Privacy policy
Last Updated: August 18, 2025. Version 1
Personal Data Processing Policy
Vetra Skincare OÜ, registered No. 16560770, whose registered office is at Estonia, Harju maakond, Tallinn, Nõmme linnaosa, Vanemuise tn 10, 10918 (“VETRA”, “we” or “us”) is the data controller of the personal data collected via or in connection with VETRA (the “Site”).
Please take the time to review this notice which explains what information we collect about you, how we use it, and your rights.
VETRA respects your privacy and is committed to protecting it in accordance with this personal data processing policy (hereinafter referred to as the "Policy") and in compliance with the applicable laws and regulations of Republic of Estonia and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), as well as other legal acts in the field of privacy and personal data processing.
VETRA's Personal Data Processing Policy applies to any individual whose personal data is processed by VETRA.
This Policy is current as of the Effective Date stated above. We may change this Policy from time to time, so please be sure to check back periodically. If we make material changes, we will alert you e.g., by posting a prominent notice on the Site or via email.
DATA CONTROLLER CONTACT INFORMATION
The Data Controller – Vetra Skincare OÜ, registered No. 16560770, contact details are as follows:
Registered address: Estonia, Harju maakond, Tallinn, Nõmme linnaosa, Vanemuise tn 10, 10918
E-mail: info@vetraskincare.com
Website: www.vetraskincare.com
For communication with VETRA, please write to: info@vetraskincare.com.
Please note that VETRA does not provide general consultations on the compliance of personal data processing with the Regulation and the Personal Data Processing Law, but provides general information regarding the personal data processing carried out by the VETRA.
What personal data we collect and why
Personal data, or personal information, means any information about an individual from which that person can be identified.
It is your responsibility to provide only truthful data that is valid and necessary for the purposes set out in this text. By creating an account on our Site, you confirm that the personal data you have provided is accurate and correct. If the personal data is inaccurate, you must correct it immediately.
Performance of a contract
We process your personal data to create your account on our Site and manage your orders (purchases). The created account can be used to place an order in the VETRA online shop, receive personalised offers and recommendations etc.
In order for us to create an account for you and manage your orders, you must provide the personal data necessary for entering into the contract and performance of the contract. If you do not provide the required personal data, you will not be able to create an account with us and make purchases in the VETRA online shop.
We process your personal data in order to manage your purchases in the VETRA online shop. Your personal data is processed in order to manage your order, payment, send your invoice, inform/contact you about your order and order status, deliver your order and perform similar activities related to the order fulfilment. We also might keep records of your communications and interactions with us regarding the order, delivery status etc.
|
Personal Data Categories/ Personal Data |
Purpose (why and for what purposes we process your personal data) |
Lawful basis |
|
Registration information |
|
|
|
First name and Last name
|
is necessary to identify you and to distinguish you from other people with identical first and last names |
processing is necessary in order to take steps at the request of the data subject prior to entering into a contract; Article 6 § 1 subclause b) of Regulation |
|
email address |
is necessary to verify your personality and email to be sure that the account is created by you and not by an unauthorized person. This helps us protect your account from unauthorized access or unlawful use in future |
processing is necessary in order to take steps at the request of the data subject prior to entering into a contract; Article 6 § 1 (b) of Regulation
|
|
Contact Information |
|
|
|
email address |
after you become our customer (have purchased our products), we shall use your email address to contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights)
|
processing is necessary for the performance of a contract to which the data subject is party; Article 6 § 1 (b) of Regulation |
|
Identification information |
|
|
|
First name and Last name |
when you make any purchases from us or using our Site this information is necessary to proceed your order and to make sure that you receive your desired (purchased) products |
processing is necessary for the performance of a contract to which the data subject is party; Article 6 § 1 (b) of Regulation |
|
also, this information is necessary to proceed with your withdrawal right (if you decide to use it) |
processing is necessary for compliance with a legal obligation to which the controller is subject; Article 6 § 1 (c) of Regulation |
|
|
Transaction (order) Information |
|
|
|
order number, transaction date, purchased items, purchase amount, product prices, delivery method, receipt ID, etc. |
if you make any purchases from us or using our Site this information is necessary to proceed your order and make sure that you receive your desired (purchased) products |
processing is necessary for the performance of a contract to which the data subject is party; Article 6 § 1 subclause b) of Regulation |
|
also, this information is necessary to proceed with your withdrawal right (if you decide to use it) |
processing is necessary for compliance with a legal obligation to which the controller is subject; Article 6 § 1 (c) of Regulation |
|
|
Delivery and Shipping Information |
|
|
|
delivery date and time, delivery method, delivery address, phone number, your comments to courier or carrier, etc. |
when you make any purchases from us or using our Site this information is necessary to deliver your order and to inform you about the order delivery |
processing is necessary for the performance of a contract to which the data subject is party; Article 6 § 1 (b) of Regulation |
|
Records of your communications and interactions with us |
|
|
|
your emails and/or messages to us |
We collect and maintain a record of your communications and our responses in case you have any claims against us – to ensure accurate and clear resolution of such claims (by law, we are required to review and respond to your complaints) |
