Privacy policy

Last updated: August 14, 2025

Privacy Policy

Puracosa values your privacy and processes personal data in accordance with the laws of the Republic of Estonia and the EU General Data Protection Regulation (GDPR).
This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Who We Are

The Puracosa online store is operated by ASAYA OƜ, a company registered in Estonia.
When we say "we," we mean the people behind Puracosa, committed to processing your data honestly, securely, and transparently.

2. Personal Data We Process

We process the data you provide when you:

  • register an account in our online store;
  • make a purchase;
  • subscribe to our newsletter;
  • contact our customer service.

This data may include:

  • first and last name;
  • delivery and billing address;
  • email address and phone number;
  • payment details (bank or card information is transmitted only to the payment service provider);
  • purchase history and customer communication records;
  • customer support requests;
  • account preferences;
  • technical data collected via cookies and analytics tools (IP address, browser type, browsing history).

3. Purposes of Data Processing

We use personal data for:

  • processing and delivering orders;
  • providing customer support;
  • processing payments;
  • improving our products and services;
  • sending marketing offers and newsletters (only with your consent);
  • analysing website statistics and user experience;
  • fulfilling legal obligations.

4. Data Sharing

We trust our partners as much as our products ā€” choosing only those who protect your data with the same care:

  • Accounting software: Merit Aktiva
  • E-commerce platform: Shopify - We use the Shopify platform to operate our online store. Shopify processes your personal data to help us deliver our services. For more information on how Shopify uses your data, please refer to their Privacy Policy.
  • Payment Processing:
    • Shopify Payments: Handles credit card transactions securely. Your payment information is encrypted and processed in accordance with PCI DSS standards.
    • Maksekeskus AS: Processes bank transfers and other local payment methods. Your banking information is transmitted securely and processed in compliance with Estonian and EU data protection laws.
  • Logistics and delivery: Itella Smartpost, DPD
  • Statistics and analytics: Google Analytics, Meta (Facebook, Instagram)
  • Email marketing: Mailchimp (currently; provider may change)

All partners follow strict data protection and security standards.

5. Data Retention

  • Customer account: deleted upon closure, unless legal retention is required;
  • Guest checkout: purchase data kept for up to 3 years;
  • Payment or dispute-related data: up to 3 years, or until the claim is resolved;
  • Accounting data: retained for 7 years in accordance with the law.

6. Data Transfers Outside the EU

Some of our authorised processors may be located outside the European Economic Area. In such cases, we ensure that data transfers comply with GDPR requirements (e.g., EU Standard Contractual Clauses).

7. Your Rights

You have the right to:

  • obtain information about the processing of your personal data;
  • request correction or deletion of your data;
  • restrict data processing;
  • withdraw consent for direct marketing at any time (via the unsubscribe link in emails);
  • receive your data in a structured, machine-readable format and transfer it to another service provider;
  • lodge a complaint with the Estonian Data Protection Inspectorate (www.aki.ee).

For inquiries, email info@puracosa.eu. We respond within 30 days.

8. How We Protect Your Data

We use encryption, secure servers, and carefully designed processes to protect your data during transmission and storage.

9. Cookies

In order to better serve users, our website uses cookies.

A cookie is a text file that is sent and stored on the user's computer by websites that the user visits. The cookie is stored in the user's web browser's file directory. If the user has visited the website before, the web browser reads the cookie and transmits the corresponding information to the website or element that originally saved the cookie.

Additional information about cookies is available at allaboutcookies.org. Cookies allow you to track website usage statistics, the popularity of sections, and other actions performed on the website. The information obtained from the cookie is used to improve the usability and content of the website.

The types of cookies used are as follows:

  • Persistent cookies are essential for moving around the website and using its functions. Without persistent cookies, the user would not be able to use all the functions of the website.
  • Session cookies allow the website to remember previous choices made by the user (such as username, language selection, etc.) and thus provide more efficient and personalized functions.
  • Tracking cookies collect data about the user's behavior on the website. The information obtained from the tracking cookie allows to improve the usability of the website.
  • Advertising cookies collect data about the user's browsing habits, which in turn allows the website to present advertising content in line with the user's preferences. In addition, this type of cookie allows to measure the effectiveness of the advertising campaign.

The user has the right to refuse the storage of cookies on the computer. If so desired, the user must change the settings of his web browser. Different types of web browsers use different methods to disable cookies. More detailed information is displayed on the website allaboutcookies.org.

When blocking cookies, the user must take into account that not all functions of the website may be available to the user after blocking cookies.

10. Direct Marketing Messages

Your email address and phone number will be used for sending direct marketing messages only if you have given consent.
If you no longer wish to receive such messages, you can click the unsubscribe link in the email header or contact customer service.

If personal data is processed for direct marketing purposes (including profiling), you have the right to object at any time to both the initial and further processing of your personal data, including related profiling, by notifying customer service via email.

11. Dispute Resolution

Disputes related to personal data processing are resolved through customer service.
The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).
You may also contact the Consumer Disputes Committee or the ODR platform.

12. Changes to This Privacy Policy

We may update this document from time to time. All updates will be published on our website www.puracosa.eu.

Pure care for your skin ā€” and for your data.
For us, beauty also means honesty, transparency, and care.

Ā 

Ā