Sunnyday OÜ is committed to protecting the privacy of clients and users. As a result, we are responsible for the collection, use, disclosure, transmission, and storage of client data. Our online activity complies with all relevant activities and corresponding European Union regulations and the laws of the Republic of Estonia.
Data being processed
- name, phone number, and email address
- address for delivering goods
- bank account number
- cost of goods and services and information related to payments (purchase history)
Collection of personal data
Customer’s personal data, such as name, postal address, phone number, email address, postal code, bank account, IP address, is collected when making a purchase or order from the online store. The collected data is used for managing customer orders, delivering goods, and analyzing customer preferences.
Collection of other data
Non-personalized data, which cannot be directly linked to a specific person: gender, age, language preference, location is collected and used for creating web usage statistics to provide more useful and personalized information to the client. We also automatically collect technical data (e.g., device type, browser, IP address) via Google Analytics.
Data security and access
The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the client. The client’s personal data is stored in accordance with the requirements set forth in legal acts. By agreeing to the privacy policy, the client gives Sunnyday OÜ consent for the automated processing of their data.
The client has the right to withdraw consent by notifying customer support via email (info@sunnydayfabrics.com).
Purposes and legal basis for data use
We use your data for the following purposes:
- Processing and delivering orders (contractual basis)
- Providing customer support (legitimate interest)
- For marketing purposes (e.g., newsletter) (based on consent)
- Fulfilling accounting obligations (legal obligation)
- Improving the website and enhancing the user experience (legitimate interest)
Sharing of personal data
We may share your personal data with the following third parties:
- Payment service providers (Montonio Finance UAB, Stripe)
- Logistics partners (Omniva, Itella SmartPOST, DPD)
- Accounting service providers (Merit Tarkvara AS)
- Analytics and marketing service providers (Google, Meta Platforms, Klaviyo)
If personal data is transferred outside the European Economic Area (e.g., to servers in the USA), we ensure protection in accordance with GDPR Article 46 (standard contractual clauses).
Cookies and tracking technologies
We use cookies and similar technologies to collect statistics and provide a better user experience.
Cookies may be necessary, functional, analytical, or marketing. We seek prior consent for the use of cookies as required by law.
More detailed information about cookies can be found in our cookie policy.
Access to data
Personal data is stored on Rocket.net servers located within a European Union member state or a country that is part of the European Economic Area. Data may be transferred to countries whose data protection level has been deemed adequate by the European Commission and to U.S. companies providing adequate protection under GDPR Article 46 (e.g., standard contractual clauses).
Access to customer personal data is available to online store employees who can access personal data to resolve technical issues related to the use of the online store and to provide customer support services.
The online store implements appropriate physical, organizational, and information technology security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, and disclosure.
The transmission of personal data to the online store’s authorized processors (e.g., transport service provider and data hosting) takes place based on agreements concluded with the online store and authorized processors. Authorized processors are required to ensure appropriate protective measures for personal data processing.
Data retention
- When purchasing from the online store, the purchase history is retained for seven years;
- In the event of payment-related and consumer disputes, personal data is retained until the claim is satisfied or until the expiration of the limitation period;
- Personal data required for accounting are retained for seven years.
Complaints and supervision
If you believe that the processing of your personal data violates your rights, you have the right to file a complaint:
Data Protection Inspectorate
Web: www.aki.ee
Email: info@aki.ee
Your rights
You have the right to:
- Access your data
- Correct inaccurate or incomplete data
- Request data erasure (“right to be forgotten”)
- Restrict the processing of data in certain cases
- Object to data processing
To exercise these rights, contact us via email at info@sunnydayfabrics.com. We will respond to your inquiry within 30 days.