Privacy Policy
This English version is provided for convenience. The legally binding version is the German original. In case of any discrepancy, the German text prevails.
Privacy Policy
This Privacy Policy informs about the nature, scope and purpose of the processing of personal data in the online shop mintlama.eu in accordance with the General Data Protection Regulation (GDPR) and Estonian data protection law.
1. Controller
MINT LAMA Europe OÜ
Järvevana tee 9, 11314 Tallinn, Estonia
Commercial register (Äriregister) Reg. No. 17127644 · VAT ID: EE102838947
E-mail: info@mintlama.ch
Phone: +41 44 589 70 15
Authorised representative: Muriel Vitale
Customer service is operated from Switzerland on behalf of the controller.
Järvevana tee 9, 11314 Tallinn, Estonia
Commercial register (Äriregister) Reg. No. 17127644 · VAT ID: EE102838947
E-mail: info@mintlama.ch
Phone: +41 44 589 70 15
Authorised representative: Muriel Vitale
Customer service is operated from Switzerland on behalf of the controller.
2. Data protection requests
Requests regarding data protection (access, rectification, erasure, restriction, objection, portability) should be sent to info@mintlama.ch with the subject „Data protection". We will respond within the statutory period of one month.
3. Purposes of processing and legal bases
We process personal data for the following purposes:
– Order processing, delivery and payment (Art. 6 (1) (b) GDPR – performance of a contract)
– Communication with customers (pre-contract, service, complaints)
– Compliance with legal obligations such as accounting and tax (Art. 6 (1) (c) GDPR)
– Reach measurement, website optimisation, security and fraud prevention (Art. 6 (1) (f) GDPR – legitimate interest)
– Marketing and personalisation only with explicit consent via cookie banner (Art. 6 (1) (a) GDPR)
– Order processing, delivery and payment (Art. 6 (1) (b) GDPR – performance of a contract)
– Communication with customers (pre-contract, service, complaints)
– Compliance with legal obligations such as accounting and tax (Art. 6 (1) (c) GDPR)
– Reach measurement, website optimisation, security and fraud prevention (Art. 6 (1) (f) GDPR – legitimate interest)
– Marketing and personalisation only with explicit consent via cookie banner (Art. 6 (1) (a) GDPR)
4. Categories of data processed
– Order data (name, address, e-mail, phone, order content, payment data)
– Communication data (e-mail correspondence, contact form inputs)
– Usage data (truncated IP address, device information, click path, referrer) with active consent to analytics cookies
– Marketing data with active consent
– Communication data (e-mail correspondence, contact form inputs)
– Usage data (truncated IP address, device information, click path, referrer) with active consent to analytics cookies
– Marketing data with active consent
5. Recipients / processors
We disclose personal data only to the following categories of recipients:
– Logistics partners for delivery (e.g. Lufapak GmbH, DPD, others) – name, delivery address, phone number for delivery notification
– Payment service providers: Payrexx AG (card and SEPA processing). Data required for payment is transmitted directly to the provider; we only receive payment status and pseudonyms.
– Hosting / IT providers: Hetzner Online GmbH (DE) for server operations
– Analytics (only with consent): Google Ireland Ltd. (Google Analytics 4, Google Tag Manager)
– Marketing pixels (only with consent): Meta Platforms Ireland Ltd. (Meta Pixel)
– Cookie consent management: Digital Data Solutions B.V. (CookieFirst)
– Tax and accounting advisors: bound by professional confidentiality
Data processing agreements under Art. 28 GDPR are in place with all processors.
– Logistics partners for delivery (e.g. Lufapak GmbH, DPD, others) – name, delivery address, phone number for delivery notification
– Payment service providers: Payrexx AG (card and SEPA processing). Data required for payment is transmitted directly to the provider; we only receive payment status and pseudonyms.
– Hosting / IT providers: Hetzner Online GmbH (DE) for server operations
– Analytics (only with consent): Google Ireland Ltd. (Google Analytics 4, Google Tag Manager)
– Marketing pixels (only with consent): Meta Platforms Ireland Ltd. (Meta Pixel)
– Cookie consent management: Digital Data Solutions B.V. (CookieFirst)
– Tax and accounting advisors: bound by professional confidentiality
Data processing agreements under Art. 28 GDPR are in place with all processors.
6. Transfers to third countries
Where services from US providers are used (e.g. Google, Meta), data may be transferred to third countries. The named providers are self-certified under the EU-US Data Privacy Framework or apply EU standard contractual clauses under Art. 46 GDPR. Additional safeguards include IP anonymisation and pseudonymisation.
