Skip to content
GAVORI
GAVORI

[email protected]

Privacy Policy

Last updated: February 2026

1. Data Controller

HR Electronics OÜ, Registry code: 14412321, PΓ€rnu maakond, Saarde vald, Tihemetsa alevik, Asuvere tee 7-4, 86201, Estonia. Email: [email protected]

2. Data We Collect

2.1 Account and Order Data

Name, email address, phone number, shipping address, and billing address provided during checkout or account registration.

2.2 Transaction Data

Order history, payment references, shipping addresses, delivery tracking information, and invoices.

2.3 Technical Data

IP address, browser type and version, device information, pages visited, and timestamps. Collected automatically when you use our website.

3. Legal Basis for Processing

  • Art. 6(1)(b) GDPR β€” Contract performance: processing necessary to fulfil your orders and provide our services.
  • Art. 6(1)(c) GDPR β€” Legal obligation: processing required by tax and accounting legislation.
  • Art. 6(1)(f) GDPR β€” Legitimate interest: fraud prevention and security of our platform.
  • Art. 6(1)(a) GDPR β€” Consent: where applicable, for specific processing activities such as marketing communications.

4. Purpose of Processing

  • Order processing, production, and fulfilment
  • Payment processing and invoicing
  • Customer communications related to orders
  • Compliance with tax and accounting obligations
  • Fraud prevention and platform security
  • Website performance improvement

5. Data Recipients

We share your data only with the following service providers, as necessary to operate our business:

  • PayPal (PayPal (Europe) S.Γ  r.l., Luxembourg) β€” Payment processing. Data processed under PayPal's privacy policy.
  • SEB Bank (Estonia) β€” SEPA payment processing
  • Print-on-demand production partner (EU & UK-based) β€” Order fulfilment. Only shipping name and address are shared.
  • Brevo (Sendinblue SAS, France) β€” Transactional email delivery. Data processed within the EU/EEA.
  • Hetzner (Germany) β€” Website hosting and infrastructure

We do not sell or rent your personal data to third parties.

Where required under GDPR Article 28, we have entered into Data Processing Agreements (DPAs) with our service providers to ensure your data is handled in compliance with applicable data protection law.

6. Data Retention

  • Order and invoice data: 7 years (Estonian Accounting Act)
  • Account data: Duration of account plus 3 years
  • Guest checkout data: 3 years from order date
  • Technical logs: 90 days

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15) β€” obtain a copy of your personal data
  • Right to rectification (Art. 16) β€” correct inaccurate data
  • Right to erasure (Art. 17) β€” request deletion of your data
  • Right to restriction (Art. 18) β€” limit how we process your data
  • Right to data portability (Art. 20) β€” receive your data in a structured format
  • Right to object (Art. 21) β€” object to processing based on legitimate interest
  • Right to withdraw consent β€” where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Authority:

Andmekaitse Inspektsioon, Tatari 39, 10134 Tallinn, Estonia. Email: [email protected], Website: www.aki.ee

8. Cookies

We use essential cookies only:

  • store_cart_id β€” HTTP-only cart session cookie, 7-day expiry
  • Locale preference β€” Stores your language selection
  • PayPal SDK cookies β€” Required for PayPal payment processing (set by PayPal when the payment form is loaded)

We do not use tracking, advertising, or third-party analytics cookies. Essential cookies do not require consent under the ePrivacy Directive as they are strictly necessary for the service.

9. International Transfers

Your data is primarily processed within the EU/EEA. PayPal may transfer data to the United States under appropriate safeguards (Standard Contractual Clauses). All other processing occurs within the EU/EEA.

10. Security

We protect your data through the following measures:

  • TLS/HTTPS encryption for all data in transit
  • Access controls and authentication
  • Regular software and security updates
  • EU/EEA infrastructure (Hetzner, Germany)

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available on this page.

12. Contact

HR Electronics OÜ
Email: [email protected]

Privacy Policy | GAVORI