Privacy Policy

Updated: 14.01.2026

1. Data Controller and Legal Basis
  1. Controller: The data controller for the TerraSecure online store is Terra Secure OÜ (registration code 17235472, address: Linnamäe tee 49-53, 13911 Tallinn, Estonia, e-mail: info@terrasecure.eu).
  2. Legal Basis: Data processing is carried out in strict compliance with the EU General Data Protection Regulation (GDPR). The legal bases for processing are: performance of a contract (order processing), legal obligations (accounting), legitimate interest of the company, and user consent.
  3. Age Restrictions: We do not intentionally collect personal data from individuals under 18 years of age. By using the site, you confirm that you are of legal age.
2. What data we collect and why
  1. Data for order fulfillment: First name, last name, phone number, email address, delivery address (or selected parcel locker). This data is necessary to conclude the contract, manage orders, and deliver the goods.
  2. Payment data: Cost of goods and payment-related data. Terra Secure OÜ is the data controller, but we transfer the personal data necessary for executing payments to our authorized payment partners (e.g., Stripe, PayPal).
  3. Support data: Email correspondence history to resolve issues related to delivery or product quality.
3. Data Transfer and Security
  1. Logistics: Name, phone number, and address are transferred to transport service providers (Omniva, Smartpost, DPD, Venipak, Unisend) to deliver the goods.
  2. Accounting and IT: Data may be transferred to accounting and IT service providers (server hosting) to ensure the operation of the online store.
  3. Cross-border transfer: Personal data is stored on servers located within the European Union (EU) or the European Economic Area (EEA). If data is transferred outside the EU/EEA, we ensure that appropriate legal safeguards are in place (e.g., EU Standard Contractual Clauses — SCCs).
  4. Security measures: We apply appropriate physical, organizational, and IT security measures (including encrypted SSL communication channels) to protect your data from accidental or unlawful destruction, loss, alteration, or unauthorized access.
4. Data Retention Periods
  1. Registered and unregistered customers: Upon closing a customer account, personal data is deleted. If a purchase was made without creating an account (as a guest), the purchase history is kept for 3 years (the statute of limitations for consumer disputes).
  2. Dispute situations: In the event of disputes related to payments or product quality, data is stored until the claim is satisfied or the statute of limitations expires.
  3. Accounting: In accordance with tax and accounting legislation, personal data contained in primary accounting documents (invoices) is stored for 7 years.
5. Use of Cookies
  1. Our online store uses cookies. We divide them into the following categories:
    • Strictly Necessary (Technical): Ensure the execution of basic site functions (navigation, access to the cart and secure areas). Without them, the site cannot function properly.
    • Analytical (Statistical): Help us understand how visitors interact with the site by anonymously collecting traffic information.
    • Marketing: Used to track visitors to provide relevant advertising on other platforms.
  2. Analytical and marketing cookies are used only with your prior consent. You can manage cookie settings or block them in your browser settings, but disabling strictly necessary cookies will cause the checkout process to malfunction.
6. Data Subject Rights
  1. Access and rectification: You have the right to access your personal data and request its correction by contacting us via email. When requesting personal data, the Seller has the right to verify the applicant's identity in advance (identification).
  2. Erasure ("right to be forgotten"): You can request the deletion of your data if it is no longer required for the purposes for which it was collected (and does not fall under the mandatory 7-year accounting retention).
  3. Restriction of processing: You have the right to request the restriction of the processing of your data in cases provided by the GDPR (e.g., when contesting the accuracy of the data).
  4. Data portability: You have the right to receive your personal data in a structured, machine-readable format for transfer to another controller.
  5. Withdrawal of consent: If data processing is based on your consent (e.g., direct marketing newsletters), you have the right to withdraw it at any time. We will respond to any of your requests within 30 days.
7. Dispute Resolution
  1. The resolution of issues related to the processing of personal data is handled through customer support at: info@terrasecure.eu.
  2. The supervisory authority at the Seller's place of registration is the Estonian Data Protection Inspectorate (address: Tatari 39, 10134 Tallinn, e-mail: info@aki.ee). Buyers from other EU countries also have the right to contact the relevant national data protection supervisory authority in their country of residence.