Processing of personal data

The personal data controller of the e-shop is HC PRO AS (registration code 10089981) located in Estonia, Harjumaa, Maardu, Vana-Narva mnt 20b, 74114, phone +372 661 6988 and e-mail [email protected] (hereinafter " merchant").

What personal data is processed

  • name
  • contact information such as a telephone number and an e-mail address
  • payer’s address and delivery address
  • bank account number
  • costs of goods and services and data related to payments (purchase history)
  • customer support details
  • other information related to customer surveys and/or offers

For what purpose personal data are processed

Personal data are processed for the purposes of the performance of the contract concluded with the customer. Personal data are processed for the performance of legal obligations (for example, accounting and the resolution of consumer disputes). 
Personal data are used for managing the customer’s orders and delivering the goods. 
Purchase history data (purchase date, goods, quantity, customer data) are used for preparing an overview of goods and services purchased and for analysing customer preferences. 
The bank account number is used to refund payments to the customer. 
Personal data such as e-mail address, telephone number and customer name are processed in order to resolve any issues related to the provision of goods or services (customer support). 
The IP address or other online identifiers of the user of the online shop are processed for the provision of the online shop as an information society service and for the compilation of Internet use statistics. 

Personal data using

Personal data is used to manage purchases and purchase history and to confirm the judgment taken on behalf of the customer.
In order to provide the best service, Hotlips may disclose information about individuals to third parties who provide services to Hotlips. Transfer of personal data to authorized processors of Hotlips (e.g. transport service provider, installment payment provider, product maintenance service provider, data hosting) processing of personal data is carried out on the basis of agreements concluded with Hotlips and authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.

Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the e-store or data hosting.

Transmission of personal data to authorised processors

The merchant keeps secret the customer’s personal data that have become known to it in the course of the registration and use of the user account and publishes them to third parties only with the customer’s consent, except where the obligation or entitlement to publish the data results from legislation. The user of the online shop accepts that, in order to provide the customer with suitable services, the merchant is entitled to process their data, including the transmission of the customer’s data to parties related to the provision of a service for the customer by the merchant. List of authorised processors:

Suppliers - To send orders to the customer:

  • DPD
  • Itella
  • Omniva
  • Venipak
  • Cargoson

Payment service providers - to pay for orders:

  • Swedbank
  • SEB
  • Luminor
  • LHV
  • Coop pank
  • Citadele
  • Revolut
  • Stripe
  • Montonio
  • Inbank
  • ESTO

Collecting statistics - collecting information for better e-shop user experience:

  • Google Analytics
  • META
  • Smaily

Legal basis

Personal data is processed for the purpose of fulfilling the contract concluded with the customer.
Personal data is processed to fulfill a legal obligation (e.g. accounting and consumer dispute resolution).
With the customer's consent, we may collect data about customer activities in our online store and retail stores. According to the data, the customer can receive personal and best offers for products and services if desired.

Security and access to data

Personal data is stored on servers located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated with the Privacy Shield framework.
Hotlips employees have access to personal data, who can view personal data in order to solve customer questions or technical issues related to the use of the e-store.
Hotlips implements appropriate physical, organizational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.

Inspection and amendment of personal data

Personal data can be changed in the Hotlips e-shop under the user's profile or by sending a signed application to the address [email protected]

Revocation of consent

If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent by bringing a relevant signed application to the Hotlips store by sending the application by e-mail to [email protected]. The application will be answered within 30 days at the latest.


When a customer account is closed in the online shop, any personal data are deleted, except where such data need to be retained for accounting or the resolution of consumer disputes. 

If a purchase has been made in the online shop in the capacity of a visitor (without a user account), the individual purchase history will be retained for three years. 

In the event of disputes related to payments or consumer disputes, personal data are retained until the settlement of the claim or until the expiry of the limitation period (three years). 

Personal data needed for accounting are retained for seven years.


In order to delete personal data, you must bring the appropriate signed application to the Hotlips store, send the application by e-mail to [email protected]. The application will be answered within 30 days at the latest.


In order to transfer personal data, you must bring the appropriate signed application to the Hotlips store, send the application by e-mail to [email protected]. The application will be answered within 30 days at the latest.

Direct marketing messages

An e-mail address or a telephone number is used for the transmission of direct marketing messages if the customer has provided the relevant consent. If the customer does not wish to receive direct marketing messages, the relevant link has to be selected in the e-mail header or customer support has to be contacted. 

If personal data are processed for the purposes of direct marketing (profiling), the customer is entitled to submit objections in relation to the initial or subsequent processing of their personal data, including the preparation of a profile analysis related to direct marketing, at any time by notifying customer support thereof via e-mail. 

Resolution of disputes

Disputes related to the processing of personal data are resolved through customer support ([email protected]).

The supervisory authority is the Estonian Data Protection Inspectorate ([email protected]).