Privacy Policy

  • 1. Data Controller
    The website [plumastep.com] (the “Site”) is operated by OÜ MAITRADEEU.

    2. Information We Collect
    We collect and process the following types of personal data in order to operate the Site and fulfill your orders:

    • Identity information: name, date of birth (if required), and contact details;

    • Contact details: email address, phone number, billing and shipping address;

    • Payment information: processed securely via payment partners (we do not store full card details);

    • Order history and transaction details;

    • Technical and browsing data: IP address, device type, browser type, visited pages, session duration;

    • Marketing data: preferences, consent to receive marketing communications.

    3. How We Use Your Data
    We process your personal data for the following purposes:

    • To process and fulfil your orders;

    • To communicate with you regarding orders, support, returns, and promotions;

    • To comply with legal obligations, such as accounting, tax, and fraud prevention;

    • To analyse and improve our services, including marketing and user experience;

    • Only with your consent, to send you promotional offers.

    4. Legal Basis for Processing
    We rely on the following legal bases for processing your data:

    • Performance of a contract (processing of your order and delivery);

    • Legitimate interests (fraud prevention, improving services, marketing analysis);

    • Consent (for marketing communications);

    • Compliance with legal obligations (accounting, tax, regulation).

    5. Data Sharing and Transfers
    We may share your information with third-party service providers who assist with the running of the Site, such as:

    • Payment processors: Shopify Payments, PayPal, Stripe;

    • Shipping and fulfilment service providers;

    • Marketing and analytics partners;
      These providers are bound by contractual obligations to safeguard your data and only use it for specified purposes.
      We may also transfer your personal data to recipients located outside the European Economic Area (EEA) in accordance with applicable safeguards.

    6. Data Retention
    We will retain your personal data for as long as necessary to fulfil the purposes described above and comply with applicable laws. Typically, this means retaining:

    • Transaction and billing data: up to 7 years (per Estonian accounting standards);

    • Marketing data: until you withdraw your consent;

    • Other data: as necessary to protect our rights or respond to legal claims.

    7. Your Rights
    You have the right to:

    • Access your personal data;

    • Rectify inaccurate data;

    • Erase your data (in certain circumstances);

    • Restrict or object to processing;

    • Receive your data in a structured, commonly used format;

    • Withdraw your consent for marketing at any time.
      To exercise your rights, please contact us at the email below.

    8. Cookies and Tracking Technologies
    We use cookies and similar technologies to operate the Site, provide personalised content, and analyse usage. You may control cookies through your browser settings. For detailed cookie information, please see our Cookie Policy (if applicable).

    9. Changes to this Policy
    We may update this Privacy Policy from time to time. The “Last updated” date at the top will indicate the most recent revision.
    Your continued use of the Site after changes constitutes your acceptance of the updated policy.