Privacy Policy

The website is an e-commerce platform operated by AS Profline, Reg No 10480935, registered address Veerenni 29, 10135 Tallinn, Estonia.

This Privacy Policy applies when you use our e-store and provide us with your personal data through the platform or other channels, so you should read this text each time you use the e-store to ensure that you agree with its terms.

Principles of personal data processing at AS Profline

AS Profline cares about the privacy of its customers, and these personal data processing principles have been drawn up based on the desire and obligation to protect the privacy of our customers in relation to the collection, use, publication, transfer and storage of their data by us. Our activities are brought into line with the legislation of the European Union and the Republic of Estonia, including the General Data Protection Regulation (GDPR).

AS Profline (Veerenni 29, 10135 Tallinn, Reg No 10480935) is the controller of personal data.

  • AS Profline may authorize other legal entities (authorized processors) to process personal data, provided that an agreement has been concluded with such a processor, according to which the authorized processor is obliged to keep the processed personal data confidential and to ensure the protection of personal data in accordance with the requirements stipulated by law.
  • AS Profline makes the up-to-date list of such legal entities available to the customer upon the customer’s request, submitted in writing to AS Profline, Veerenni 29, 10135 Tallinn or digitally signed to

Which personal data do we process?

  • Name, phone number and e-mail address;
  • Address for delivery of goods;
  • Bank account;
  • Cost of goods and services and data related to payments (purchase history);
  • Data needed for customer support.

For what purpose is personal data processed?

  • Personal data is used to manage customer orders and deliver goods.
  • Purchase history data (purchase date, products, quantity, customer data) is used to compile insights of purchased goods and services and to analyze customer preferences.
  • The bank account number is used to return payments to the customer.
  • Personal data, such as e-mail, phone number and customer’s name, are processed in order to resolve issues related to the provision of goods and services (through customer support).
  • The e-store user’s IP address or other network identifiers are processed for the provision of the e-store service and for web visit statistics.

Legal basis

  • Personal data is processed for the purpose of fulfilling the agreement concluded with the customer.
  • Personal data is processed to fulfill a legal obligation (e.g. accounting and consumer dispute resolution).
  • Data processing takes place with the customer’s consent for the following activities: marketing, being informed about new products and campaigns of customer interest.

Recipients to whom personal data is transferred

  • Personal data is transferred to the customer support of the e-store to manage orders and purchase history and to solve customers’ problems.
  • The name, phone number and e-mail address will be forwarded to the transport service provider selected by the customer. If the goods are delivered by courier, the customer’s address is also forwarded in addition to the contacts.
  • Personal data may be transferred to IT service providers if it is necessary to ensure the functionality of the e-store or data hosting.

Security and access to data

  • Any customer’s personal data is treated as confidential data.
  • The encrypted data communication channel, the SEB E-business payment solution, ensures the security of personal data and bank details.
  • Personal data is stored on the servers of AS Profline and IiTee OÜ, which are located in the territory of the Republic of Estonia.
  • AS Profline employees have access to personal data in order to solve technical issues related to the use of the e-store and provide customer support services.
  • AS Profline e-store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or illegal destruction, loss, modification or unauthorized access and disclosure.
  • Transfer of personal data to authorized employees of the e-store (e.g. transport service provider and data hosting) and processing of personal data is carried out on the basis of agreements concluded between the e-store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.

Viewing and correcting personal data

  • Personal data can be viewed and corrections made in the user profile of the e-store.
  • If the purchase has been made without a user account, you can review your personal data through customer support.

Withdrawal of consent

  • If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by informing customer support by e-mail:

Storage of data

  • Upon closing the customer account of the e-store, personal data is deleted, except if such data needs to be kept for accounting purposes or to resolve consumer disputes.
  • If a purchase is made in the e-store without a customer account, the purchase history is stored for three years.
  • In case of disputes related to payments and other consumer disputes, personal data is stored until the claim is fulfilled or until the expiration date (three years).
  • Personal data necessary for accounting are stored for seven years.

Deletion of data

  • To delete personal data, please contact customer support via e-mail:
  • The deletion request will be replied to within a month, and the period of data deletion will be specified.

Transfer of data

  • The request for data transfer submitted by e-mail will be replied to within a month.
  • Customer support identifies the person and informs about the personal data applicable to the transfer.

Direct marketing messages

  • The e-mail address and phone number are used to send direct marketing messages if the customer has given their consent.
  • If the customer does not wish to receive direct marketing messages, they must select the corresponding reference in the header/footer of the e-mail or contact customer support:
  • If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object to the initial and further processing of their personal data, including profile analysis related to direct marketing, at any time by notifying customer support by e-mail: info The relevant notice must be provided clearly and separately from all other information.

Settlement of disputes

  • Disputes related to the processing of personal data are solved through customer support:; tel. +372 6 729 196.
  • The supervisory authority is the Estonian Data Protection Inspectorate, contact e-mail: