+372 5518734
||
Winedo

Privaatsuspoliitika

Viimati uuendatud: 8 April 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

  • Company name:Veinivein OÜ
  • Registry code: 14862449
  • VAT number: EE102213274
  • Address: Pronksi tn 4-33, Kesklinna linnaosa, 10124 Tallinn, Harju maakond, Estonia
  • Email: info@winedo.ee
  • Phone: +372 5518734

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at winedo.ee ("Website"), in accordance with the General Data Protection Regulation (GDPR, (EU) 2016/679) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Order Data

When you place an order through the Website, we collect:

  • Full name
  • Email address
  • Phone number
  • Delivery address
  • Order details (products, quantities, prices)
  • Comments or special instructions (if provided)

2.2 Communication Data

When you contact us via email or the contact form, we collect:

  • Your name and email address
  • Message content
  • Any attachments you send

2.3 Website Usage Data

When you use the Website, we may store the following on your device using localStorage (browser local storage):

  • Age verification status (whether you confirmed you are 18+)
  • Shopping cart contents
  • Cookie consent preferences

This data is stored locally on your device and is not transmitted to our servers unless you place an order.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

  • Performance of a contract (Article 6(1)(b)): Processing necessary to fulfill your purchase agreement — including order processing, communication about your order, delivery, and invoicing.
  • Legal obligation (Article 6(1)(c)): Processing required to comply with Estonian tax and accounting laws (Raamatupidamise seadus), age verification requirements under the Estonian Alcohol Act (Alkoholiseadus), and other applicable legislation.
  • Legitimate interest (Article 6(1)(f)): Processing necessary for our legitimate interests, including improving our services, ensuring website security, and fraud prevention. We conduct balancing tests to ensure these interests do not override your fundamental rights.
  • Consent (Article 6(1)(a)): Where applicable, for marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Purpose of Processing

We process your personal data for the following purposes:

  • Processing and fulfilling your orders, including contacting you to confirm orders and arrange delivery
  • Sending invoices and processing payments
  • Verifying age eligibility for the purchase of alcoholic beverages
  • Responding to your inquiries and providing customer support
  • Complying with legal obligations (tax records, accounting, age verification)
  • Improving our Website, products, and services
  • Preventing fraud and ensuring the security of our Website

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order and accounting data:7 years from the end of the financial year in which the transaction occurred, as required by the Estonian Accounting Act (Raamatupidamise seadus, § 12).
  • Communication data: Up to 2 years after the last communication, unless longer retention is necessary for legal claims.
  • Website usage data (localStorage): Stored on your device until you clear your browser data. Age verification and cookie consent data persist in your browser.

You may request early deletion of non-mandatory data at any time (see Section 8).

6. Data Sharing and Recipients

We do not sell, rent, or trade your personal data. We may share your personal data with the following categories of recipients, only to the extent necessary:

  • Delivery partners: Your name, delivery address, and phone number may be shared with courier or delivery services to fulfill your order.
  • Email service providers: Your email address and order details are processed by our email service provider to send order confirmations and communications.
  • Tax and regulatory authorities: Transaction data as required by Estonian law.
  • Legal advisors and law enforcement: When required by law, court order, or to protect our legal rights.

All third-party data processors are bound by data processing agreements (andmetöötluslepingud) in accordance with Article 28 of the GDPR and process data only on our documented instructions.

7. Cookies and Local Storage

Our Website uses browser local storage (localStorage) for the following essential purposes:

  • Shopping cart: To remember products you have added to your cart during your browsing session and between visits.
  • Age verification: To remember that you have confirmed you are 18 years of age or older, so you are not asked again on each visit.
  • Cookie consent: To remember your acceptance of our cookie/storage notice.

We do not use third-party tracking cookies or analytics services that collect personal data. The localStorage data is stored only on your device and is not transmitted to third parties.

You can clear localStorage at any time through your browser settings (clearing site data). This will reset your cart, age verification, and consent preferences.

8. Your Rights Under GDPR

Under the GDPR (Articles 15–22), you have the following rights regarding your personal data:

  • Right of access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of the data.
  • Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You have the right to request deletion of your personal data, unless retention is required by law (e.g., accounting records).
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21): You have the right to object to the processing of your data based on legitimate interests.
  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before the withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@winedo.ee. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it, in accordance with Article 12(5) of the GDPR.

9. Right to Lodge a Complaint

If you believe that we have violated your data protection rights, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

  • Name: Andmekaitse Inspektsioon
  • Address: Tatari 39, 10134 Tallinn, Estonia
  • Phone: +372 627 4135
  • Email: info@aki.ee
  • Website: www.aki.ee

10. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If any data is transferred outside the EEA (for example, through our email service provider), we ensure that appropriate safeguards are in place, such as:

  • EU adequacy decisions (Article 45 GDPR)
  • Standard Contractual Clauses approved by the European Commission (Article 46(2)(c) GDPR)

You may request information about the specific safeguards in place by contacting us at info@winedo.ee.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or alteration. These measures include:

  • HTTPS/TLS encryption for all data transmitted between your browser and our Website
  • Access controls limiting personal data access to authorized personnel only
  • Secure email communication for order-related data
  • Regular review of security measures

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure.

12. Children's Data

Our Website is intended for persons aged 18 and over. We do not knowingly collect or process personal data from persons under 18 years of age. In accordance with the Estonian Alcohol Act (Alkoholiseadus), it is prohibited to sell alcohol to persons under 18. If we become aware that we have collected data from a person under 18, we will delete such data without undue delay.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. The latest version is always available on this page with the "Last updated" date at the top.

Significant changes affecting your rights will be communicated to existing customers via email. We encourage you to review this Privacy Policy periodically.

14. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us: