Privacy Policy

Processing of personal data

The controller of personal data of the online store is Medivar OÜ (registry code 12339040) located at Laki 30, 12915 Tallinn, phone 6606070 and e-mail

Medivar OÜ transfers the personal data necessary for making payments to the authorized processor Montonio Finance OÜ.

What personal data is processed:

• Name, telephone number and e-mail address of the data subject
• the delivery address of the goods
• Bank account number
• cost of goods and services and data related to payments
• (purchase history)
• customer support data

For what purpose is personal data processed?

Personal data is used to manage customer orders and deliver goods. Purchase history data (purchase date, product, quantity, customer data) is used to create an overview of purchased goods and services and to analyze customer preferences. The bank account number is used to return payments to the customer. Personal data such as e-mail, phone number and customer name are processed in order to solve questions related to goods and service provision (customer support). The online store user’s IP address or other network identifiers are processed for the provision of the online store as an information society service and for online usage statistics.

Legal basis

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Recipients for whom personal data is processed

Personal data is transferred to the customer support of the online store to manage purchases and purchase history and to solve customer problems. The name, phone number and e-mail address will be forwarded to the transport service provider chosen by the customer. If the goods are delivered by courier, the customer’s address is also transmitted in addition to the contact details. If the online store’s accounting is performed by a service provider, personal data is transferred to the service provider for accounting operations. Personal data may be transferred to information technology service providers if this is necessary to ensure the functionality of the online store or data hosting.

Security and data access

Personal data is stored on servers located in the territory of a member state of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that have joined the Privacy Shield framework. Employees of the online store have access to personal data, who can access personal data in order to solve technical issues related to the use of the online store and to provide customer support services. The online store implements appropriate physical, organizational and IT security measures to protect personal data from accidental or illegal destruction, loss, modification or unauthorized access and disclosure. Transfer of personal data to authorized processors of the online store (e.g. transport service provider and data hosting) and processing of personal data is carried out on the basis of contracts concluded with the online store and authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.

Viewing and correcting personal data

Personal data can be consulted and corrections can be made in the user profile of the online store. If the purchase has been made without a user account, personal data can be viewed through customer support.

Withdrawal of consent

If the processing of personal data takes place on the basis of the customer’s consent, the customer has the right to withdraw the consent by informing the customer support by e-mail.


Upon closing the customer account of the online store, personal data will be deleted, unless such data needs to be stored for accounting purposes or to resolve consumer disputes. If a purchase is made in the online store without a customer account, the purchase history is stored for three years. In case of disputes related to payments and consumer disputes, personal data will be stored until the claim is fulfilled or until the end of the statute of limitations (three years). Personal data necessary for accounting are stored for seven years.


To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the data deletion period will be specified.


The transfer request submitted by e-mail will be answered within a month at the latest. Customer support identifies the identity and informs about the personal data applicable to the transfer.

Direct marketing messages

The e-mail address is used to send direct marketing messages if the customer has given their consent. If the customer does not wish to receive direct marketing messages, he must select the corresponding reference in the e-mail header or contact customer support. If personal data is processed for the purpose of direct marketing (profiling), the customer has the right to object at any time to both the initial and further processing of his personal data, including profile analysis related to direct marketing, by notifying customer support by e-mail.

Solving arguments

Disputes related to the processing of personal data are resolved through customer support ( The supervisory authority is the Estonian Data Protection Inspectorate (

Shopping Cart