7. Retention periods
– Order data: retained according to commercial and tax law retention obligations (typically 7 to 10 years)
– Communication data: until the request is handled, then according to statutory retention
– Analytics data: 50 months, then automatic deletion
– Marketing cookies: as configured in the cookie banner, typically up to 24 months
– Communication data: until the request is handled, then according to statutory retention
– Analytics data: 50 months, then automatic deletion
– Marketing cookies: as configured in the cookie banner, typically up to 24 months
8. Rights of data subjects
You have the right to:
– Access the data stored about you (Art. 15 GDPR)
– Rectification of inaccurate data (Art. 16 GDPR)
– Erasure of your data („right to be forgotten", Art. 17 GDPR)
– Restriction of processing (Art. 18 GDPR)
– Data portability (Art. 20 GDPR)
– Object to processing based on legitimate interests (Art. 21 GDPR)
– Withdraw consent with effect for the future (Art. 7 (3) GDPR)
– Lodge a complaint with a supervisory authority (Art. 77 GDPR)
The competent supervisory authority is:
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
E-mail: info@aki.ee · Web: www.aki.ee
Consumers residing in another EU Member State may alternatively contact the data protection authority of their country of residence. Supervisory authorities in our shipping countries:
– Access the data stored about you (Art. 15 GDPR)
– Rectification of inaccurate data (Art. 16 GDPR)
– Erasure of your data („right to be forgotten", Art. 17 GDPR)
– Restriction of processing (Art. 18 GDPR)
– Data portability (Art. 20 GDPR)
– Object to processing based on legitimate interests (Art. 21 GDPR)
– Withdraw consent with effect for the future (Art. 7 (3) GDPR)
– Lodge a complaint with a supervisory authority (Art. 77 GDPR)
The competent supervisory authority is:
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
E-mail: info@aki.ee · Web: www.aki.ee
Consumers residing in another EU Member State may alternatively contact the data protection authority of their country of residence. Supervisory authorities in our shipping countries:
| Country | Supervisory authority | Web |
|---|---|---|
| Austria | Datenschutzbehörde (DSB) | dsb.gv.at |
| Belgium | Gegevensbeschermingsautoriteit / Autorité de protection des données | gegevensbeschermingsautoriteit.be |
| Czech Republic | Úřad pro ochranu osobních údajů (ÚOOÚ) | uoou.cz |
| Denmark | Datatilsynet | datatilsynet.dk |
| France | Commission nationale de l'informatique et des libertés (CNIL) | cnil.fr |
| Germany | Bundesbeauftragte für Datenschutz und Informationsfreiheit (BfDI) | bfdi.bund.de |
| Hungary | Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) | naih.hu |
| Ireland | Data Protection Commission (DPC) | dataprotection.ie |
| Italy | Garante per la protezione dei dati personali | garanteprivacy.it |
| Luxembourg | Commission nationale pour la protection des données (CNPD) | cnpd.public.lu |
| Netherlands | Autoriteit Persoonsgegevens (AP) | autoriteitpersoonsgegevens.nl |
| Poland | Urząd Ochrony Danych Osobowych (UODO) | uodo.gov.pl |
| Portugal | Comissão Nacional de Proteção de Dados (CNPD) | cnpd.pt |
| Slovakia | Úrad na ochranu osobných údajov | dataprotection.gov.sk |
| Slovenia | Informacijski pooblaščenec (IP) | ip-rs.si |
| Spain | Agencia Española de Protección de Datos (AEPD) | aepd.es |
| Sweden | Integritetsskyddsmyndigheten (IMY) | imy.se |
9. Cookies and tracking
This website uses cookies. For non-essential cookies (analytics, marketing, personalisation) we obtain your consent via the cookie banner (CookieFirst). You can adjust or withdraw your settings at any time via the „Cookie settings" link in the footer.
Essential cookies are required for the operation of the shop (cart management, session, security tokens) and are set without consent.
Essential cookies are required for the operation of the shop (cart management, session, security tokens) and are set without consent.
10. Google Analytics 4 and Google Tag Manager
With active consent we use Google Analytics 4, a web analytics service of Google Ireland Limited. GA4 sets cookies that allow analysis of website usage. The IP address is processed in truncated form. The information generated by the cookies is transferred to Google servers and automatically deleted after 50 months. Legal basis is Art. 6 (1) (a) GDPR (consent). More: policies.google.com/privacy.
11. Meta Pixel
With active consent to marketing cookies we use the Meta Pixel (Meta Platforms Ireland Ltd.) for advertising effectiveness measurement and remarketing. The pixel transmits pseudonymous event data to Meta. Legal basis is Art. 6 (1) (a) GDPR. More: www.facebook.com/privacy/policy.
12. reCAPTCHA
To protect our forms we use Google reCAPTCHA. The service distinguishes between human and automated input and transmits IP address and additional data to Google. Legal basis is Art. 6 (1) (f) GDPR (legitimate interest in protecting against misuse). More: policies.google.com/privacy.
13. Changes to this policy
We reserve the right to amend this Privacy Policy if processing changes or the legal situation evolves. The current version is available on this page.
Last updated: 20 May 2026
Last updated: 20 May 2026