processing is necessary for compliance with a legal obligation to which we are the subject; article 6 § 1. (c) of Regulation |
|
and to best fulfill our contract with you if our communication relates to your order |
processing is necessary for the performance of a contract to which the data subject is party; Article 6 § 1 (b) of Regulation |
|
|
Payment and billing Information |
|
|
|
payment method, bank account number, payment card number, payment purpose description, etc. |
according to legal regulations we do have to keep your payment and billing information for accounting purposes and in case you decide to use your withdrawal right |
processing is necessary for compliance with a legal obligation to which we are the subject; article 6 § 1. (c) of Regulation |
|
Shopping (order) history |
|
|
|
information on products previously purchased and amounts, order ID, transaction date and location, purchased items, purchase amount, product prices, delivery method, receipt ID, including your personal data on the invoiceetc. |
according to legal regulations we do have to keep your shopping history for accounting purposes (to be able to explain and prove what products have you bought, for what price each, taxes and that products where shipped to you) |
processing is necessary for compliance with a legal obligation to which we are the subject; article 6 § 1. (c) of Regulation |
|
Email address |
|
|
|
your email addresses that we have acquired within a framework of fulfilling the contract |
We process your personal data to send you direct marketing information, such as personalized offers, tailored recommendations, details about discounts, benefits, our new products, and other related communications. |
Article 6 1. (f) of Regulation – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party; § 1031 (3) of Electronic Communications Act |
|
your email addresses that you provided by agreeing to receive marketing communication from us |
Article 6 1. (f) of Regulation – the data subject has given consent to the processing of his or her personal data |
|
|
If you no longer want to receive marketing communications from us (or would like to opt back in!), you can change your preferences at any time by contacting us, clicking on the ‘unsubscribe’ link in any email, or updating your settings in your account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights). |
||
Legitimate interests
We might keep and process some of your personal data for a specified period after the contract has been completed for our legitimate interests, for example to ensure the effective resolution of disputes that may arise regarding the performance of a contract, or for security purposes, to prevent, detect, and investigate fraud and other unauthorised activities and access, and where necessary to protect ourselves, our business and third parties, to gather evidence of problems discovered and manage the situation, to stop misuse of our services, and to manage legal claims.
|
Personal Data Categories |
Lawful basis |
Retention period |
|
• Shopping (order) history, such as information on products previously purchased and amounts, order ID, transaction date and location, purchased items, purchase amount, product prices, delivery method, receipt ID, including your personal data on the invoice etc. |
Article 6 1. (f) of Regulation – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party |
Refer to the section "How Long Your Personal Data is Retained" |
|
• Payment or billing Information, this includes details such as payment method, bank account number, payment card number, payment purpose description, etc. |
||
|
• Delivery and Shipping Information, such as delivery date and time, delivery method, delivery address, comments, etc. |
||
|
• Records of your communications and interactions with us, such as when you email, call, or otherwise contact us, we collect and maintain a record of your contact details, communications and our responses. |
||
|
• Your electronic mail addresses that we have acquired within a framework of fulfilling the contract |
Social Media Content
We may repost or otherwise process information generated by you on our Site and/or on social media platforms.
|
Personal Data Categories |
Lawful basis |
Retention period |
|
your actions on social media channels, information that you post in other areas of the Site and/or on our social media channels, information that you provide to us as part of product reviews, photo and/or video, including any sound and accompanying text, posted through your account on social media, accompanying metadata such as time and place of creation, your user name, and links to your social media profile |
We believe more people should know about our products and that’s impossible without our interaction on social media, your reviews/photos/video of our products, so we might use this information for promotion |
Article 6 1. (f) of Regulation – the data subject has given consent to the processing of his or her personal data |
|
If you no longer want us to use your social media content on our platforms, just contact us in any way you find convenient. |
||
Personal data we receive from other sources
In some circumstances, we may receive personal data from third parties, including:
|
Personal Data Categories |
Description |
|
• Payment information |
for processing of your payments, we use third party services, so for accounting and contract fulfilment purposes we might receive such information as: payment method, bank account number, payment card number, payment purpose description, your name, etc. from payment service provider. |
|
• Verification data |
e.g. data collected from third party service providers used to verify your identity and prevent fraudulent activity. |
|
• Social media monitoring |
If you visit our pages on social media sites, we collect information such as what you click on and view, your comments, likes and reactions, your location (country/region), details of your device and internet connection, your social media profile details and user ID. |
Who do we share personal data with?
VETRA does not use or share the personal data you provide to us, except in the following cases:
· Performance of a contract or compliance with a legal obligation: where the transfer of data to a third party is necessary for the performance of a concluded contract or for the fulfilment of a function delegated by law. For example, data may be transferred to a credit institution for payment processing purposes or to an accounting service provider for bookkeeping purposes.
