Privacy Policy

These privacy terms apply to all users of the online store.

The data controller for the online store is Bioplanet OÜ, registered under the number 11920653, located at Merirahu tn 43, Haabersti linnaosa, Tallinn, Harju County, 13516.

Tel +372 5622 5661 and email

General Principles

Bioplanet OÜ does everything to protect its customers’ privacy.
By using our websites, you agree to our data processing rules and conditions.
We confirm that the processing of personal data by us complies with the relevant legislation of Estonia and the European Union.

Processing of personal data

We collect personal data primarily when it is necessary for the identification of customers and for contacting them in connection with the provision of products or services or the fulfillment of a contract, but also for the fulfillment of legal obligations.

Types of personal data processed

– Name, phone number, and email address;

– Delivery address of the goods;

– Bank account number;

– The cost of goods and services and related payment data;

– Customer support data.

Purposes for processing personal data

Personal data is used for managing customer orders and delivering the goods.

Purchase history data (purchase date, product, quantity, customer data) is used for creating an overview of purchased goods and services and for analyzing customer preferences.

The bank account number is used for refunding payments to the customer.

The contact phone number is necessary for the fulfillment of the contract and to ensure the availability of services , and for transmitting messages in case of disruptions in the availability of services.

Personal data such as email and customer name is processed to resolve issues related to the provision of goods and services (customer support).

The user’s IP address or other network identifiers are processed for the provision of the online store as an information society service and for making web usage statistics.

Legal Basis

The processing of personal data is carried out for the purpose of fulfilling a contract with the customer.

The processing of personal data is carried out for compliance with a legal obligation (e.g., accounting and consumer dispute resolution).

Recipients to whom personal data is disclosed

Personal data is disclosed to the online store’s customer support for managing purchases and purchase history and for resolving customer issues.

The name, phone number, and email address are disclosed to the transport service provider selected by the customer. In the case of goods delivered by a courier, the customer’s address is also disclosed.

If the accounting of the online store is performed by a service provider, personal data is disclosed to the service provider for accounting purposes.

Personal data may be disclosed to information technology service providers if it is necessary to ensure the functionality or data hosting of the online store.

Visitor Identification on the Website (Cookies)

We use cookies (so-called cookies) technology on our websites to collect information about the use of the website and to distinguish users to provide the most convenient use of the website. Meie teenuseid kasutades nõustute sellega, et kasutame küpsiseid.By using our services, you agree that we use cookies.

A cookie is a small text file sent to the user’s web browser and stored on the user’s device.

We use the following types of cookies:

– session cookies, which are deleted automatically after each visit;

– persistent cookies, which remain when used repeatedly;

– third-party cookies used by the websites of partners to which we link (e.g., Facebook, Google, banks); we do not control the creation of these cookies; please refer to their usage rules on the respective website.

If the user does not want to accept cookies or wants to be informed about their placement, the user can change their browser settings accordingly, if the user’s browser allows it.

Data protection and access to data

Personal data is stored on servers located in a member state of the European Union or in countries that are part of the European Economic Area.

Access to personal data is available to the online store staff, who can access personal data to resolve technical issues related to the use of the online store and provide customer support.

We use organizational, physical, and information technology security measures necessary to ensure the confidentiality, integrity, and availability of data. The goal of information security activities is to implement an appropriate level of protection when handling information, mitigating risks, and preventing threats.

The communication between the customer and the bank is secured by the SSL security protocol, which ensures that the exchanged information cannot be eavesdropped or altered by unauthorized persons. The information moving between us and the bank is digitally signed.

We adhere to the principle that the transmission and collection of personal information should be as secure as possible. However, it should be noted that there are always certain risks, and no technological system is perfectly secure.

The transmission of personal data to the online store’s authorized processors (e.g., transport service provider and data hosting) is based on contracts concluded between the online store and the authorized processors. Authorized processors are required to implement appropriate protection measures when processing personal data.”

Access to Personal Data

The customer has the right to access their personal data in our possession at any time. The customer has the right to access their personal data in our possession at any time. The customer also has the right to receive information about the purposes of data processing, types of personal data, the retention period of personal data, and who the recipients of personal data are. Access to data is possible by submitting a written request in a form that allows for written reproduction. Bioplanet OÜ has the right to respond to such requests within 30 days.

Correction of Personal datap

If the customer, when reviewing their data, finds incorrect data or if the customer’s personal data has changed, they can always change them by contacting our team with a relevant message.

Withdrawal of consent

If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent by informing the customer support via email.


When a customer account on the online store is closed, personal data is deleted, except if such data needs to be retained for accounting or consumer dispute resolution purposes.

If a purchase has been made in the online store without a customer account, purchase history is retained for three years.

In case of disputes related to payments and consumer disputes, personal data is retained until the claim is satisfied or until the expiration of the limitation period.

Personal data necessary for accounting purposes is retained for seven years.


To delete personal data, contact our team via email. Requests for deletion are responded to in no more than a month, specifying the period for the deletion of data.


The right to data transfer provides the customer with additional control over their personal data. We allow data transfer in cases prescribed by law.

Direct marketing notices

The email address and phone number are used for sending direct marketing notices if the customer has given the relevant consent.

If personal data is processed for the purpose of direct marketing, the customer has the right to object to the processing of their personal data, including profiling related to direct marketing, at any time by informing our team via email.

Dispute resolution

The customer always has the right to turn to the Data Protection Inspectorate or the court to protect their privacy rights and data protection. The Data Protection Inspectorate is a national authority to which you can turn for advice or assistance on matters related to the protection of personal data.