Privacy Policy

Last updated: 06.01.2024

This Privacy Notice by Sheseva OÜ ('ShesEva', 'we', 'us', or 'our'), describes how and why we might access, collect, store, use, and/or share ('process') your personal information when you use our services ('Services'), including when you:

  • Visit our website at sheseva.design, sheseva.com, or any website of ours that links to this Privacy Notice.
  • Engage with us in other related ways, including any sales, marketing, or events.

This Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@sheseva.com.

The controller in charge of data processing on this website, with­in the meaning of the General Data Protection Regulation (GDPR), is:

Sheseva OÜ
Registration code: 16722178
Legal address: Mere tee 12, 76708 Kloogaranna, Estonia
E-mail: info@sheseva.com

Table of Contents

1. When do we collect your information?

We collect your data when you interact with our Services including, but not limited to:

  • Visit our websites.
  • Purchase our products.
  • Create an account.
  • Sign up for our newsletter.
  • Use our contact form.
  • Send us pictures or other information.
  • Communicate with our customer service, such as asking questions, processing of returns, guarantees or complaints.
  • When you engage with us on social media (by mentioning/tagging us or by contacting us directly).

2. What information do we collect?

  • Your contact information – name, postal address, phone number, email address.
  • Purchase details including your choice of payment and transaction number.
  • Your order history and its related communication.
  • Customer service information – all kind of communication and correspondence between you and our customer service department.
  • Your IP address and information about how you use our website.
  • If you are browsing our website, we may collect your IP address or other device identifier, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other portable device information.

2.1. Automatically collected information

We automatically collect certain information when you visit, use, or navigate our Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2.2. Data we do not collect or process

We do not process sensitive information, like your personal identification number.

We do not store or process data from your credit cards such as card number, expire date or CVS number. The payment providers are responsible for collecting and processing that kind of data. Below you can find our payment providers and a link to their Privacy Policy.

  • Stripe - credit/debit card payments and other payment methods provided by Stripe.

3. Legal bases for processing your information

For purposes of the General Data Protection Regulation and other applicable data protection laws, we rely on a number of legal bases to process your Personal Data.

  • In order to fulfill our agreements with you as a customer, such as handling and delivering your order.
    The purchase agreement we have entered into with you is the legal basis for the processing and is necessary for us to be able to fulfill our contractual obligations and to fulfill this agreement with you, eg. so we can deliver your order and get paid.
  • To be able to handle customer service issues such as questions about our products, returns, guarantees and complaints.
    We will process your information in order to fulfill our obligations under applicable consumer law and we will process your information based on the legal basis based on our purchase agreement with you.
  • In order to meet the requirements of tax and accounting legislation – to declare and count our sales.
    The legal basis is to be able to fulfill our legal obligations under law.
  • In exceptional circumstances, we may process additional identification information from you to avoid financial fraud or identity theft.
    It is our legitimate interest to provide secure services that may prevent attempts to gain unauthorized access or unlawful use of our services.
  • To process additional data such as photos, videos and other media, for various promotions or lotteries, only in cases where you participate in these events.
    The legal basis is our legitimate interest in having the opportunity to administer or follow up competitions and events such as confirmation of entries, questions or information about winners.
  • To send our newsletter and promotional material – only in cases where you give your consent to it.
    The legal basis is our legitimate interest in being able to give information about, and market our products.
  • To create and maintain a customer account – only in cases where you have created an account.
    The legal basis is the agreement we have entered into with you, ie the creation and maintenance of your account.

4. Who do we share your personal data with?

We will never sell any of your personal data to a third party, and do not provide your personal information to third parties, unless required by law to do so or except for the operational necessities listed below:

  • We provide your name, address, email and possibly phone number to the shipping company that delivers your product.
  • We transfers the necessary personal data to accountancy service providers as well as tax and other public authorities when specific legislation requires this.
  • Sometimes we need to confirm your personal data with payment service providers, in order to prevent financial fraud or identity theft.

We may share your data with third-party vendors, service providers, contractors, or agents ('third parties') who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organisation apart from us.

5. How long we store your data?

We retain your Personal Data for as long as we continue to provide the Services to you to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. Cookies and other tracking technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

Specific information about how we use such technologies and how you can refuse certain cookies is explained in our Cookie Notice.

Google Analytics

We may share your information with Google Analytics to track and analyse the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy Policy page.

7. Security

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

We encourage you to assist us in protecting your Personal Data. If you hold a an account with us, you can do so by using a strong password, safeguarding your password against unauthorized use, and avoiding using identical login credentials you use for other services or accounts for your account at ShesEva. If you suspect that your interaction with us is no longer secure (for instance, you believe that your account's security has been compromised), please contact us immediately.

HTTPS and HSTS for secure connections

We mandate the use of HTTPS for all services using TLS (SSL), including our public websites and administrative sites. We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to make sure that browsers interact with us only over HTTPS. We are also on the HSTS preloaded lists for all modern major browsers.

8. Your rights

We at ShesEva always want to be transparent about how we process your information. At any time you have the right to:

  • Access – If you want to gain access to your personal data processing, you have the right to request access to your data via an extract from the register. The request must be submitted in writing and signed by you.
  • Rectification – If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.
  • Erasure – You may request erasure of your information to the extent that is in accordance with applicable law and in accordance with entered into agreements with you and we will of course always do our best to accommodate your erasure request.
  • Restrict processing – You have the right to restrict the processing of your personal data under certain conditions, such as for direct marketing or profiling if you oppose such processing. You also have the right to revoke a given consent at any time and to refuse different types of marketing.
  • Object to processing – You also have the right to object to our processing (eg if any of the information collected is incorrect).
  • Data portability – You have a right to ask us to transfer certain of your personal data we have about you to another company or organization, if it is secure and technically feasible. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, and enforce our agreements.

9. Do Not Track

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

10. Updates

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

11. Contact

If you have any questions or comments about this notice, please send us a message at: privacy@sheseva.com