Privacy Policy
PRIVACY POLICY (PROCESSING OF PERSONAL DATA)
Last updated: January 10, 2026
-
Data Controller and Contact
In these privacy terms, we explain how SmartPlusArt (hereinafter “we”) processes personal data on the smartplusart.com website and when making a purchase in the e-shop.
Data Controller: Turundusjuhid OÜ (registration code 12664260)
Address: Tallinn, Estonia
Email: info@smartplusart.com -
What personal data we collect
We may process the following data:
2.1. Account and contact details: name, email, phone, user account data (if you create an account).
2.2. Order data: delivery address, billing information, shopping cart contents, order history, customer communication.
2.3. Payment data: payment method, payment status, and transaction reference number. We generally do not store credit card data; card processing takes place in the payment service provider’s systems.
2.4. Customer support and communication: content of emails and inquiries, call logs (if used), feedback.
2.5. Marketing and analytics: newsletter subscription information and consents, campaign performance, web behavior data (e.g., page views, clicks).
2.6. Technical data: IP address, browser type and language, device identifiers, cookies and similar technologies, logs. -
Purposes and legal basis for processing personal data
We process data only when there is a legal basis for it:
3.1. Performance of a contract (GDPR Art 6(1)(b))
– order acceptance, fulfillment, delivery arrangement, customer account management;
– providing customer support for order-related questions.
3.2. Legal obligation (GDPR Art 6(1)(c))
– accounting and tax requirements, invoices, obligations related to dispute resolution.
3.3. Legitimate interest (GDPR Art 6(1)(f))
– website security, fraud prevention, service quality improvement;
– limited customer communication (e.g., post-order service questions), if reasonably expected.
3.4. Consent (GDPR Art 6(1)(a))
– newsletter and direct marketing by email (if you have given consent for this);
– non-essential cookies (analytics, advertising) according to cookie settings. -
Cookies and similar technologies
We use cookies for the functioning of the website and (with your consent) for analytics and marketing purposes.
4.1. Essential cookies: e-shop cart, session management, security.
4.2. Preferences: remembering language and choices (if applicable).
4.3. Analytics: e.g., Google Analytics (GA4) or similar, to understand traffic and improve service.
4.4. Marketing: e.g., Meta (Facebook/Instagram) Pixel, Google Ads, etc., to measure campaigns and display more relevant ads.
You can manage cookie preferences via the cookie banner and in your browser settings. -
Data recipients and authorized processors
We share personal data only to the extent necessary with the following service providers:
– payment service providers (e.g., Montonio, bank link, card payments) for processing payments;
– delivery and logistics partners (courier/parcel) for order delivery;
– IT and hosting services (web hosting, cloud services), e-shop maintenance and security;
– email and marketing automation services (e.g., Klaviyo/Smaily/Mailchimp), if used;
– analytics and advertising platforms (e.g., Google, Meta), if you have given consent.
With all authorized processors, we conclude data processing agreements or use their standard terms that comply with data protection requirements. -
Data transfer outside the European Economic Area
If we use service providers whose servers are located outside the EEA (e.g., USA), data transfer may occur. In such cases, we use safeguards such as the European Commission’s Standard Contractual Clauses (SCC) and/or other appropriate mechanisms. -
Retention periods
We retain data only for as long as necessary:
– order and contract-related data: generally until claims expire;
– accounting data and invoices: according to the statutory period (usually 7 years);
– marketing consents: until consent is withdrawn or until consent is valid;
– cookies: according to the cookie type and browser settings. -
Security of personal data
We implement reasonable technical and organizational measures to protect data from unauthorized access, alteration, and destruction (e.g., access restrictions, encrypted connection TLS/HTTPS, backups). However, complete internet security cannot be guaranteed. -
Your rights
You have the right to:
– receive information about data processing and request access to your data;
– request correction of inaccurate data;
– request erasure of data (if there is no legal basis for retention);
– restrict data processing;
– object to processing (especially on the basis of legitimate interest);
– withdraw consent (e.g., for newsletters) at any time, without affecting the lawfulness of processing prior to withdrawal;
– request data portability (if applicable).
If you wish, please write to: [data protection email]. We will respond within a reasonable time and no later than the statutory deadline. -
Direct marketing and newsletter
If you subscribe to the newsletter, we will use your email to send marketing messages only with your consent. You can unsubscribe from the newsletter via the unsubscribe link in each email or by writing to us. -
Children’s data
Our service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us. -
Third-party links
The website may contain links to third-party sites. We are not responsible for their privacy policies. We recommend reviewing the terms of each service provider separately. -
Changes to the Privacy Policy
We may update the privacy policy from time to time. The current version is always published on smartplusart.com. We will notify you of significant changes in a reasonable manner (e.g., on the website or by email, if appropriate). -
Complaints
If you believe your rights have been violated, you may file a complaint with the Data Protection Inspectorate (AKI) in Estonia.