from trusted third parties. These include Shopify Inc., which provides our e-commerce platform; Maksekeskus AS (MakeCommerce), which processes bank link payments; and Shopify Payments and PayPal, when customers use card payments or PayPal. Mobile payment services such as Apple Pay and Google Pay, as well as delivery service providers and, where necessary, marketing or analytics partners, may also process personal data. All third-party data are processed in accordance with applicable data protection laws.
PURPOSES OF PROCESSING PERSONAL DATA
We process personal data primarily to fulfill your order and perform our contractual obligations. Personal data are also used for payment processing through payment service providers, organizing the shipment and delivery of goods, providing customer support, and communicating with you.
In addition, we process personal data to comply with accounting and other legal obligations, to prevent fraud and ensure security, and to improve our Website and services. If you have given your consent, we may also use your data to send marketing communications.
For users located in the European Economic Area, the legal bases for processing personal data are:
-
performance of a contract (GDPR Article 6(1)(b))
-
compliance with legal obligations (GDPR Article 6(1)(c))
-
legitimate interest (GDPR Article 6(1)(f))
-
consent where required (GDPR Article 6(1)(a))
COOKIES AND SIMILAR TECHNOLOGIES
Our Website uses cookies and similar tracking technologies, mainly through Shopify and other integrated service providers, to ensure the proper functioning of the Website, analyze usage, and improve user experience. You can manage cookies through your browser settings or, where applicable, through our cookie consent tool.
More information about Shopify cookies can be found at:
https://shopify.com/legal/cookies
SHARING PERSONAL DATA
We share personal data only when necessary to provide our services or when required by law. Personal data may be shared with Shopify Inc., which provides our e-commerce platform; Maksekeskus AS for processing bank link payments; Shopify Payments for card payments; and PayPal for PayPal transactions.
Personal data may also be shared with banks and financial institutions involved in payment transactions, delivery and logistics providers, IT service providers, and accounting or legal service providers. Where required by law, we may also disclose data to public authorities.
Payment service providers process payment-related personal data according to their own privacy policies. We do not sell personal data.
CHILDREN'S DATA
Our services are not directed to individuals under the age of 16. If we become aware that we have collected personal data from a child without the consent of a parent or guardian, we will delete such data immediately.
DATA SECURITY AND RETENTION
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. Personal data are retained for as long as necessary to fulfill contractual obligations or comply with legal requirements.
For accounting purposes, certain data may be retained for up to 7 years, as required by Estonian law. Where processing is based on your consent, data are retained until consent is withdrawn. Payment-related data are retained by payment service providers according to applicable financial regulations.
YOUR RIGHTS
Under the GDPR, you have the right to:
-
access your personal data
-
request correction of inaccurate data
-
request deletion of your data (“right to be forgotten”)
-
restrict processing of your data
-
object to processing
-
request data portability
You also have the right to withdraw your consent at any time and to lodge a complaint with a supervisory authority.
To exercise your rights, please contact us at:
cinameltrade@gmail.com
COMPLAINTS
If you have questions or complaints regarding your personal data, we encourage you to contact us first. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate:
INTERNATIONAL DATA TRANSFERS
Some of our service providers, including Shopify Inc., may process data outside the European Economic Area. In such cases, appropriate safeguards are applied, such as Standard Contractual Clauses (SCC) approved by the European Commission or adequacy decisions.
Payment service providers process payment-related data in accordance with applicable financial and data protection laws.