Terms of service

Effective from: 02.04.2026

1. Data Controller

The controller of personal data is:

NORDEKS GRUPP OÜ
Registry code: 17447751
VAT number: EE102959826
Address: Sõjakooli tn 12, Kristiine district, Tallinn, Harju County, 11316, Estonia
E-mail: info@nordeks.eu
Phone: +372 57408097

2. What Personal Data We Process

We may process the following personal data:

first and last name
phone number
e-mail address
delivery and billing address
order and payment related data
customer communication data
technical data related to the use of the website
cookie and analytics related data
newsletter subscription data

The GDPR requires that individuals be provided with clear and understandable information about who collects the data, why it is processed, and to whom it may be disclosed.

3. For What Purposes and on What Legal Basis We Process Data

We process personal data for the following purposes:

fulfilling orders and concluding and performing contracts, including payment processing, delivery of goods, and customer communication;
compliance with legal obligations, such as accounting and statutory reporting obligations;
sending newsletters where the individual has given consent;
improving the reliability, security, and usability of the online store;
analytics and marketing, where consent has been given or where processing is permitted under applicable law.

Where processing is based on consent, such as subscribing to the newsletter or the use of certain marketing cookies, consent may be withdrawn at any time. Valid consent must be freely given, specific, informed, and unambiguous.

4. To Whom We Disclose Personal Data

We may disclose personal data only to the extent necessary for the provision of services, to the following persons or categories of recipients:

payment service providers, including Maksekeskus
delivery partners, such as Omniva or other delivery providers
technical platform and hosting service providers of the online store, including Shopify
analytics and advertising service providers, such as Google and Meta
accounting, IT, and customer support service providers
public authorities in justified cases where disclosure of data is required by law.

Data necessary for making payments may be transferred to an authorized payment service provider. Maksekeskus itself states in its data protection terms that it processes personal data for the provision of payment solutions.

5. Cookies

The online store may use cookies and similar technologies in order to:

ensure the technical functioning of the website;
improve user experience;
compile usage statistics;
measure campaign performance;
display more relevant advertising.

If we use analytics or advertising cookies, we will ask for the user’s consent where necessary through a cookie banner or a corresponding preference tool. Shopify recommends reviewing both the privacy settings and the content of the cookie banner in the Customer Privacy settings; materials from the Estonian Data Protection Inspectorate and the EDPB emphasize that consent-based processing must be withdrawable.

6. Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purpose of processing or to comply with obligations arising from legislation.

Data related to orders, invoices, and accounting is retained for the period required by law. Estonian accounting rules generally provide that accounting source documents and other business documents necessary for reconstructing transactions must be retained for seven years from the end of the financial year.

We retain e-mail addresses provided for newsletter subscriptions until consent is withdrawn or the person unsubscribes from the newsletter. The Estonian Data Protection Inspectorate applies the same principle in its own newsletter practice.

7. Rights of the Data Subject

A person has the right to:

receive information about the processing of their personal data;
request access to their data;
request correction of inaccurate data;
request deletion of data or restriction of processing in cases provided by law;
object to processing;
withdraw their consent;
receive their data in a structured format, where applicable;
lodge a complaint with a supervisory authority.

For questions related to personal data, please contact us at info@nordeks.eu.

8. Filing a Complaint

If a person believes that their personal data has been processed unlawfully, they have the right to contact the Estonian Data Protection Inspectorate. The Estonian Data Protection Inspectorate is the supervisory authority in Estonia for matters relating to personal data protection.

9. Transfer of Data Outside the EEA

Some of our service providers may process personal data outside the European Economic Area. In such cases, we apply appropriate safeguards, such as the European Commission’s standard contractual clauses or other mechanisms permitted by law.

10. Amendments to the Privacy Policy

We reserve the right to amend this Privacy Policy where necessary due to changes in legislation, business processes, or the services used. The current version will always be published on the website.