Privacy Policy

What is Privacy Policy?

This Privacy Policy (hereinafter also as Principles) describes the following:

  • what personal data (hereinafter as data) MTÜ Lilleoru and Lilleoru Keskus OÜ (hereinafter as Lilleoru) collects and processes regarding offering its services and products, including offering its services and products via its websites;
  • how Lilleoru uses and collects data;
  • what measures Lilleoru takes to guarantee safety and integrity of data.

When and to whom these principles apply?

Principles apply when if you have used or are using Lilleoru services, products or the Lilleoru website at (hereinafter as website) or you are interested in what Lilleoru offers and in connection with this you have communicated to us or contact details, etc. Privacy Policy is an informative document and is not part of any contract concluded with Lilleoru.

How do we process data?

Lilleoru processes data in accordance with the Privacy Policy, EU General Data Protection Regulation and Estonian legislation related to Lilleoru's field of activity.

Data controller:

MTÜ Lilleoru (registry code 80143446, Taevasmaa tee 17, Aruvalla, Rae vald, Harju County 75320, ESTONIA) and Lilleoru Keskus OÜ for the homepage subpage (registry code 11514140, Taevasmaa tee 17, Aruvalla, Rae vald, Harju County 75320, ESTONIA).

What is personal data and what data do we process?

Personal data (data) is data that is specifically or indirectly related to you as an individual.

Lilleoru collects the following data:

1. In order to provide services or sell products, we ask you to provide us with the following information, among others:

  • Full name (given name and last name) or in case of a legal person, the name of its representative and contact person;
  • Personal code or in case of a legal person, registry code;
  • Address;
  • Contact details (phone number, e-mail).

2. In addition, we store and process the following data in connection with the provision of services, the sale of products and online shop services:

  • Data listed above;
  • Data that is needed for login and authentication (for instance IP-address, cookies);
  • Correspondence between you and Lilleoru;
  • Information about the use of the services offered by Lilleoru and participation in the courses (eg which Art of Conscious Change courses have you participated in);
  • Statistical demographic data (for instance age, gender, profession);
  • Data necessary for delivery of the goods (eg suitable parcel machine, delivery address, etc.);
  • Data necessary for making the payment (eg the bank used by the buyer, etc);
  • Data related to orders (incl. pending orders) (eg data of goods added to the shopping cart, payment data, etc).

3. We collect and use the following data in connection with the provision of the website and online shop services:

  • Data on the use of our e-store and website, its services and functionalities, and information collected with the help of cookies (eg from which page the website was accessed, etc.;
  • Data to personalize content and ads;
  • Data for providing social media functions;
  • Data about the buyer published in public databases or on the Internet (eg information about the buyer's interests, eg data from Google Analytics, data from Facebook, etc.).

What is the purposes and legal basis for data processing?

Lilleoru is processing data for the following purposes and under the following legal basis:

1. On the basis of complying with the agreement:

  • To perform the agreement for the provision of services and products;
  • Customer relationship management;
  • Providing access to services and products, including via online shop and our home page.

2. On the basis of our legitimate interests:

  • To ensure the quality of services and products;
  • To prove transactions and customer communication and to exercise the rights of Lilleoru (incl. to claim a debt);
  • To provide additional services;
  • For marketing analysis (eg to explain your needs and preferences as a Lilleoru customer or website user, etc.);
  • Customer satisfaction surveys and statistics;
  • To provide a website and online shop offers.

3. On the basis of a legal obligation:

  • For example, for accounting and transmission of data to authorized public authorities, etc.

The use of authorized data processors.

We may authorize the processing of data to our contractual partners (eg Human OÜ, etc.) who process the data for our purposes, in accordance with the instructions and within the limits of the authorization fixed by a written agreement. You can request more detailed information about the authorized data processors used by Lilleoru (eg names and locations, etc.) by writing to

What do we do to protect data and ensure privacy?

