Operated by Clarico OÜ
www.ceecoach-baltic.eu

Last updated: 20 November 2025

This Privacy Policy explains how Clarico OÜ (“we”, “us”, “our”) collects, uses, and protects personal data when you visit or make a purchase at www.ceecoach-baltic.eu.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and other applicable laws.

1. Controller Information

The controller responsible for personal data processing is:

Clarico OÜ
Registration number: 17229439
VAT: EE102855331
Address: Lõuna tn 56, 11617 Tallinn, Estonia
Email: info@clarico.ee

A data subject is any individual whose personal data we process.
A customer is anyone who purchases products from our online store.

We process personal data lawfully, fairly, transparently, and securely.

2. How We Collect and Receive Personal Data

We collect personal data when you:

• browse our website,
• place an order,
• fill in checkout information,
• contact us via email or contact forms.

By submitting personal data, you authorize us to use it for the purposes described in this Privacy Policy.

You are responsible for ensuring that submitted information is correct.
We are not liable for delays or issues caused by incorrect data.

3. Categories of Personal Data We Process

When you place an order, we may process the following data:

• First and last name
• Email address
• Phone number
• Delivery and billing address
• Order details (products purchased, order value, shipping method)
• Communication history related to the order

Important:

We do not collect or process payment card details.
All payments in our store are completed manually via bank transfer, and no card information is requested or stored.

We do not collect personal identification codes, birth dates, or unnecessary sensitive data.

We may also use publicly available information (e.g., business registry data) if necessary for order-related communication.

Legal bases for processing:

• Contract performance (GDPR Art. 6(1)(b))
• Legal obligations (accounting rules) (Art. 6(1)(c))
• Legitimate interests (e.g., fraud prevention, business operations) (Art. 6(1)(f))
• Consent (only for marketing) (Art. 6(1)(a))

4. Purposes of Processing and Retention Periods

4.1 Order processing

To prepare and deliver your order.
Retention: 7 years (required by accounting law).

4.2 Website operation

To operate our e-commerce platform (Shopify), ensure site functionality, security and performance.
Retention: up to 24 months for technical logs.

4.3 Customer support

Responding to questions, handling returns, communication.
Retention: until the customer relationship ends or deletion is requested.

4.4 Accounting and legal obligations

Invoices, financial records, transaction documentation.
Retention: 7 years.

4.5 Marketing (only with consent)

Sending newsletters or offers if the customer has opted in.
Retention: until consent is withdrawn.

5. Sharing Personal Data With Third Parties

We may share personal data with trusted partners only when necessary for service delivery:

• Shopify (our e-commerce platform provider)
• Shipping partners (e.g., Omniva, DPD, local couriers)
• Accounting service providers
• IT service providers supporting our website

We share only the minimum necessary information (for example, delivery address with shipping partners).
We do not share personal data with advertising networks unless explicit consent is given.

We do not use third-party payment processors.
All payments are completed via manual bank transfer.

6. Data Security

We use industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, loss, or disclosure.

These include:

• secure connections (HTTPS),
• restricted access to order data,
• secure storage and technical safeguards provided by Shopify.

7. Data Subject Rights

Under GDPR, you have the right to:

• request access to your personal data,
• correct inaccurate or incomplete data,
• request deletion of data (where legally allowed),
• restrict processing,
• request data portability,
• withdraw consent for marketing,
• submit a complaint to the Estonian Data Protection Inspectorate.

To exercise these rights, contact: info@clarico.ee

8. International Transfers

Shopify may process data on servers located outside the EU.
Safeguards such as Standard Contractual Clauses (SCCs) are applied to ensure compliance with GDPR.

9. Updates to This Policy

We may update this Privacy Policy from time to time.
Updates will always be published on our website: www.ceecoach-baltic.eu