Privacy and Cookies

Legal Basis

The rights and obligations of the parties are regulated by the Law of Obligations Act, the Consumer Protection Act, and the rules of this online store.

Processing of Personal Data

ESFi OÜ is the data controller, and ESFi OÜ forwards the personal data necessary for payment processing to the authorized processor Maksekeskus AS.

What Personal Data is Processed

  • Name, phone number, and email address;
  • Delivery address;
  • Bank account number;
  • Cost of goods and services and payment-related information (purchase history);
  • Customer support data.

Purpose of Processing Personal Data

Personal data is used to manage customer orders and deliver goods. Purchase history data (purchase date, item, quantity, customer details) is used to compile an overview of purchased goods and services and analyze customer preferences. The bank account number is used for refunding payments to the customer. Personal data such as email, phone number, and customer name are processed to resolve issues related to goods and services (customer support). The online store user’s IP address or other network identifiers are processed to provide the online store as an information society service and to create web usage statistics.

Legal Basis

The processing of personal data takes place to fulfill the contract concluded with the customer. The processing of personal data is also carried out to comply with legal obligations (e.g., accounting and consumer dispute resolution).

Recipients to Whom Personal Data is Transferred

Personal data is transferred to the online store’s customer support for managing purchases and purchase history and resolving customer issues. The customer’s name, phone number, and email address are transferred to the selected transport service provider. If goods are delivered by a courier, the customer’s address is also provided along with the contact details. If the online store’s accounting is handled by a service provider, personal data is transferred to the service provider for accounting purposes. Personal data may also be transferred to IT service providers if necessary to ensure the functionality of the online store or data hosting.

Security and Access to Data

Personal data is stored on Zone servers located in a member state of the European Union or a country that has joined the European Economic Area. Data may be transferred to countries whose level of data protection has been deemed adequate by the European Commission, as well as to U.S. companies that have joined the Privacy Shield framework. Access to personal data is granted to online store employees who need it to resolve technical issues related to the use of the online store and to provide customer support services. The online store implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure. The transfer of personal data to authorized processors (e.g., transport service providers and data hosting services) is carried out based on agreements concluded between the online store and the authorized processors. The authorized processors are required to ensure appropriate safeguards when processing personal data.

Access to and Correction of Personal Data

Personal data can be accessed and corrected via customer support.

Withdrawal of Consent

If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent by notifying customer support via email.

Retention

The online store’s purchase history is retained for three years. In case of disputes related to payments and consumer claims, personal data is stored until the claim is fulfilled or the statute of limitations expires. Personal data required for accounting purposes is retained for seven years.

Deletion

To delete personal data, contact customer support via email. A response to the deletion request will be provided no later than one month after submission, along with details about the data deletion period.

Data Portability

A request for data portability submitted via email will be responded to within one month. Customer support will verify identity and inform about the personal data subject to transfer.

Dispute Resolution

Disputes related to personal data processing are resolved through customer support. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).

Our Details:
ESFi OÜ
Reg: 14307430
Harju County, Kuusalu Parish, Saunja Village, Tepi Farm, 74636
hello@elysiumskincare.eu

Cookies

This online store uses cookies. Cookies are text files that the browser saves on your device when visiting a website. Essential cookies are divided into two categories:

  1. Session Cookies

    • These are temporary and disappear immediately after leaving the website or closing the browser.
    • They are used to enable certain website functions.
    • Without these cookies, the requested services cannot be provided or may be disrupted.
    • These cookies do not collect personally identifiable information.

  2. Functional or Persistent Cookies

    • These remain valid for the period specified in the cookie and are not deleted when the browser is closed.
    • These cookies are activated during each visit to the website.
    • They may be used to remember website preferences or collect statistical data.
    • These can only be removed by clearing browser history.

Non-essential cookies, also known as third-party cookies, may collect information about the website visitor and their browsing habits. This data may be used to offer targeted advertising, enhance user experience, and improve website performance.

What Cookies Do We Use?

Our website users are considered to have agreed to cookies if their browser settings allow the use of essential/mandatory cookies. However, if you do not agree to the use of mandatory cookies, you must manually disable them in your browser settings. In this case, several website services and functions may be limited.

When visiting our website (www.elysiumskincare.eu), you will see a notification about cookies, where you can accept or reject third-party (non-essential) cookies.

Our website uses the following third-party cookies:

  • Google Analytics
  • Meta

Independence of Third Parties

Although we have reviewed the privacy policies of third-party providers before involving them, we cannot guarantee that their practices align with ours. Third parties may use website cookies at their discretion. Since we have no control over third-party cookies, ESFi OÜ’s cookie policy does not cover their policies.