We guarantee that all data collected is confidential and protected, and Lilleoru does not transfer, sell or disclose data to third parties without a legal basis (such as your consent or if we are required to do so by law, etc.). We guarantee the accuracy and security of the processed data. You are also responsible for the accuracy of the information you disclose. The website may contain links to third party websites or services. Their websites and services have different privacy policies. Lilleoru is not responsible for the privacy policies of third parties or the processing of data related to its activities, and we recommend that you read the privacy policies of each third party separately before using the website or service.

How do we ensure data security?

We implement necessary IT technical, organizational and physical security measures to protect data from unauthorized persons and against unintentional or unlawful deletion, alteration, disclosure, transfer or other unauthorized or unlawful processing. Only certain authorized persons have access to change and process the data. All information in our organization is treated as confidential information. Lilleoru is not responsible for third party access to the devices under your control, the Internet and their security.

What do you need to do to protect your data?

To ensure data security, our website and online shop must be used carefully and with secure devices (eg computer, smartphone, application, etc.). Usernames, passwords, passwords, as well as ID card, Mobile ID and Smart-ID PIN codes related to you, your device or our website or online shop must be kept secret and protected. Please be aware that we cannot guarantee the security of the data and are not liable for any possible negative consequences if the data is not protected due to your own failure to comply with the above security requirements.

Are we transferring data outside the European Union?

We generally process data within the European Union, but in some cases they are transmitted and processed (including stored) in countries outside the EU (eg direct marketing service providers). For more detailed information on data transfer outside the EU, please contact us at e-mail

How do we use your contact information for marketing purposes?

If we have received your contact information in connection with the provision of our services or the sale of products, we may send you offers for our products or services either by post or e-mail, unless you have prohibited us from doing so. We may also provide Lilleoru with offers for similar or related services or products made by our carefully selected partners (eg Human OÜ). The partner will not have access to your data unless you have expressed a specific interest in the partner's goods or services.

How can I unsubscribe from the offers?

You have the right to contact Lilleoru at any time to indicate your wish not to receive personal offers. To unsubscribe from newsletters and direct marketing letters, each newsletter and / or direct mail has a link (unsubscribe). You can also cancel by writing to If you have canceled the offers, but still want to receive them in the future, it is possible to allow sending offers again by joining the newsletter recipients via the Website or by writing to In connection with the provision of the service and / or products, Lilleoru has the right to contact you at any time and send you a feedback e-mail at any time in order to improve the quality of the service.

What are Cookies and how do we use them?

For the website to function properly, the website stores small files - so-called cookies - on the device of this user (hereinafter user). A cookie is a small text file that a website stores on a user's computer or mobile device when a user of the website visits a service provider's website. This allows the website to remember user actions and preferences (such as username, language, text size, and other similar display preferences) for a period of time. This way, the user does not have to re-enter them each time they return to the page or browse the pages. The legal basis for the use of cookies is our legitimate interest in ensuring the technical functionality and functioning of the website in accordance with the user's preferences. Cookies are usually valid for a short period of time (day, week or month), in some cases they can be valid for up to a year. We may use cookies and cookie-like tools to provide and improve service quality and to improve the user experience. Cookies may also be used by third parties whose services we use. Cookies are used for several reasons:

  • to personalize content and ads;
  • to provide social media features;
  • to analyze the use of websites.

We may also provide our social media, advertising and analytics partners with information about how the website is used. The use of such cookies is not directly necessary for the functioning of the website, but it ensures a better browsing experience. Cookies can be deleted or blocked, but in this case not all functions of the website may work as intended. Cookies help us to offer our services and products better and more personally.

How can I control the use of cookies?

The user can check and / or delete cookies as desired (see The user may delete all cookies already on the computer and reject the cookies at any time by changing the settings of their web browser (if the web browser allows it) or by terminating the use of the website. Please be aware that certain features of the website can only be provided using cookies and if you refuse cookies, these features may not be available to you. You can disable cookies in your browser settings or by visiting websites


What is Google Analytics and how do we use it?

