Privacy policy

Väikekaru OÜ (registry code 17529153, address Loitsu 1-138, 13622 Tallinn, Estonia; hereinafter Data Controller) is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Estonian personal data protection legislation. This Privacy Policy explains what data we collect, why and how we use it, with whom we share it, and what your rights are.

This policy applies to all visitors and customers of the online store beebicuddles.ee. By using our store, you agree to this policy.

1. Personal Data We Collect

We collect data you provide directly to us, as well as data generated through your use of the store:

  • Contact details: name, email address, phone number
  • Delivery details: delivery address, city, postal code, country
  • Order details: products purchased, quantities, prices, order history, payment method (full payment card details are not stored on our servers)
  • Technical data: IP address, browser type and version, device type, visit time and duration, pages viewed, cookies and analytics data
  • Communication data: emails you send us, customer service enquiries and feedback
  • Marketing preferences: whether you have subscribed to our newsletter and which communications you have selected

2. Purposes and Legal Basis for Processing

We process your data only for specific and lawful purposes:

  • Performance of a contract — receiving and processing orders, arranging delivery, issuing invoices and customer service (GDPR Art. 6(1)(b))
  • Legal obligation — accounting and tax records in accordance with Estonian law (GDPR Art. 6(1)(c))
  • Legitimate interest — fraud prevention, store security, improving user experience and collecting statistics (GDPR Art. 6(1)(f))
  • Consent — marketing emails, newsletter and personalised offers, where you have given explicit permission (GDPR Art. 6(1)(a))

3. Sharing Data with Third Parties

We share your data only to the extent strictly necessary to provide our services. Our trusted partners are:

  • Shopify Inc. — e-commerce platform and technical data processor (USA; data protection ensured via Standard Contractual Clauses – SCC)
  • Maksekeskus AS — payment intermediary that processes payments securely. Väikekaru OÜ has no access to customers' bank or payment card details.
  • Omniva, DPD, Itella SmartPOST — for delivery purposes we share name, delivery address and phone number
  • Klaviyo — email marketing platform, if you have subscribed to our newsletter (USA; data protection ensured via SCC)
  • Google LLC — website visit statistics via Google Analytics 4; data is anonymised and contains no personally identifiable information (USA)

We do not sell, rent or disclose your personal data to third parties for any other purpose.

4. Data Retention

We retain personal data only for as long as necessary:

  • Order and invoice data: 7 years in accordance with the Estonian Accounting Act
  • Customer account data: until account deletion or 3 years from the last purchase
  • Marketing consent and communication history: until consent is withdrawn
  • Technical logs and analytics data: up to 26 months (Google Analytics 4 default retention period)

After the retention period expires, data is deleted or anonymised.

5. Cookies

We use cookies to operate the store, collect statistics and improve the user experience. Cookies fall into four categories:

  • Strictly necessary cookies — enable core store functions such as the shopping cart, login and security. These cannot be disabled as the store would not function correctly without them.
  • Analytical cookies — collect anonymous statistics on how visitors use the store (e.g. most popular pages, visit duration). We use Google Analytics 4.
  • Functional cookies — remember your preferences such as language and currency to make your experience more convenient.
  • Marketing cookies — allow us to show you relevant advertisements and measure campaign effectiveness. Applied only with your prior consent.

You can manage cookie settings in your browser. Please note that disabling strictly necessary cookies may affect the functioning of the store.

6. Your Rights

Under GDPR you have the following rights, which you may exercise at any time:

  • Right of access — you may request what personal data we process about you and receive a copy
  • Right to rectification — you may request correction of inaccurate or incomplete data
  • Right to erasure (right to be forgotten) — you may request deletion of data where there is no longer a legal basis for processing
  • Right to restriction of processing — you may request temporary suspension of processing, for example during a dispute
  • Right to data portability — you may receive your data in a structured, machine-readable format and transfer it to another service provider
  • Right to object — you may object to processing based on legitimate interest
  • Right to withdraw consent — you may withdraw your marketing consent at any time, without affecting the lawfulness of processing carried out before withdrawal

To exercise your rights, contact us at: info@beebicuddles.ee. We will respond to your request within 30 days.

7. Unsubscribing from Marketing

If you have subscribed to our newsletter, you may unsubscribe at any time by:

  • Clicking the "Unsubscribe" link at the bottom of any email
  • Sending an unsubscribe request to: info@beebicuddles.ee

Unsubscribing does not affect order-related notifications (e.g. order confirmation, delivery updates).

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. All data transfers are encrypted via SSL/TLS. Access to personal data is restricted to employees and partners who require it to perform their duties.

9. Complaints to the Supervisory Authority

If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (AKI):

  • Website: www.aki.ee
  • Address: Tatari 39, 10134 Tallinn
  • Email: info@aki.ee
  • Phone: +372 627 4135

We recommend contacting us first to resolve the matter directly.

10. International Data Transfers

Your data may be processed outside the European Economic Area (EEA), in particular on Shopify (USA) and Klaviyo (USA) servers. In such cases, we ensure data protection through GDPR-compliant safeguards — primarily the European Commission's approved Standard Contractual Clauses (SCC).

11. Changes to This Policy

Väikekaru OÜ reserves the right to amend this Privacy Policy. In the event of significant changes, we will notify you by email or via a notice on beebicuddles.ee at least 14 days in advance.

Last updated: June 2026