Privacy policy

Privacy & Data Protection Policy

JahiKala OÜ – Privacy & Data Protection Policy
Updated: 20 January 2026

1. Data Controller

The controller of personal data processed in the JahiKala.ee online store is:

JahiKala OÜ
Registration code: 17058908
Address: Turu tn 41a, Tartu, Tartumaa 50106, Estonia
Email: info@jahikala.ee
Phone: +372 5885 7020

2. Personal Data We Process

When you use our online store, we may process the following personal data:

• name;
• phone number;
• email address;
• delivery address;
• bank account number (only where needed for refunds);
• purchase and payment details, including order history;
• customer support information, including messages, requests and claims;
• IP address and other network identifiers, such as browser and device information; and
• any additional information you provide voluntarily, such as order notes, special requests or survey responses.

We may also collect certain information automatically through your device, browser, network connection and cookies when you visit our website.

3. Purposes of Processing

We process personal data for the following purposes:

• managing customer orders and delivering goods;
• analysing order history and customer preferences;
• processing invoices and payments, and issuing refunds where applicable;
• providing customer support, including order-related questions and dispute handling;
• sending newsletters and marketing offers where you have provided consent;
• improving website performance and user experience, including analytics and statistics;
• complying with legal obligations, including accounting and consumer dispute procedures; and
• responding to lawful requests from authorities or protecting legal rights in disputes.

4. Legal Basis for Processing

We process personal data on the following legal bases:

• Performance of a contract – for order fulfilment, payments and customer service;
• Legal obligation – for accounting and consumer dispute resolution requirements;
• Legitimate interests – for improving customer experience, analysing purchases and handling disputes; and
• Consent – for newsletters and marketing communications.

5. Sharing and Disclosure of Personal Data

We may share personal data with service providers only to the extent necessary to provide the service, including:

• delivery and logistics providers (e.g. Omniva, Itella, DPD, SmartPost): name, contact details and delivery address;
• payment service providers (e.g. Swedbank, SEB, LHV, PayPal and other payment intermediaries): payment-related data;
• accounting service providers, where necessary: accounting-related information;
• web hosting and IT service providers: technical data required to operate the website; and
• customer support service providers, where support is provided by a third party.

All data processing is carried out via contractual processors who are required to ensure confidentiality and security in accordance with the General Data Protection Regulation (GDPR).

6. Data Retention

We retain personal data for as long as necessary for the purposes described above or as required by law:

• customer account data is deleted after account closure, except where retention is required for accounting or disputes;
• purchase history and payment data is retained for the legally required period of 7 years;
• customer service communications are retained until claim limitation periods expire, up to 3 years; and
• marketing consent data is retained until consent is withdrawn, for example by unsubscribing.

7. Data Security

We apply appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure.

Data is processed only by authorised persons and in compliance with applicable laws and agreements with service providers.

8. Your Rights

You have the right to:

• access your personal data;
• correct inaccurate data;
• request deletion of personal data, where applicable;
• restrict processing;
• object to processing based on legitimate interests;
• request data portability; and
• withdraw consent at any time for consent-based processing, such as marketing emails.

Requests regarding personal data can be submitted via info@jahikala.ee. We respond to deletion requests and other data-related requests no later than within 1 month.

9. Direct Marketing and Newsletters

We send newsletters and marketing offers only where you have given consent, for example when subscribing or through your account settings.

Each marketing email contains an unsubscribe option. You may also withdraw your consent by contacting info@jahikala.ee

10. Cookies

We use cookies to ensure the best user experience, analyse website usage and provide relevant advertising.

You can manage cookie settings through your browser. More information about cookies is available at: jahikala.ee/kupsiste-poliitika

11. Third-Party Services and Links

Our website may contain links to third-party services or embedded solutions, such as social media, analytics or payment systems.

When you use such services, the privacy policy of the relevant provider may apply. We recommend reviewing their privacy terms directly.

12. International Data Transfers (Outside the EU/EEA)

Personal data may be transferred outside the European Union or European Economic Area only where appropriate safeguards are in place, such as:

• European Commission Standard Contractual Clauses (SCCs); or
• other lawful transfer mechanisms permitted under the GDPR.

13. Shopify Platform Specifics

JahiKala online store operates on the Shopify platform. Shopify may process personal data outside the EU/EEA, for example in Canada, the United States or other countries, using recognised data protection mechanisms.

Shopify and other integrated service providers may process personal data, including device information, payment information, order information and analytics data, to enable order fulfilment, payment processing, website functionality and marketing analytics.

Shopify privacy information is available at:
https://privacy.shopify.com/en
Shopify customer privacy policy:
https://www.shopify.com/legal/privacy/customers
Shopify privacy contact: privacy@shopify.com

14. Complaints and Supervisory Authority

If you have questions or complaints regarding data processing, please contact us at info@jahikala.ee.

Supervisory authority:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Email: info@aki.ee