Privacy Policy

Privacy Policy

Last updated: February 2026

Museumist OÜ (“we”, “us”, “our”) operates the website museumist.eu. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or make a purchase, in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Museumist OÜ
Pärnu mnt 146, Tallinn, 11317, Estonia
Email: hello@museumist.eu
Phone: +372 5847 0702

2. What Data We Collect

We collect the following personal data when you place an order or create an account:

  • Name and contact details (email, phone number, shipping and billing address)
  • Payment information (processed securely through our payment provider; we do not store card details)
  • Order history and transaction data
  • IP address and browser information (collected automatically via cookies)
  • Communication data (emails, contact form messages)

3. Purpose and Legal Basis

We process your data for the following purposes:

  • Contract performance: Processing orders, shipping, returns, and customer support
  • Legal obligation: Tax and accounting records as required by Estonian law
  • Legitimate interest: Improving our website, preventing fraud, and analytics
  • Consent: Marketing emails and newsletters (only with your explicit opt-in)

4. Data Sharing

We may share your data with trusted third parties solely for order fulfillment:

  • Payment processors (e.g. Stripe)
  • Shipping and courier services
  • Hosting provider (GoDaddy)
  • Email service providers

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. Cookies

Our website uses essential cookies required for the online shop to function (shopping cart, session management). We may also use analytics cookies to understand how visitors use our site. You can manage cookie preferences in your browser settings.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described above. Order and transaction records are kept for 7 years as required by Estonian accounting law. Marketing consent records are kept until you withdraw consent.

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee)

To exercise any of these rights, please contact us at hello@museumist.eu.

8. Security

We use SSL encryption and industry-standard security measures to protect your personal data. Payment processing is handled by PCI-compliant third-party providers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the date of last update.