Privacy Policy

Effective date: 18 September 2025

This Privacy Policy (“Policy”) explains how Pixta Commerce OÜ (“Pixta Commerce”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you visit and use our websites lovejolly.eu and lovejolly.XX (where “XX” refers to any EU/EEA domain extension operated by us).

We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Estonian data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Pixta Commerce OÜ
Registry code: 17192794
VAT: EE102837922
Address: Tuukri tn 19-202, Kesklinna linnaosa, 10120 Tallinn, Estonia
Email for data protection matters: privacy@lovejolly.eu

2. What Personal Data We Collect

We may collect the following categories of personal data when you interact with our website and services:

Identity data: name, billing and shipping address, email address, phone number.

Account data: login details, wishlists, saved preferences.

Order data: products purchased, order history, payment details (processed securely by Stripe or PayPal; we do not store full card details).

Technical data: IP address, browser type and version, device information, time zone, and cookies (see Cookie Policy).

Usage data: pages visited, items viewed, interaction with our website.

Marketing data: your preferences regarding newsletters and promotional communications.

We do not directly collect sensitive personal data (such as health or sexual orientation). However, purchase patterns may indirectly suggest interests, which may be used for targeted marketing.

3. How We Use Your Personal Data

We process your personal data for the following purposes and legal bases:

To fulfil orders and provide customer service (GDPR Art. 6(1)(b) – performance of a contract).

To manage your account and wishlists (GDPR Art. 6(1)(b)).

To send transactional communications (order confirmations, shipping updates) (GDPR Art. 6(1)(b) & (c)).

To process payments securely via third-party providers (Stripe, PayPal) (GDPR Art. 6(1)(b)).

To comply with tax, accounting, and legal obligations (GDPR Art. 6(1)(c)).

To improve our website and services using analytics tools such as Google Analytics and Meta Pixel (GDPR Art. 6(1)(f) – legitimate interest).

For fraud prevention and security monitoring (GDPR Art. 6(1)(f)).

For marketing and newsletters where you have opted in (GDPR Art. 6(1)(a) – consent).

You may withdraw your consent to marketing at any time.

4. Sharing Your Personal Data

We may share your personal data only with trusted third parties, including:

Payment processors: Stripe, PayPal.

Delivery and logistics providers: DHL, UPS, DPD, and others as necessary to ship your order.

Email marketing provider: Brevo (Sendinblue).

Analytics providers: Google Analytics, Meta Pixel, and similar services.

IT and hosting providers located in the EU and Switzerland.

All third parties are contractually bound to process your data securely and only for the specified purposes.

We do not sell your personal data to third parties.

5. Data Storage and Transfers

Your personal data is stored on secure servers located within the European Union and Switzerland.

If we transfer data outside the EU/EEA, it is only to countries with adequate protection under GDPR or subject to appropriate safeguards such as Standard Contractual Clauses (SCCs).

6. Data Retention

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

Order and transaction records: kept for the period required under Estonian and EU tax/accounting law (currently up to 7 years).

Customer accounts: retained as long as the account remains active.

Marketing data: retained until you withdraw consent.

We will delete or anonymise data when it is no longer needed.

7. Your Rights

Under GDPR, you have the following rights:

Right of access – to obtain a copy of your personal data.

Right to rectification – to correct inaccurate or incomplete data.

Right to erasure – to request deletion of your personal data, subject to legal retention requirements.

Right to restrict processing – to limit how we use your data in certain cases.

Right to object – to object to processing based on legitimate interests or for direct marketing.

Right to data portability – to request your data in a machine-readable format.

Right to withdraw consent – for processing based on consent (e.g. newsletters).

To exercise your rights, please contact us at privacy@lovejolly.eu
.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local EU/EEA data protection authority.

8. Children

Our websites and products are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us, and we will delete it.

9. Security

We use appropriate technical and organisational measures to protect your personal data, including encryption, secure servers, and access controls.
However, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

10. Marketing

We only send newsletters and promotional emails if you have opted in.

You can unsubscribe at any time by clicking the link in the email or contacting us.

We do not sell or rent your data for third-party marketing.

11. Links to Other Websites

Our website may contain links to external websites. We are not responsible for the privacy practices of such third parties.

12. Changes to this Policy

We may update this Policy from time to time. Any changes will be posted on this page with an updated “Effective Date.”

13. Contact Us

For questions, concerns, or to exercise your GDPR rights, please contact:

Pixta Commerce OÜ
Tuukri tn 19-202, Kesklinna linnaosa, 10120 Tallinn, Estonia
Email: privacy@lovejolly.eu