Privacy Policy

1. Data Controller

SwimBuy OÜ
Registry code: 17502378
VAT No:
Registered address:
Email: info@swimbuy.ee
For any privacy-related questions, please contact us using the details above.

2. Personal Data We Collect

Depending on how you interact with our website, we may collect the following personal data:

Order Information

When you place an order, we may collect:
- full name
- transaction reference details
- billing address
- delivery address
- email address
- phone number
- ordered products
- order value
- payment method
- shipping method
- transaction reference details
We do not store your full payment card details.

Communication Data

If you contact us via email or contact form, we may collect:
correspondence history
- your name
- email address
- phone number (if provided)
- message content
- correspondence history

Technical Data

When you use our website, certain technical information may be processed automatically for operational and security purposes, such as:
- IP address
- browser type
- device type
- website request logs
- session-related technical data

This data is used only as necessary for website operation, security, and troubleshooting.

3. Why We Process Your Personal Data

We process your personal data for the following purposes:

To Fulfil Orders

Including:
- processing purchases
- arranging payment
- shipping products
- handling returns and refunds
- customer service
Legal basis: performance of a contract

To Comply With Legal Obligations

Including:
- accounting and bookkeeping obligations
- tax compliance
- responding to legal requests
- consumer protection compliance
Legal basis: legal obligation

Customer Communication
Including:
- responding to enquiries
- providing order updates
- resolving support issues
Legal basis: legitimate interest or pre-contractual steps at your request

Website Security & Maintenance
Including:
- fraud prevention
- technical diagnostics
- abuse prevention
- server security
Legal basis: legitimate interest

4. Payment Processing

Payments are processed through payment service providers integrated with our online store platform.
We do not independently process or store full payment card information.
Payment providers may process personal data necessary to complete transactions under their own privacy policies.

5. Shipping and Delivery Partners

To deliver your order, we may share necessary personal data with delivery providers, including:
- Omniva
- DPD
- Smartpost / Itella

Shared data may include:
- name
- phone number
- email address
- delivery address
- parcel information

This processing is necessary to fulfil your order.

6. Service Providers

We may share personal data with trusted service providers who help us operate our business, including:
- website hosting and ecommerce platform providers (such as Voog)
- payment processors
- shipping providers
- IT support providers where necessary

These providers process data only as necessary to provide their services.

7. International Data Transfers

Some service providers may process personal data outside the European Economic Area (EEA).
Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place in accordance with GDPR.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy.
Typical retention periods may include:
- order and accounting records: as required by applicable law
- customer communication: as reasonably necessary for support and legal protection
- technical logs: for operational/security purposes for a limited period

9. Your Rights

Under GDPR, you may have the right to:
- access your personal data
- request correction of inaccurate data
- request deletion of data where legally applicable
- restrict processing
- object to certain processing
- request data portability where applicable
- lodge a complaint with a supervisory authority

To exercise your rights, please contact us.

10. Supervisory Authority

If you believe your personal data has been handled unlawfully, you may contact the Estonian supervisory authority:
Andmekaitse Inspektsioon
Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee
Website: https://www.aki.ee 

11. Data Security

We take reasonable technical and organisational measures to protect personal data against:
- unauthorised access
- loss
- misuse
- disclosure
- alteration

However, no internet transmission or storage system can be guaranteed to be completely secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes.
The latest version will always be published on this website.

13. Contact

SwimBuy OÜ
Email: info@swimbuy.ee
Registered address: