Phone: +372 55 673 165

Email: orders@omanikfactory.com

Privacy Policy

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) governs the processing of personal data of users of the online store MereLinn (hereinafter referred to as the “Website”), located at www.merelinn.com.

1.2. We, Omanik Factory OÜ, as the Data Controller, undertake to comply with the principles of lawfulness, fairness, and transparency in the processing of personal data in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and other applicable laws.

1.3. By using our Website, you confirm that you have read and understood the terms of personal data processing described in this Policy. Certain functions (such as subscribing to newsletters) require separate explicit consent.

2. Data Controller and Contact Information

Data Controller: Omanik Factory OÜ
Registered Address: Kalevipoja põik 10-5, Tallinn 13614, Harjumaa, Estonia.
Email: orders@omanikfactory.com
Phone: +372 55613065

3. What Personal Data We Collect and Process

Depending on how you use our Website, we may collect and process the following categories of data:

3.1. Personal information provided directly by you:

  • Contact details: Name, surname, email, phone number.
  • Account details: Username, password, purchase history.
  • Payment details: Information about the payment method (processed through third-party payment services such as Stripe, PayPal, Montonio, WooPayments, etc.).
  • Delivery details: Address, postal code, city, country.

3.2. Data collected automatically:

  • Technical information: IP address, browser type, device, operating system (the IP address may be anonymized depending on Google Analytics settings).
  • Interaction data with the Website: Pages viewed, time spent, traffic sources.
  • Cookies and similar technologies: See more in the Cookie Policy.

3.3. Data received from third parties:

We may receive data from third-party services, such as:

  • Google services (Google Analytics, Google Tag Manager, etc.) – for analyzing user behavior.
  • Marketing services (Klaviyo, Mailchimp, etc.) – for email marketing campaigns.
  • Payment services (Stripe, PayPal, etc.) – for payment processing.
  • Delivery services (Itella, Omniva, DPD, etc.) – for order fulfillment.

4. Purposes and Legal Grounds for Processing Personal Data

We collect and process users’ personal data only if there are legal grounds as defined by Article 6 of the General Data Protection Regulation (GDPR).

Order Processing and Fulfillment

We process your personal data to fulfill your order, including payment processing and delivery. Data is stored for the period necessary to perform the contract and comply with legal obligations.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).

Analytics and Website Improvement

We use cookies and analytical tools (Google Analytics, GTM) to analyze user behavior and optimize the Website.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).

Marketing Emails and Personalized Advertising

With your consent, we may send you email newsletters (via Klaviyo, Mailchimp) and display personalized advertisements.
Legal basis: User consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time.

Security and Fraud Prevention

We may process technical data (IP addresses, activity logs) to prevent unauthorized access and fraudulent activities.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).

Compliance with Legal Obligations

In some cases, we are required to store and transmit personal data (e.g., payment information) to comply with tax and accounting laws.
Legal basis: Legal obligation (Article 6(1)(c) GDPR).

You can withdraw your consent for marketing data processing at any time by contacting us via the details provided in Section 2 or by using the unsubscribe link in marketing emails.

5. Cookies and Marketing Technologies

Our Website uses cookies and similar technologies to personalize content, analyze traffic, and serve advertisements.

We use the following categories of cookies:

  • Essential cookies – Ensure the operation of the Website (do not require consent).
  • Analytical cookies – Allow us to collect statistical data (e.g., Google Analytics, GTM).
  • Marketing cookies – Used for targeted advertising (e.g., Klaviyo, Facebook Pixel).

You can manage your cookie preferences through the cookie banner settings.

For more details, see our Cookie Policy (link).

6. Who We Share Your Data With

We do not sell or disclose your personal data to third parties, except in the following cases:

  • Payment services: e.g., Stripe, PayPal, Montonio, WooPayments.
  • Delivery services: e.g., Itella, Omniva, DPD.
  • Marketing platforms: e.g., Klaviyo, Mailchimp.
  • Analytics services: e.g., Google Analytics, Google Tag Manager.
  • Government authorities: If required by law.

Some of these companies, such as Google and Facebook, may act as joint data controllers under their advertising and analytics services.

We have signed Data Processing Agreements (DPA) with all third parties processing your data in accordance with GDPR.

7. Data Retention Periods

We retain your personal data only for the period necessary under the General Data Protection Regulation (GDPR) and Estonian national legislation, including the Personal Data Protection Act (Isikuandmete kaitse seadus) and the Accounting Act (Raamatupidamise seadus).

Retention periods by data category:

  • Account data (name, email, phone, order history): Until you delete your account or 5 years from the last activity.
  • Order information (including payment and delivery data): 7 years from the date of the last transaction (in accordance with § 12 of the Estonian Accounting Act).
  • Financial and tax documents (invoices, payment records): 7 years after the end of the corresponding financial year (in accordance with § 99 of the Estonian Taxation Act (Maksukorralduse seadus)).
  • Marketing data (email, newsletter subscriptions, ad preferences): Until consent is withdrawn or 3 years after the last interaction with our marketing communications.
  • Log files and technical records (IP addresses, login data, cookies): Up to 1 year, unless required for security or investigations.

Data Deletion

Once the retention period expires, data is deleted or anonymized, unless required by law.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access – Obtain a copy of your data.
  • Right to rectification – Request correction of inaccurate data.
  • Right to erasure (“right to be forgotten”) – Request deletion of your data.
  • Right to data portability – Receive your data in a machine-readable format.
  • Right to restrict processing – Limit data processing in specific cases.
  • Right to object – Prohibit the processing of your data on lawful grounds.
  • Right to withdraw consent – If processing is based on consent, you can revoke it at any time.

How to Exercise Your Rights?

To exercise your rights, please contact us at:
Email: orders@omanikfactory.com

Right to File a Complaint

If you believe that the processing of your personal data violates GDPR, you have the right to file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

Address: Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: https://www.aki.ee/en

Additionally, you can file a complaint with the data protection authority in the EU country where you reside. A list of European DPAs is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

You also have the right to take legal action if you believe your rights have been violated.

9. Data Protection

We take measures to protect your personal data from unauthorized access, loss, alteration, and disclosure. Specifically, we implement the following security measures:

  • Data encryption – All data is transmitted through secure connections (HTTPS, SSL/TLS).
  • Access control and authentication – Access to data is restricted and granted only to authorized personnel.
  • Regular security audits – We conduct audits and security testing.
  • Storage in protected environments – Data is stored on servers with restricted access and protection against attacks.

However, despite all the security measures we implement, no system can guarantee 100% data security. We recommend that you:

✔ Use strong passwords and do not share them with third parties.
 ✔ Update your accounts and change passwords if you suspect a data breach.
 ✔ Avoid sharing personal data over unsecured networks.

In the event of a data breach, we commit to notifying the relevant supervisory authorities and affected users within 72 hours, as required by Article 33 of the GDPR.

10. Changes to the Policy

We may update this Policy if there are changes in legislation or our services. The latest version will always be available on the Website.

Last updated: 25.04.2025

Youtube
Login
Register
[xoo_el_inline_form pattern="separate" navstyle="disable" forms="login"]
[xoo_el_inline_form pattern="separate" navstyle="disable" forms="register" active="register"]
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.