- FREE parcel locker delivery within Estonia on orders over 59€.
1. General Provisions
1.1. This Privacy Policy governs the collection, processing, and storage of personal data. Personal data is collected, processed, and stored by the data controller OMILUKABINET OÜ (hereinafter referred to as the data controller).
1.2. For the purposes of this Privacy Policy, the data subject is the customer — any natural person who purchases goods or books services through the data controller’s website.
1.3. When processing personal data, the data controller complies with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, hereinafter GDPR), the Personal Data Protection Act of the Republic of Estonia, and other applicable legislation of the European Union and the Republic of Estonia.
1.4. Contact details of the data controller:
| Company name | OMILUKABINET OÜ |
|---|---|
| Registration number | 16693212 |
| Email address | info@omira.ee |
| Field of activity | Booking of facial procedures and sale of skincare products |
2. Personal Data Collected
2.1. When placing an order in the online store.
When an order is submitted, the following data is collected:
- First name and surname;
- Place of residence;
- Full address (street name and house number);
- Phone number;
- Email address;
- Order content, chosen payment method, and purchase history.
The data controller does not store payment card details. Online payments are processed through the secure payment environment of Montonio, where the data is handled by Montonio Finance OÜ as an independent data controller.
2.2. When booking a service
When booking an appointment for a facial procedure, the following data is collected:
- First name and surname;
- Email address;
- Phone number;
- Selected service, preferred date and time.
The booking process consists of three steps: selecting a date and time, entering contact details, and making payment. Information about skin condition, allergies, or other health matters is not collected through the booking form — this is addressed during a personal consultation with the cosmetologist.
3. Purposes and Legal Bases for Processing Personal Data
The data controller processes personal data for the following purposes:
| Purpose | Legal basis (GDPR) | Retention period |
|---|---|---|
| Processing orders and delivering goods | Performance of a contract | 3 years |
| Managing bookings and sending reminders | Performance of a contract | 3 years |
| Issuing invoices and retaining accounting records | Legal obligation (Accounting Act § 12) | 7 years |
| Transactional emails: order confirmations, invoices, booking reminders | Performance of a contract | 3 years |
| Handling complaints and disputes | Legitimate interest | 3 years from resolution of the dispute |
The data controller does not send marketing emails to customers and does not use personal data for direct marketing purposes without the customer’s prior consent.
4. Sharing Data with Third Parties
4.1. Montonio Finance OÜ – online payments
The data controller uses Montonio’s payment environment to process online payments. When a payment transaction is made, the necessary data is shared with Montonio. Montonio acts as an independent data controller for this data.
Montonio’s Privacy Policy is available at: https://montonio.com/privacy-policy
4.2. Booking system
The data controller uses Amelia booking software to manage service reservations. Booking data (customer name, contact details, selected time) is stored on servers located within the European Union.
4.3. Web hosting
The website and its data are hosted on servers of a hosting provider located within the European Union, in compliance with GDPR requirements.
4.4. Other cases
The data controller does not sell, rent, or share personal data with third parties for marketing purposes. Data may only be disclosed when required by law (e.g., upon request by the tax authority, a court, or the police).
Personal data is not transferred to countries outside the European Union or the European Economic Area, unless a valid safeguard mechanism is in place (e.g., an adequacy decision by the European Commission).
5. Cookies
The data controller’s website uses cookies that are necessary for the proper functioning of the website (e.g., managing the shopping cart and maintaining sessions). Other cookies are only used with the customer’s prior consent.
Cookie settings can be managed in the browser settings. Disabling certain cookies may limit the use of the website.
6. Customer Rights
Under the GDPR, every customer has the following rights:
- Right of access – The customer may request at any time what personal data the data controller holds about them;
- Right to rectification – The customer may request the correction of inaccurate or incorrect data;
- Right to erasure – The customer may request the deletion of their data if there is no lawful basis for retaining it;
- Right to restriction of processing – In certain cases, the customer has the right to request that the use of their data be restricted;
- Right to data portability – The customer may request that their data be provided in a machine-readable format;
- Right to object – The customer may object to the processing of their data where it is based on legitimate interest.
To exercise these rights, please contact us at info@omira.ee. We will respond within a reasonable time and no later than 30 calendar days.
If a customer believes that their personal data is being processed unlawfully, they have the right to lodge a complaint with the Data Protection Inspectorate:
| Address | Väike-Ameerika 19, 10129 Tallinn |
|---|---|
| | info@aki.ee |
| Website | www.aki.ee |
| Phone | +372 627 4135 |
7. Data Security
The data controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss, including:
- Encryption of data transmission using HTTPS/TLS protocol;
- Access restrictions for employees;
- Regular security audits and software updates.
In the event of a personal data breach that may jeopardise the rights and freedoms of a customer, the data controller will notify the Data Protection Inspectorate within 72 hours and, where necessary, inform the customer personally.
8. Changes to the Privacy Policy
The data controller reserves the right to amend this Privacy Policy in part or in full, and will inform customers of any changes via the website. The amended Privacy Policy takes effect upon publication. In the event of significant changes, customers will also be notified by email.
9. Contact
For any questions, requests, or complaints regarding privacy and the handling of personal data, please contact us:
| Company | OMILUKABINET OÜ |
|---|---|
| Registration number | 16693212 |
| | info@omira.ee |
| Response time | Within 30 calendar days |
OMILUKABINET OÜ | Registration number 16693212 | info@omira.ee | Last updated: 25.04.2026
