Last updated: 10 April 2026
EcoReuse is a brand of ManArt OÜ, an Estonian company registered at Kadaka tee 2, 10621 Tallinn. We take your privacy seriously. This policy explains what personal data we collect when you use our website or place an order, why we need it, how long we keep it, and what rights you have under the EU General Data Protection Regulation (GDPR).
1. What data we collect
Order form: company name, registration number, contact name, email, phone, event details, delivery address, comments you provide.
Contact form: name, email, phone, message.
Automatically: IP address (used only for rate-limiting and security), browser user agent in server logs.
Analytics (only if you accept cookies): anonymised Google Analytics data — page paths, approximate location derived from anonymised IP, device type.
2. Why we collect it (legal basis)
Order processing — performance of contract (GDPR Art. 6(1)(b)). We need your data to prepare documents, deliver dishware and issue invoices.
Security and rate-limiting — legitimate interest (Art. 6(1)(f)). We block abusive traffic and prevent spam.
Analytics — explicit consent (Art. 6(1)(a)). You can withdraw consent at any time by clearing your browser storage; the cookie banner will reappear.
3. Who we share it with
Google Workspace (Gmail, Google Sheets) — for storing orders and sending emails.
Zone.ee — our email hosting provider (Estonia, EU).
Google Analytics — only if you accept analytics cookies. IP is anonymised before storage.
We do NOT sell your data, do NOT use it for advertising, and do NOT share it with third-party marketing networks.
4. How long we keep it
Order data — 7 years, as required by Estonian accounting law for commercial documents.
Contact-form messages — up to 12 months, then deleted unless an ongoing conversation justifies longer retention.
Analytics data — 14 months maximum, as configured in Google Analytics.
5. Your rights under GDPR
You have the right to: access your data, correct inaccurate data, request deletion (subject to legal retention rules), restrict processing, data portability, and object to processing based on legitimate interest.
You can also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe we have mishandled your data.
6. Security
We use TLS for all traffic, strict Content Security Policy headers, rate-limiting on all forms, input sanitisation against injection attacks, and server-side secret storage. No secrets are ever exposed to the client.
For any privacy-related request, email info@ecoreuse.ee with the subject line 'Privacy request'. We respond within 30 days as required by GDPR.