Þ For bookkeeping purposes, VETRA transfers the necessary data to an accountant ENTRO OÜ, registered number 12939722, address Harju maakond, Tallinn, Lasnamäe linnaosa, Katusepapi tn 6, 11412, Estonia, email: info@entro.ee, that is acting on behalf of VETRA as a processor within the meaning of the GDPR. More detailed information regarding ENTRO's data processing activities may be obtained by writing to: info@entro.ee.
Þ For payment processing, VETRA uses the services of Stripe Technology Europe, Limited (Dublin, Ireland, 549300T7WU87LQYO0K16, R161769, https://stripe.com/en-lv , hereinafter "Stripe"). Stripe provides online payment transaction services and, depending on your role on our platform, enables you either to make payments by card on our website (Clients) or to receive remuneration for your services (Specialists). Stripe processes the received personal data as an independent controller in accordance with binding European Union legislation. You may review Stripe's data protection principles here: https://stripe.com/en-lv/privacy and here: https://stripe.com/en-lv/legal/cookies-policy . More detailed information regarding Stripe's data processing activities may be obtained by writing to: dpo@stripe.com.
Þ For delivery purpose, VETRA uses the service of PostNord Group AB, org. no. 556128-6559. PostNord offers communications and logistics solutions. PostNord processes the received personal data as an independent controller in accordance with binding European Union legislation. You may review PostNord's data protection principles here: https://www.postnord.fi/en/privacy-policy/ and here: https://www.postnord.fi/en/privacy-policy/information-about-the-cookies/. More detailed information regarding PostNord's data processing activities may be obtained by writing to: dataprotectionoffice@postnord.com.
· Legitimate interests: for the protection of VETRA's legitimate interests, in the manner provided by applicable legislation. For example, by bringing a claim before a court or other state authority against a person who has infringed VETRA's legitimate interests, or by transferring data to a debt collection service provider for the recovery of outstanding payments.
· Compliance with legal obligations: to persons entitled under external legal acts, upon their duly justified request (e.g., law enforcement authorities).
Where Do We Process Your Personal Data?
We strive to process your personal data within the European Union (EU) and the European Economic Area (EEA) whenever possible.
When we use Google Analytics, your personal data may be transferred to, or processed in, a country outside the EU/EEA, since Google Analytics stores data on Google servers located in various countries worldwide. For further details, please refer to our Cookie Policy.
How Long Your Personal Data is Retained?
All personal data obtained from you, either directly or indirectly, is stored in your account for as long as you maintain an account with us. If specific data is no longer required to remain identifiable, we will not retain such data indefinitely and will anonymize it at an earlier stage.
With respect to the assessment of prepaid/postpaid payment methods, information will be retained for no longer than 7 years unless a longer retention period is required under applicable laws.
Data processed for direct marketing purposes will be retained until you withdraw your consent to receive direct marketing communications.
Documentation related to your orders placed via the VETRA online store (e.g., order details, invoices, return data, etc.) will be retained for 7 years from the following starting points:
• Order data will be retained from the date of order creation;
• Return data will be retained from the date of the return initiation;
• Financial documents (e.g., invoices, detailed invoices) will be retained from the date the documents are generated.
In the event of legal claims, data will be processed for the duration of the investigation, settlement, and enforcement of legal claims. If no violation is found during the investigation, the data will be retained for 1 (one) year after the decision to close the investigation. If a violation is found, the data will be retained for 3 (three) years following the decision to close the investigation or until the final execution of a court judgment.
Data processed for IT environment security purposes will be retained for up to 18 calendar months unless a longer retention period is mandated by law.
Security
We implement appropriate technical and organisational security safeguards to protect your data from loss, misuse, and unauthorised access, disclosure, alteration and destruction, including, but not limited to the following personal data protection and security measures:
· Use of antivirus software
· Data encryption (HTTPS SSL protocol)
· Regular updating of email and computer passwords
However, please be aware that it is impossible for any company to guarantee the absolute security and integrity of the information that has been transmitted to its website.
Your Rights
You have choices regarding our processing of your personal data as described in this section. Your rights under Regulation:
• Ask for a copy of your personal data, make corrections to your personal data, and in some cases e.g. where our purposes for processing have come to an end, ask us to delete it.
• Object to our use of your personal data in certain situations, including where we use your personal data for direct marketing.
• Transfer your personal data, in certain circumstances, to another provider, in a commonly used format.
• Complain to the data protection regulator in your country.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are several limitations to these rights, and there may be circumstances where we are not able to comply with your request.
You can exercise your rights by contacting info@vetraskincare.com
WHO TO CONTACT IF YOU HAVE QUESTIONS
If you have any questions regarding the processing of your personal data, please contact us – Vetra Skincare OÜ, registered No. 16560770, using the following details:
Registered address: Estonia, Harju maakond, Tallinn, Nõmme linnaosa, Vanemuise tn 10, 10918
E-mail: info@vetraskincare.com
SUBMITTING A COMPLAINT
If you are not satisfied with our response to your request or you believe that we are violating personal data protection regulations, you have the right to lodge a complaint with the Data Protection Inspectorate:
Tel.: +372 627 4135, E-mail: info@aki.ee , Address: Tatari 39, Tallinn 10134, Estonia.