Lilleoru may use Google Analytics, a web analytics service provided by Google, Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses cookies to analyze how a user uses your website. The information collected by the user about the use of the website by cookies is usually transmitted to and stored on Google's servers in the USA. Because we've enabled IP anonymization, Google shortens the user's IP address (for the European Union or other European Economic Area countries). At the request of the website provider, Google will use the information collected to analyze user activity on the website and to report on what is happening on the website. As discussed above, the user can disable the storage of cookies on the user's computer with the settings of the web browser, but in this case the user will not be able to use all the functions of the website. The user may disable the collection of their data by Google Analytics at any time. To do so, the user must download and install the appropriate browser add-on from the following website:

What are Facebook’ modules?

The website may have integrated Facebook add-ons (1601 S. California Avenue, Palo Alto, CA 94304, USA) "Like" and "Share". For an overview of Facebook add-ons, visit the developers website at When a user visits a website, a direct connection is established between the user's web browser and the Facebook server, using these plug-ins, through which Facebook receives information that the user has access to our website from their IP address. If the user is logged in to Facebook and presses the "Like" or "Share" buttons, the user can link the content of the website to their Facebook profile, through which Facebook can reflect the specific use on the user's wall. We do not receive any information about the transferred data or its use on Facebook. For more information, visit Facebook's privacy policy: If the user does not want the user's Facebook account to reflect the visit to the service provider's page, the user must log out of Facebook.

What, how and for what reason the website keeps logs?

The server hosting our website may store queries made by the user to the server (web address opened by the user, browser and device used by the user, IP address, access time). This data is used only for technical purposes to ensure the operation and security of the website and to detect security incidents.

How you can get to know the data in more detail and submit requests for data?

You can get more detailed information about your data by asking questions at the e-mail address or via your e-shop account. If the data has changed or is incorrect for any other reason, you must notify the e-mail address or change it yourself in the e-shop. We have the right to respond to such inquiries within 30 days.

What are your rights regarding personal data?

You have the following rights regarding your data:

  • You have the right to access your personal data at any time;
  • Right to accuracy of personal data. If you have discovered incorrect data or changed your personal data while reviewing your data, you can always change them either in our online shop or by contacting us;
  • The right to be forgotten. In certain cases, you have the right to have your data deleted. This applies in particular to data processing based on consent and legitimate interests. This includes, for example, marketing profiles and the like. Complete deletion of data is not possible if we also use the data for other purposes, in connection with which deletion of data is not permitted either by contract or law (eg contracts and invoices must be kept for 7 years under the Accounting Act). The final deletion of data cannot be requested before the online shop order has been fulfilled and the time for submitting claims has elapsed, as in this case we will have to process the data in order to fulfill your order;
  • Right to object. You have the right to object to the processing of data concerning you, which we do on the basis of a legitimate interest. If an objection is submitted, we will terminate the data processing if possible;
  • The right to restrict the processing of data concerning you. You have the option of restricting the processing of data by notifying us in the following cases: to verify the accuracy of personal data if you have challenged its accuracy; to record illegal data processing; you need data to prepare, file or defend a legal claim; you object to the consideration of a legitimate interest and wish to limit the processing until a decision is taken;
  • The right to contact us or the supervisory authority and the court if you would like further information regarding the use of your data. If you think your privacy has been violated, you can contact the Data Protection Inspectorate.

How long we keep the data?

We will only store your data for as long as necessary to achieve the purposes of the data processing stated in the privacy policy or as long as required by law (eg contracts and invoices must be kept for 7 years under the Accounting Act). For more information on data retention periods, please contact us at e-mail

How do we Amend our privacy policy?

Our current privacy policy is available on Lilleoru's website Lilleoru has the right to change and supplement the principles at any time without prior notice or by notifying, for example, by e-mail or on the website.

What to do if you want more information about data processing?

If you would like a more detailed explanation of your data processing, please write to us at e-mail We will respond to your inquiry as soon as possible, but no later than within 30 days.