1. General provisions
1.1. This Privacy Policy describes how Töövarustuse OÜ (registration code 11397549, legal address: Vana Narva mnt 5c, hereinafter referred to as the “Company”, “we”, “our”, or “us”) processes the personal data of customers and visitors of the online store Workgear24.ee.
1.2. We process personal data in accordance with the requirements of the EU General Data Protection Regulation (GDPR), as well as the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus) and other applicable legal regulations.
1.3. This policy applies to all cases where you use our online store, place an order, subscribe to our newsletter, contact us via email, phone, social media, or otherwise interact with the Company.
1.4. By using our website and services, you confirm that you have read this Privacy Policy and understand the terms of processing your personal data.
2. Categories of data collected
We collect only the data that is necessary to fulfill our obligations to customers and comply with legal requirements.
2.1. Order and delivery information:
first and last name,
delivery address (street, house, apartment, postal code, city, country),
phone number,
email address.
2.2. Payment information:
payment method details,
transaction data (processed via payment providers; we do not store bank card details).
2.3. Customer support data:
communication with our support team (via email or phone),
information about complaints and inquiries.
2.4. Marketing and newsletter data (based on separate consent):
email address,
newsletter engagement history.
2.5. Technical data (cookies):
IP address,
device and browser type,
website browsing history,
user behavior on the website (e.g. adding products to cart).
3. Purposes and legal bases for processing
We use personal data solely for lawful purposes:
Contract performance: processing and delivering orders, handling returns, and warranty obligations.
Legal obligations: accounting, tax reporting, and responding to requests from public authorities.
Legitimate interests: protecting our rights in the event of disputes, ensuring website security, and analyzing statistics.
Customer consent: sending newsletters, promotions, and marketing offers via email.
If consent for marketing is withdrawn, we stop processing personal data for this purpose.
4. Data sharing and access
Your personal data may be shared with third parties only to the extent necessary to fulfill the purposes of processing:
- Courier services and postal operators – for delivering goods.
- Payment providers – for processing payments (e.g. bank transfers, electronic payment systems).
- Accounting and auditing companies – for financial reporting.
- IT providers and hosting partners – for website operation and data storage.
- Public authorities – when required by law (e.g. the Tax and Customs Board).
We do not share personal data with third parties for their own marketing purposes.
5. Data retention periods
- Order data and accounting documents – at least 7 years (in accordance with Estonian tax legislation).
- Customer communication data – up to 3 years for protection against potential claims.
- Marketing data – until consent is withdrawn or the subscription to communications is terminated.
- Cookies and analytics data – depending on their purpose (from a single session up to 2 years).
After the retention periods expire, data is deleted or anonymized.
6. Cookies and analytics
6.1. We use cookies to ensure the proper functioning of the website, to store user preferences, to analyze statistics, and to improve the quality of services.
6.2. Cookies may be:
essential (required for the operation of the website),
functional (for example, they remember the contents of the shopping cart),
analytical (Google Analytics and similar services).
6.3. The user may restrict or disable cookies in their browser settings; however, this may affect the functionality of the website.
7. Data protection
We implement technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
use of secure connections (SSL),
restricting access to data for employees,
data backup,
selection of reliable IT service providers.
8. Your rights
In accordance with GDPR and Estonian legislation, you have the right to:
obtain confirmation as to whether we process your personal data, and access to such data,
correct inaccurate or incomplete data,
request deletion of data (“right to be forgotten”),
restrict processing,
object to processing (e.g. for marketing purposes),
data portability to another controller,
withdraw consent (if processing is based on consent).
To exercise your rights, please contact us: info@workgear24.ee.
If you believe your rights have been violated, you may contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
9. International data transfers
Your data is primarily processed within the European Economic Area (EEA). In the event that data is transferred outside the EEA, we ensure compliance with GDPR requirements by using standard contractual clauses or other lawful mechanisms.
10. Changes to the policy
We reserve the right to update this Privacy Policy. The new version becomes effective as soon as it is published on Workgear24.ee.