Privacy Policy

This Privacy Policy applies to the website and online shop of Stafit OÜ ( We have assumed the obligation to protect privacy of our customers and users. Therefore, we have prepared these Privacy Policy principles, which cover the collection, use, disclosure, transfer and storage (hereinafter collectively referred to as processing) of the personal data of customers. Personal data are only processed in accordance with the requirements of respective EU legislation and laws of the Republic of Estonia and subject to every precaution to protect the personal data. By using the website, the customer confirms their acceptance of this Privacy Policy.

Processing of personal data

The data controller for the online shop is Stafit OÜ (registry code 10239446), located at Katusepapi str. 20, 11412 Tallinn, Harjumaa, Estonia, phone number +372 621 7016 and e-mail

What personal data are processed

  • First name and surname
  • Personal ID code
  • Phone number
  • Email address
  • Street and/or delivery address
  • Bank account number
  • Cost of goods and services and payment details (purchase history)
  • IP address for electronic channels
  • Customer support details

Why personal data are processed

Personal data are used to manage the customer’s orders and deliver goods.

Purchase history details (date of purchase, goods, quantity, customer’s details) are used for preparing summaries of goods and services purchased and for analyzing customer preferences.

The bank account number is used to reimburse payments to the customer.

Personal data such as email, phone number and the customer’s name are processed to handle any issues relating to the provision of goods and services (customer support).

The IP address or other web identifiers of a user of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.

Legal basis

Personal data are processed for the purpose of performing a contract with the customer.

Personal data are processed for performing legal obligations (such as accounting and the settlement of consumer complaints).

Recipients of personal data

Personal data are transferred to customer support for the online shop for managing purchases and purchase history and for settling any problems that the customers may have.

Personal data necessary for executing payments are transferred to the authorized processor Maksekeskus AS.

The name, phone number and email address are transferred to the transport service provider selected by the customer. If goods are delivered by courier, the customer’s address is also transferred together with the contact details.

Personal data may be transferred to IT service providers if this is necessary for ensuring the functionality of the online shop or for data hosting.

Security and access to data

Personal data are stored in the servers, which are located on the territory of a member state of the European Union or a state of the European Economic Area.

The personal data can be accessed by the staff of the online shop in order to settle technical issues related to the use of the online shop and to provide customer support.

The online shop takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.

Personal data are transferred to data processors (such as the providers of transport and data hosting services) and processed under contracts between the online shop and the processors. Data processors must ensure appropriate safeguards when processing personal data.

Access to and rectification of personal data

Personal data can be accessed and rectified in the user profile of the online shop. If a purchase has been made without a user account, personal data can be accessed through customer support.

Withdrawal of consent

Where personal data are processed on the basis of the customer’s consent, the customer may withdraw their consent by notifying customer support by email (


Personal data are deleted upon the closure of a customer account of the online shop, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.

For online purchases made without a customer account, the purchase history is stored for a term of three years.

In the event of disputes concerning payments and consumer disputes, the personal data are stored until the meeting of the claim or until the end of the limitation period (three years).

Personal data needed for accounting purposes are stored for a term of seven years.


Personal data can be deleted by contacting customer support by email ( Deletion requests are responded to within one month and the period of deletion shall be specified.


Transfer requests made by email are responded to within one month. Customer support shall identify the person and inform them of the personal data to be transferred.

Direct marketing messages

Email address, address and phone number are used for sending direct marketing messages if the customer has given their consent to receiving such messages. If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the email or contact customer service.

Terms and conditions of, and amendments to Privacy Policy. Settlement of disputes

By starting to use our website you confirm that you have read these principles, terms and conditions, and agree with them. We reserve the right to amend the general terms and conditions of this Privacy Policy, if necessary, by notifying all loyal customers thereof, but we make our best effort to ensure that our Privacy Policy is kept updated and available for you on our website. If you have any questions or concerns about the privacy policy or data processing, you are kindly asked to contact us at

Disputes concerning the processing of personal data are settled through customer support (address: Katusepapi str. 20, 11412 Tallinn, Harjumaa, Estonia; phone number: +372 621 7016, email:

The supervisory authority is the Estonian Data Protection Inspectorate ( The Data Protection Inspectorate is a national authority that may be also contacted for advice or assistance in matters concerning protection of personal data.