Nordic Essence ("we", "our", or "us") operates as a curated e-commerce platform for authentic Nordic and Baltic design. This Privacy Policy explains how we handle your personal information when you use our website, make purchases, or interact with our services.
We believe in transparency and integrity in all our practices, from how we source our crafts to how we handle your data. We comply with the General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and other applicable e-commerce regulations.
Craftsmanship Ethos: Just as we are transparent about the origins and materials of our Nordic-Baltic crafts, we are transparent about how we handle your personal information.
To provide our e-commerce services and deliver your Nordic-Baltic crafts, we collect necessary information:
Customer & Order Information
- Personal Details: Full name, email address, phone number, shipping/billing address
- Order Information: Products purchased, order history, preferences, wish lists
- Payment Information: Payment method details (processed securely through payment providers)
- Communication History: Customer service inquiries, feedback, reviews
E-commerce Specific Information
- Shipping Details: Delivery preferences, tracking information, customs declarations for international orders
- VAT/Tax Information: For EU customers, VAT identification numbers when applicable
- Gift Information: For gift purchases, recipient details and gift messages
- Artisan Communications: For custom orders, specific requirements and preferences
Website Usage Information
- IP address, browser type, device information
- Pages visited, products viewed, time spent on site
- Cart abandonment information, wish list items
- Marketing campaign interactions
We use your information exclusively for e-commerce operations and service improvement:
| Purpose | Legal Basis | E-commerce Context |
|---|---|---|
| Order processing and fulfillment | Performance of contract | Processing purchases and shipping Nordic-Baltic crafts |
| Payment processing | Performance of contract | Secure transaction processing through payment providers |
| Shipping and delivery | Performance of contract | Coordinating delivery of crafts across EU/international borders |
| Customer service and support | Legitimate interest | Responding to inquiries about crafts, orders, or artisans |
| Custom order coordination | Performance of contract | Communicating specific requirements to artisans |
| EU VAT compliance | Legal obligation | Processing VAT for EU customers as required by law |
| Website improvement | Legitimate interest | Enhancing user experience and platform functionality |
| Marketing communications (with consent) | Consent | Sharing new collections, artisan stories, Nordic design content |
| Fraud prevention | Legitimate interest | Protecting our platform and customers from fraudulent activities |
As a curated marketplace, we collaborate with artisans and service providers:
Artisan Partners
- Order Fulfillment: Sharing necessary information for craft production and shipping
- Custom Orders: Specific requirements and customer preferences for bespoke pieces
- Quality Assurance: Feedback for artisan improvement (anonymized where appropriate)
Artisan Selection: All our Nordic-Baltic artisans are carefully selected and required to handle your information responsibly, using it only for order fulfillment and never for their own marketing purposes without your explicit consent.
Service Providers
- Payment Processors: Stripe, PayPal, or other secure payment gateways
- Shipping Carriers: DHL, Omniva, or other logistics partners for EU/international delivery
- E-commerce Platform: Shopify, WooCommerce, or other platform providers
- Customer Service Tools: For efficient inquiry management
- Marketing Platforms: For consented marketing communications
Legal and Regulatory Sharing
- Customs Authorities: For international shipments outside the EU
- Tax Authorities: For VAT and tax compliance reporting
- Legal Authorities: When required by Estonian or EU law
We implement appropriate security measures for e-commerce operations:
Technical Security
- SSL Encryption: Secure socket layer encryption for all data transmissions
- Secure Payment Processing: PCI-DSS compliant payment processing through trusted providers
- Data Encryption: Encryption of sensitive data at rest
- Secure Authentication: Protected access controls for customer accounts
- Regular Security Updates: Ongoing platform security maintenance
Operational Security
- Limited Access: Restricted access to customer information within our team
- Partner Vetting: Due diligence on all service providers
- Incident Response: Documented procedures for security incidents
- Employee Training: Regular data protection training for all staff
E-commerce Specific Protections
- Secure Checkout: Protected checkout process
- Fraud Monitoring: Systems to detect and prevent fraudulent transactions
- Order Verification: Procedures to verify high-value or suspicious orders
- Data Minimization: Collecting only necessary information for transactions
Under GDPR and applicable data protection laws, you have the following rights:
- Right to Access: Request copies of your personal information
- Right to Rectification: Request correction of inaccurate information
- Right to Erasure: Request deletion of your information under certain conditions
- Right to Restrict Processing: Request limitation of how we use your information
- Right to Data Portability: Receive your information in a structured, commonly used format
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw marketing consent at any time
- Right to Order Information: Access details about your Nordic-Baltic craft purchases
Order Record Considerations: Due to legal requirements for business records, tax, and warranty purposes, we may need to retain certain order information for specified periods even after deletion requests. We will inform you of any such requirements when responding to your requests.
As an e-commerce business serving international customers, your information may be transferred:
Within the European Union
- Primary data processing in EU data centers
- Shipping information shared with EU-based logistics partners
- Artisan partners located within EU/EEA countries
- Payment processing through EU-based providers
International Transfers
For international orders outside the EU:
- Shipping Information: Shared with international carriers for delivery
- Customs Documentation: Required information for customs clearance
- Payment Processing: International payment gateways
Transfer Safeguards
- EU-approved standard contractual clauses for transfers to third countries
- Adequacy decisions for destination countries
- Data minimization for international transfers
- Transparency about international data flows
We retain information based on operational needs and legal requirements:
Retention Periods
- Customer Accounts: Retained while active, deleted after 3 years of inactivity
- Order Records: 7 years (Estonian business and tax record requirements)
- Financial Records: 7 years (accounting and VAT requirements)
- Customer Service Records: 3 years for service improvement
- Marketing Information: Until consent withdrawal or 3 years of inactivity
- Website Analytics: 26 months for service improvement
- Artisan Collaboration Records: 7 years for business continuity
Craft-Specific Considerations
- Warranty Information: Retained for warranty period of purchased crafts
- Custom Order Details: Retained for future reference and artisan collaboration
- Gift Information: Retained only for order fulfillment, deleted after delivery
- Customer Preferences: Used to personalize future Nordic craft recommendations
Contact Our E-commerce Privacy Team
For privacy inquiries, data requests, or e-commerce specific concerns:
Nordic Essence
Sepa tn 14, 11712 Tallinn, Estonia
Curator & Founder: Mendel Maronti
Phone: +372 657 9504
Email: privacy@nordicessence.ee
Data Protection Contact: dataprotection@nordicessence.ee
Customer Service: support@nordicessence.ee
We respond to all e-commerce privacy inquiries within 48 hours during business days.