Privacy Policy

  • 1.1. The controller responsible for processing personal data is Naked Love OÜ (16015736). For questions related to data protection, please contact us at whadup@nakedlove.ee.

    1.2. A data subject within the meaning of this Privacy Policy is a customer or any other natural person whose personal data is processed by the controller.

    1.3. A customer within the meaning of this Privacy Policy is anyone who purchases goods or services from the controller's website.

  • 2.1. The controller has the right to share customer personal data with third parties such as authorized processors, accountants, transportation and courier companies, and payment service providers. Naked Love OÜ is the main data controller.

    2.2. The online store forwards personal data necessary for delivering ordered goods to transportation partners, including Outvio OÜ.

    2.3. The online store forwards personal data necessary for processing payments to the authorized processor Maksekeskus AS.

    2.4. If accounting services are provided by an external service provider, the online store forwards personal data to that provider for accounting purposes.

    2.5. Personal data may be forwarded to IT service providers when necessary for website functionality or data hosting.

  • 3.1. Personal data collected, processed, and stored by the controller is obtained electronically, mainly via the website (for example when placing orders or subscribing to a newsletter) and via email.

    3.2. By sharing personal data, the data subject grants the controller the right to collect, organize, use, and manage personal data for the purposes defined in this Privacy Policy. This applies to data that the data subject directly or indirectly provides when purchasing goods or services on the website.

    3.3. The data subject is responsible for ensuring that the information they provide is accurate, correct, and complete. Providing knowingly false information is considered a breach of the Privacy Policy. The data subject must notify the controller immediately of any changes to the submitted data.

    3.4. The controller is not liable for damages caused to the data subject or third parties as a result of incorrect data provided by the data subject.

    3.5. The legal basis for processing personal data is Article 6 paragraph 1 points a), b), c), and f) of the General Data Protection Regulation (GDPR):

    • a) the data subject has given consent for processing their personal data for one or more specific purposes.

    • b) processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the data subject's request prior to entering a contract.

    • c) processing is necessary for compliance with a legal obligation of the controller.

    • f) processing is necessary for the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, especially if the data subject is a child.

    3.6. After the retention periods outlined in this Privacy Policy expire, personal data is deleted or anonymized.

    3.7. In addition, the controller has the right to collect data about the customer from public registers.

  • 4.1. When processing and storing personal data, the controller uses organizational and technical measures to protect data from accidental or unlawful destruction, alteration, disclosure, or any other form of unlawful processing.

  • Email addresses and phone numbers may be used to send newsletters and advertisements (marketing messages) if the customer has given consent. The customer may withdraw consent at any time. If the customer no longer wishes to receive marketing messages, they may use the unsubscribe link in the email footer or contact customer support.

  • To access, transfer, or delete your personal data, please contact us via email at whadup@nakedlove.ee and submit a digitally signed free-form request.

    Customers have the right to:

    • Verify the accuracy of their personal data.

    • Request correction, transfer, deletion, restriction of processing, or object to processing.

    • Access data collected about them by submitting a request via email.

    Deleted or anonymized data cannot be accessed.

    Customers have the right to receive information about:

    • The purpose of processing.

    • Types of personal data processed.

    • Who processes their data.

    • How long the data is stored.

    Customers also have the right to request deletion of personal data (the "right to be forgotten"). Legal limitations apply, for example order-related information cannot be deleted before the legally required retention period expires.

    Customers may request restriction of processing when:

    1. The accuracy of the data is contested.

    2. Processing is unlawful, but deletion is not requested.

    3. The controller no longer needs the data, but the customer requires it for legal claims.

    4. Processing is objected to on legitimate interest grounds, pending resolution of the dispute.

    You always have the right to contact the Estonian Data Protection Inspectorate or a court regarding your data protection concerns.

  • These data protection conditions are prepared in accordance with:

    • Regulation (EU) 2016/679 (GDPR)

    • The Estonian Personal Data Protection Act

    • Other applicable laws of Estonia and the European Union

    7.2. The controller has the right to amend the Privacy Policy in part or in full by notifying data subjects on the website.

Home