Interested in our products?

We produce 100% compostable, beautiful and protective packaging to substitute single use plastic packaging.

ENFR
Products
Our footprint
Blog
Investors
Team & Careers
Contact

Privacy Policy

1. General Provisions

1.1. This Privacy Policy sets out the principles for collecting, processing, and storing personal data when a client uses the services of RAIKU Packaging OÜ. The data controller is RAIKU Packaging OÜ, registry code 16141487 (hereinafter referred to as the “Data Controller”).

1.2. For the purposes of this Privacy Policy, the data subject is the client or any other natural person whose personal data is processed by the Data Controller.

1.3. A client is any natural person who purchases goods or services from the Data Controller’s website.

1.4. The Data Controller processes personal data in accordance with applicable laws, ensuring that data is handled lawfully, fairly, and securely, and can demonstrate compliance with relevant legal requirements.

2. Collection, Processing, and Storage of Personal Data

2.1. Personal data is collected, processed, and stored electronically, primarily via the website and email.

2.2. By submitting their personal data, the data subject consents to the collection, use, and management of their data by the Data Controller for the purposes outlined in this Privacy Policy.

2.3. The data subject is responsible for ensuring that the personal data provided is accurate, correct, and complete. Knowingly providing false information constitutes a breach of this Privacy Policy. The data subject is obligated to inform the Data Controller of any changes to the submitted data.

2.4. The Data Controller is not liable for any damages resulting from incorrect or false data submitted by the data subject.

3. Processing of Client Personal Data

3.1. The Data Controller may process the following personal data:

  • First and last name
  • Email address
  • All data voluntarily submitted to RAIKU Packaging OÜ.

3.2. The Data Controller may also obtain data about the data subject from public registers.

3.3. Legal grounds for processing personal data (as per Article 6(1)(a), (b), (c), and (f) of the GDPR):

a) The data subject has given consent;
b) Processing is necessary for the performance of a contract or to take steps prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation;
f) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the data subject’s rights.

3.4. Purposes of processing and data retention periods:

  • Security and safety – retained in accordance with legal requirements;
  • Operation of the online store – retained in accordance with legal requirements;
  • Customer management – retained in accordance with legal requirements;
  • Financial activities and accounting – retained in accordance with legal requirements;
  • Marketing – retained in accordance with legal requirements or until consent is withdrawn.

3.5. The Data Controller implements appropriate technical and organizational measures to protect personal data from accidental or unlawful processing.

3.6. Personal data is retained based on the purpose of processing, but no longer than 3 years unless otherwise required by law.

4. Rights of the Data Subject

4.1. The data subject has the right to access their personal data.

4.2. The data subject has the right to receive information regarding the processing of their personal data.

4.3. The data subject has the right to correct inaccurate or incomplete personal data.

4.4. Where processing is based on consent, the data subject has the right to withdraw consent at any time.

4.5. To exercise their rights, the data subject may contact the Data Controller via email at info@raiku.co.

4.6. The data subject has the right to file a complaint with the Data Protection Inspectorate.

5. Transfer of Data Outside the EEA

5.1. We do not transfer your personal data outside the European Economic Area (EEA), unless it is necessary to provide a service (e.g., cloud services) and such transfer is carried out in compliance with applicable laws.

5.2. When data is transferred to service providers, we ensure that the data is protected with appropriate safeguards that meet GDPR requirements.

6. Data Processors and Third Parties

6.1. We work with trusted service providers who process your personal data on our behalf and in accordance with our instructions. All service providers have entered into data processing agreements that ensure the protection of your personal data.

6.2. We do not share your personal data with third parties except where required by law (e.g., at the request of authorities) or where necessary to provide services (e.g., payment service providers, logistics companies).

7. Changes to the Privacy Policy

7.1. We reserve the right to update this Privacy Policy in line with changes in legislation. All changes will be published on our website, and we will notify you of any significant changes at least 30 days in advance.

8. Final Provisions

8.1. These data protection terms have been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia, and the legal acts of the Republic of Estonia and the European Union.

9. Contact Information

9.1. If you have any questions regarding this Privacy Policy or wish to exercise your rights, please contact us via email at info@raiku.co.