This Privacy Policy describes how Hairblend OÜ collects, uses, and protects your personal data when you visit hairblend.eu or contact us. We are committed to handling your data transparently and in full compliance with the General Data Protection Regulation (GDPR).
1. Data Controller
Hairblend OÜ is the data controller for personal data collected through this website. We are registered in Tallinn, Estonia (Registration code: 17069332) and are subject to Estonian and EU data protection law.
2. What Personal Data We Collect
Information You Provide
- Name
- Email address
- Phone number
- Message content submitted via contact forms or messaging channels
Automatically Collected Data
- IP address
- Browser type and version
- Device information
- Pages visited and time spent
- Date and time of visit
- Referring website
3. Purpose and Legal Basis for Processing
We process your personal data for the following purposes:
- Responding to your inquiries and providing our services
- Processing and fulfilling orders
- Improving the website and understanding how it is used
- Complying with legal obligations
The legal basis for processing is either your consent, the performance of a contract, our legitimate interests, or a legal obligation — depending on the specific context. Where required, we will ask for your explicit consent before processing.
4. Cookies
This website uses cookies to support functionality, analyse traffic, and improve user experience. You can manage your cookie preferences at any time through your browser settings or our cookie banner. For full details, please see our Cookie Policy.
5. Data Sharing
We do not sell your personal data to third parties. We may share data with:
- IT and hosting service providers who support our website and operations
- Analytics services (under data processing agreements)
- Legal authorities, if required by law
All third-party providers are selected to ensure an appropriate level of data protection.
6. Data Retention
We retain personal data only for as long as necessary for the purposes it was collected, or as required by law. Contact form inquiries are typically stored for up to 12 months. Analytics data may be retained in aggregated, anonymised form for longer periods.
7. Your Rights Under GDPR
As a data subject, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data where there is no legitimate reason to retain it
- Restriction — request that we limit how we use your data
- Objection — object to processing based on legitimate interests
- Portability — receive your data in a structured, machine-readable format
- Withdraw consent — at any time, where processing is based on consent
You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe your data has been handled unlawfully.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. While no method of transmission over the internet is 100% secure, we take the protection of your data seriously.
9. International Data Transfers
Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to maintain a level of protection equivalent to that within the EEA.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at this address. We encourage you to review it periodically, particularly if you share personal data with us.
11. Contact
For any questions, requests, or concerns regarding your personal data, please contact us directly.