AiShop

Privacy Policy

Last updated: 2026-06-07

This Privacy Policy explains how our online store collects, uses, stores and protects your personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable data protection law.

1. Data controller

The controller of your personal data is:

  • Company: OÜ AIShop
  • Registry code: 1231233
  • Address: Mingi aadress 123, 11314 Tallinn, EE

For any data protection questions you can reach us at the e-mail address shown in the site footer.

2. What data we collect

  • Account & contact data — name, e-mail address, phone number, password hash.
  • Order data — shipping and billing address, purchased products, payment method (we do not store card details — these are handled by the payment provider).
  • Technical data — IP address, device and browser information, cookie identifiers (see Cookie Policy).
  • Communications — customer-support correspondence, feedback, newsletter preferences.

3. Purposes and legal bases

  • Fulfilling orders and concluding the contract — basis: performance of a contract (GDPR Art. 6(1)(b)).
  • Account management and customer support — basis: contract and legitimate interest (Art. 6(1)(b) and (f)).
  • Accounting and statutory obligations — basis: legal obligation (Art. 6(1)(c)).
  • Marketing and newsletter — basis: consent (Art. 6(1)(a)), which you may withdraw at any time.
  • Fraud prevention, statistics and service improvement — basis: legitimate interest (Art. 6(1)(f)).

4. Data retention

We keep personal data only as long as necessary for the purposes above: order and accounting data are retained for the statutory period (accounting source documents for 7 years). Account data is kept while the account is active; consent-based data until you withdraw consent.

5. Data sharing and processors

We share data only to the extent needed to provide the service, for example with: payment providers, couriers and parcel-locker services, IT and cloud providers, e-mail and analytics services. All processors are bound to protect the data and process it only on our instructions.

6. Transfers outside the EU/EEA

Where a provider is located outside the European Economic Area, we ensure the transfer is lawful through appropriate safeguards (e.g. the European Commission's Standard Contractual Clauses).

7. Your rights

Under the GDPR you have the right to:

  • access your data (Art. 15);
  • request rectification (Art. 16);
  • request erasure — the "right to be forgotten" (Art. 17);
  • restrict processing (Art. 18);
  • receive your data in a portable format (Art. 20);
  • object to processing (Art. 21);
  • withdraw consent at any time.

To exercise your rights, contact us at the e-mail address shown in the site footer. We respond within one month at the latest.

8. Lodging a complaint

If you believe we process your data unlawfully, you have the right to contact the Estonian Data Protection Inspectorate (www.aki.ee) or the supervisory authority of your country of residence.

9. Data security

We apply appropriate technical and organisational measures to protect your data, including encrypted connections (SSL/TLS), access controls and regular backups.

10. Changes

We may update this Privacy Policy from time to time. The revised version, with its update date, will be published on this page.