Privacy Policy

This Privacy Policy explains how KAN KRET OÜ (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit or make a purchase from our website.

1) DATA CONTROLLER

Controller: KAN KRET OÜ

Registered address: Pärna tee 3, Suigu, 87302 Pärnu maakond

Email: kankretclothing@gmail.com

KAN KRET OÜ is responsible for the processing of your personal data.

2) PERSONAL DATA WE COLLECT

A. Data you provide

We collect personal data when you:

• place an order
  
• contact us
  
• interact with our services
  

This includes:

• name
  
• email address
  
• phone number (if provided)
  
• billing and shipping address
  
• order details (products, sizes, preferences)
  
• communications with us
  

B. Data collected automatically

When you use our website, we may collect:

• IP address
  
• device and browser type
  
• pages visited and interactions
  
• approximate location (based on IP)
  

C. Payment data

Payments are processed through:

• Shopify
  
• Maksekeskus
  

We do not store full payment card or bank details.

All payments are processed securely via third-party providers.

We receive limited information such as:

• payment status
  
• transaction identifiers
  

3) PURPOSES OF PROCESSING

We use your personal data to:

• process and deliver orders
  
• provide customer support
  
• communicate order updates
  
• detect and prevent fraud
  
• comply with legal obligations (accounting, tax)
  
• improve website functionality and performance
  

We do not sell your personal data.

4) LEGAL BASES (GDPR)

We process personal data under the following legal bases:

Contract (Art. 6(1)(b))

• order processing
  
• delivery
  
• customer support
  

Legal obligation (Art. 6(1)(c))

• tax and accounting requirements
  
• consumer protection compliance
  

Legitimate interests (Art. 6(1)(f))

• fraud prevention
  
• website security
  
• business operations and improvement
  

We ensure our legitimate interests do not override your rights.

Consent (Art. 6(1)(a))

• non-essential cookies
  
• marketing communications (where applicable)
  

You can withdraw consent at any time.

5) DATA SHARING

We share personal data only where necessary:

Service providers

• Shopify (hosting, checkout, infrastructure)
  
• Maksekeskus (payments)
  
• shipping and logistics providers
  
• IT and security providers
  

Professional and legal

• accountants and legal advisers
  
• authorities where required by law
  

All providers are required to process data securely and only for specified purposes.

6) INTERNATIONAL DATA TRANSFERS

Some service providers (e.g., Shopify) may process data outside the EU/EEA, including in the United States.

Where this occurs, we ensure appropriate safeguards such as:

• European Commission adequacy decisions, or
  
• Standard Contractual Clauses (SCCs)
  

You may request more information by contacting us.

7) DATA RETENTION

We retain personal data only as long as necessary:

• order and invoice data: up to 7 years (legal requirement)
  
• customer support communications: up to 24 months
  
• website analytics data: up to 14 months (if used)
  
• fraud/security logs: as necessary for security purposes
  

8) COOKIES AND TRACKING

We use cookies for:

Strictly necessary cookies

• cart and checkout functionality
  
• security
  

Analytics cookies (if enabled)

• website performance
  
• usage analysis
  

Marketing cookies (if used)

• advertising and personalization
  

Non-essential cookies are used only with your consent.

You can manage cookies via your browser settings or cookie banner.

9) MARKETING COMMUNICATIONS

If you subscribe to marketing:

• you may receive emails about products or offers
  

You can unsubscribe at any time via:

• email link, or
  
• contacting us directly
  

Service emails (e.g., order confirmations) are not marketing.

10) YOUR RIGHTS (EU/EEA)

You have the right to:

• access your personal data
  
• correct inaccurate data
  
• request deletion
  
• restrict or object to processing
  
• data portability
  
• withdraw consent
  

You also have the right:

• not to be subject to automated decision-making, where applicable
  

Exercising your rights

Contact: kankretclothing@gmail.com

We may request verification of your identity before processing requests.

We respond within 1 month, as required by law.

11) COMPLAINTS

You have the right to lodge a complaint with your data protection authority.

In Estonia, this is:

Andmekaitse Inspektsioon

12) CHILDREN’S DATA

Our services are not directed at individuals under the age of 16.

We do not knowingly collect personal data from children.

13) DATA SECURITY

We implement appropriate technical and organizational measures to protect personal data, including:

• secure hosting infrastructure
  
• restricted access to data
  
• use of trusted service providers
  

14) CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time.

The latest version will always be available on our website.