🔒 Privacy Policy
Last updated: 04.05.2025
Welcome to Dragon Bean Roastery! This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have.
By using our website https://dragonbean.eu, you agree to the terms described below.
📌 Who we are
Our website address is: https://dragonbean.eu.
We are Dragon Bean Roastery OÜ, a company registered in Estonia (registry number 17189154, VAT number EE102836334).
Our address is Astangu 20-128, 13519 Tallinn, Estonia.
If you have any questions about your data, reach out to us at [email protected].
🛍️ What we collect and store
When you use our store, we collect information to make the experience smooth and to process your orders. This includes:
- Products you’ve viewed – we use this to show recently viewed items
- Your location, IP address and browser type – used to estimate taxes and shipping
- Shipping address – so we can send you your coffee!
- Cart contents – saved in cookies while you browse
When you place an order or register, we ask for:
- Your name
- Billing and shipping address
- Email address
- Phone number
- Payment details
- Optional account info (username, password)
We use this information to:
- Send order confirmations and updates
- Respond to questions or refund requests
- Process payments securely
- Set up your customer account
- Comply with legal requirements (like VAT and accounting rules)
- Improve your experience
- Send newsletters (if you’ve opted in)
If you create an account, we store your details to speed up future checkouts.
🍪 Cookies
We use only essential cookies that help the website work properly. These include:
- Cookies to keep items in your cart
- Login cookies to manage your session
- Security cookies to protect forms from bots
- Cookies for basic store functionality (like remembering your settings)
You can’t disable these cookies through our banner since they’re required for the site to function.
We don’t use marketing or analytics cookies.
🛒 How long we keep your data
We only keep personal data for as long as necessary. Here’s how long we retain common types of data:
| Type of Data | Retention Period |
|---|---|
| Inactive accounts | 12 months |
| Pending/cancelled orders | 30 days |
| Failed orders | 7 days |
| Completed/refunded orders | 7 years (as required by law) |
| Email logs | 14 days |
👥 Who on our team can see your data
Members of our team who help run the store (like administrators and managers) have access to:
- Order information (e.g. items purchased, shipping details)
- Customer details (e.g. name, email, billing/shipping address)
This access is necessary to fulfill orders, handle support requests, and issue refunds.
🤝 What we share with others
We don’t sell your data. However, we share necessary data with trusted third-party providers who help us:
- Process payments securely
- Deliver your orders
- Send emails (order updates, newsletter opt-ins)
- Provide web hosting and performance/security features
- Maintain legally required accounting records
All providers are bound by data protection agreements and comply with GDPR.
🧾 Comments and uploads
If comments or reviews are enabled:
- When you leave a comment, we collect the data in the comment form, plus your IP and browser info for spam protection.
- If you upload images, avoid uploading images with embedded GPS data (EXIF), as visitors can download and extract it.
We may use services that check comments for spam automatically.
📬 Newsletter and marketing communications
If you choose to subscribe to our newsletter, we will collect and process your email address. Subscriptions are managed through a trusted email marketing provider that complies with the GDPR.
We use a double opt-in system: you will need to confirm your subscription via email before receiving any communications. Every email includes an unsubscribe link, and you can opt out at any time.
You’ll be informed at the time of subscribing that your email address may be shared with our email platform provider for processing in accordance with their privacy policy.
🗂️ Your rights over your data
You have the right to:
- Access the data we hold about you
- Request correction or deletion of your data
- Download a copy of your data
- Withdraw consent (where applicable)
- Object to or restrict certain types of processing
To make a request, email [email protected]. We respond within a reasonable time.
🧹 Data erasure
You can request the deletion of your account and personal data.
Our website also supports bulk erasure for orders if requested.
Note: we may retain data required by Estonian law (like invoices) even after account deletion.
🔐 Security
We use secure connections (HTTPS), spam protection tools, and other safeguards to protect your data.
Only authorized personnel can access your account or order info.
🔄 Changes to this policy
We may update this policy from time to time.
The current version will always be available at https://dragonbean.eu/privacy-policy.