Privacy and Cookies Policy

OÜ Kaabsoo, operator of online shop and contoller and holder of personal data is committed to protect the privacy of its customers and website visitors. Based on this current Privacy and Cookies Policy has been prepared to explain the collection, storage, use, disclosure and transfer of the personal data to third parties. Our online activity conforms with the applicable laws of the Republic of Estonia and all appropriate regulations of European Union.

What Kind of Personal Data is Being Processed

- name and contact details (phone number, e-mail address, postal address) of the person

- delivery address

- bank account number

- purchase history

- data submitted while contacting the customer support

The Purpose of Processing Personal Data uses personal data of the customer to manage and deliver orders.

Purchase history details (e.g. date of the purchase, products ordered, quantity, customer’s data) are used for preparing summaries of products and services purchased and for analysing customer preferences.

The bank account number is used to reimburse payments to the customer.

Personal data such as e-mail address, phone number and the customer's name are processed to handle any issues relating to the provision of products and services (customer support).

Additionally, subject to the specific consent by the customer, collected personal data may be used to send online shop news and special offers to the customer.

The IP address or other web identifiers of a user of the online shop are processed for the provision of the online shop as an information society service and for web use statistics (e.g Google Analytics, Facebook Pixel service).

Legal Grounds

Personal data are processed for the purpose of performing a contract concluded with the customer.

Personal data are processed for performing legal obligations (such as accounting and the settlement of consumer complaints).

Recipients of Personal Data

Personal data are transmitted to the customer support of the online shop for managing purchases and purchase history and for settling any problems that the customers may have.

The name, phone number and e-mail address are transmitted to the transport service provider selected by the customer. When the products are delivered by a courier, the customer’s address is also transmitted along with the contact details.

Customer’s personal data are transmitted also to autohised processors Maksekeskus AS that provides payment solutions to the online shop in case the banking link or debit-/credit card payment service is used, or to PayPal Holdings, Inc in case customer uses PayPal payment solutions to pay for the order. You can find their specific privacy policies on their respective websites.

Personal data is also transmitted to the accounting services provider that provides accounting services to the online shop.

Personal data is also transmitted to Roller Äritarkvara OÜ that provides online shop platform for for online shop management and resolving usage problems.

Personal data may be transmitted to IT service providers if this is necessary for ensuring the functionality of the online shop or for data hosting.


Security and Access to Data

Personal data are stored in the servers of Roller Äritarkvara OÜ which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to the countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the USA who have joined the Privacy Shield framework.

Personal data can be accessed by the staff of the online shop in order to settle technical issues related to the use of the online shop and to provide customer support.

The online shop applies appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.

Personal data are transmitted to the data processors of the online shop (such as the providers of transport and data hosting services) and processed under the contracts concluded between the online shop and the processors. The processors must ensure appropriate safeguards when processing personal data.

Access to and Rectification of Personal Data

Personal data can be accessed and rectified in the user profile of the online shop (My Account page). When a purchase has been made without a user account, personal data can be accessed through customer support.

Withdrawal of Consent

Where personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw his/her consent by notifying customer support by email.


Personal data are erased upon the closure of a customer account of the online shop, unless the storage of the data is necessary for accounting purposes or for the settlement of consumer disputes.

For online purchases made without a customer account, the purchase history is stored for four years.

In the event of disputes concerning payments and consumer disputes, the personal data are stored until the claim is satisfied or until the end of the limitation period.

Personal data needed for accounting purposes are stored for seven years.


For the erasure of the personal data, customer support must be contacted via email.  Requests of erasure are responded to no later than within one month and after identification of the person the period of erasure shall be specified.


Requests to transmit personal data submitted via email are responded to within one month.

Customer support identifies the person and indicates what personal data are to be transmitted.

Direct Marketing Messages

Email address and phone number are used for sending direct marketing messages if the customer has given the respective consent.  If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the email or contact customer service.


Disputes concerning the processing of personal data are settled through customer support info[at] The supervisory authority is the Estonian Data Protection Inspectorate (

Non-Personalised Data and Cookies

In addition to personal data, the online shop may collect non-personalised data for statistical purposes and analysing the navigation in the online shop. For this purpose online shop may use cookies. A cookie is a small text file that a online shop saves on your computer or mobile device when you visit the online shop. This will allow the online shop to remember your actions and preferences (for example, user name, language, font size and other preferences) for a certain period of time. So you do not have to enter them again every time you come back to the online shop or browse through the pages.

Following cookies may be used in online shop:

● Essential / Mandatory Cookies – these cookies are indispensable for navigating in the online shop and using its elements, for example, to access secure sites in the online shop. Without these cookies, your requested services can not be provided. These cookies do not collect visitor identification information.

Performance Cookies – these cookies collect information on how visitors use the online shop, for example, which pages visitors visit most often and whether pages display them error messages. These cookies do not collect visitor identification information. All information collected is aggregated and as such anonymous. These cookies are used only to improve the work of the online shop.

● Functional Cookies – these cookies allow the online shop to remember your choices (such as your user name, language, or region where you are) and provide enhanced and personalised features. Functional cookies can also be used to remember the changes in text size, font type, and other customised elements of the online shop. These may also be used to provide the services you request, such as watching videos or commenting on blog posts. The information collected by the cookies may be anonymous and cookies are not able to track the browsing of other webpages.


Privacy Policy updated: 17/03/2021