Privacy Notice

Lilleoru NGO

What is the Privacy Policy?

The Privacy Policy (hereinafter referred to as “the Principles”) provides information on the following:

– What personal data (hereinafter referred to as “data”) Lilleoru (MTÜ Lilleoru and Lilleoru Keskus OÜ, hereinafter referred to as “Lilleoru”) collects and processes in connection with the provision of its services, products, and the website
– How Lilleoru collects and uses data related to the above.
– What measures we take to protect data and ensure privacy.

When and to whom do the Principles apply?

The Principles apply in all cases if you have used or are using Lilleoru services, products, or the Lilleoru website at (hereinafter referred to as “the Website”), or if you have shown interest in what Lilleoru offers and in this connection have provided us with your data or we have received your data (e.g., contact details, etc.). The Privacy Policy is an informative document and is not part of the contractual terms with Lilleoru.

What we follow when we process data?

Lilleoru processes data in accordance with the Privacy Policy, the General Data Protection Regulation applicable in Europe, and Estonian legislation related to Lilleoru’s field of activity.

Who is the Data Controller?

The responsible data controller is MTÜ Lilleoru (registry code 80143446, Taevasmaa tee 17, Aruvalla, Rae vald, Harjumaa 75320) and the subpage of the Lilleoru Keskus OÜ website (registry code 11514140, Taevasmaa tee 17, Aruvalla, Rae municipality, Harjumaa 75320).

What is Personal Data and What Data Do We Process?

Personal data (data) are data specifically or indirectly associated with you as an individual.

Lilleoru collects the following data:

– In order to provide services or sell products, we may ask you to provide us with, among other things, the following data:
– First and last name, name of representative, and contact person in the case of a company or institution.
– Personal identification number / registration code.
– Residence/location.
– Contact information (phone number, email address).

– In addition, we store and process the following data in connection with the provision of services, the sale of products, and the operation of the e-shop:
– The aforementioned data.
– Data necessary for logging in and electronic identification of the person (e.g., IP addresses, cookies).
– Correspondence between us.
– Information about the use of services offered by Lilleoru and participation in courses (e.g., which TMK courses you have attended).
– Statistical demographic data (e.g., age, gender, occupation).
– Data necessary for delivering goods (e.g., suitable parcel machine, delivery address, etc.).
– Data necessary to make payments (e.g., bank used by the buyer, etc.).
– Data related to orders (including pending orders) (e.g., data of goods added to shopping cart, payment data, etc.).

– We collect and use the following data in connection with the offer of the website and e-shop:
– Data on the use of our e-store and website, its services and functionalities, and information collected with the help of cookies (e.g., from which page the website was accessed, etc.).
– Data to personalize content and advertisements.
– Data to provide social media features.
– Data disclosed about the buyer in public databases or on the Internet (e.g., information about the buyer’s interests, e.g., Google Analytics data, data from Facebook, etc.).

For What Purposes and Legal Bases Do We Process Data?

Lilleoru processes data for the following purposes and legal bases:

1. Based on the performance of the contract:
– To fulfill the contract concluded for the provision of services and products.
– To manage the customer relationship.
– To enable access to services and products, including through the e-shop and/or website.

2. Based on our legitimate interest:
– To ensure the quality of services and products.
– To prove transactions and customer communication and to exercise Lilleoru’s rights (including debt collection).
– To provide additional services.
– For marketing analysis (e.g., to clarify your needs and preferences as a Lilleoru customer or website user, etc.).
– To perform customer satisfaction surveys and statistics.
– To offer a website and e-shop.

3. On the basis of the obligation arising from the law:
– For example, for accounting and data transmission to state authorities that have the right to do so, etc.

Do We Use Authorized Processors to Process Data?

We may authorize the processing of data to our partners (e.g., Human OÜ, Practical Consciousness SA etc.), who process data for our purposes, according to instructions and within the limits of authorization fixed in a written contract. You can request more detailed information about authorized data processors used by Lilleoru (e.g., names and locations, etc.) by writing to

What Do We Do to Protect Data and Ensure Integrity?

We ensure that all collected data is confidential and protected, and Lilleoru does not transfer, sell, or disclose data to third parties without a legal basis (which is, for example, your consent or if we are required to do so by law, etc.). We guarantee the correctness and security of the processed data. You are also responsible for the correctness of the data published by you. The website may contain links to websites or services of third parties. Their websites and services have different privacy policies.