Privacy policy

Last updated: December 29, 2025

DATA CONTROLLER

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), the data controller responsible for the processing of personal data is: 

Mybeautylab OÜ (registration code 17390940). Address: Haabersti linnaosa, Pikaliiva tn 112, Tallinn, 13516, Estonia. Email: info@mylashy.com

If you have any questions about this Privacy Policy or the processing of your personal data, you may contact us using the details above.

myLashy operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). myLashy is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of personal information, depending on how you interact with the Services and as permitted or required by applicable law:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.
  • Financial information including credit card, debit card, and financial account numbers, payment card information, transaction details, form of payment, payment confirmation and other payment-related details.
  • Account information including your username, password, preferences and settings.
  • Transaction information including the items you view, add to your cart, purchase, return or exchange.
  • Communications with us, such as customer support inquiries.
  • Device information including IP address, browser type, device identifiers and network information.
  • Usage information regarding how and when you interact with the Services.

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you when you create an account, place an order, communicate with us, or otherwise provide personal information.
  • Automatically through the Services, including through cookies and similar technologies.
  • From service providers who process information on our behalf.
  • From partners or other third parties, where permitted by law.

How We Use Your Personal Information

We may use your personal information to:

  • Provide, tailor and improve the Services, including processing payments, fulfilling orders, managing accounts, shipping products, and handling returns.
  • Marketing and advertising, including sending promotional communications where permitted by law.
  • Security and fraud prevention, including protecting transactions and preventing misuse of the Services.
  • Communicate with you, including customer support and service-related communications.
  • Legal compliance, including compliance with applicable laws and enforcement of our terms and policies.

How We Disclose Personal Information

We may disclose your personal information in the following circumstances:

  • With Shopify, vendors and service providers who perform services on our behalf, such as IT services, payment processing, analytics, customer support, fulfillment and shipping.
  • With business and marketing partners to provide marketing services and targeted advertising, in accordance with their own privacy policies and applicable law.
  • When you direct or consent to such disclosure.
  • With affiliates or within our corporate group.
  • In connection with a business transaction or to comply with legal obligations.

Payment Processing (Maksekeskus)

Payments on our online store are processed via Maksekeskus AS, which acts as a payment service provider and payment intermediary. When you place an order and choose a payment method provided by Maksekeskus AS, personal data necessary for processing the payment (such as name, contact details, order details and payment-related information) may be transferred to Maksekeskus AS.

Maksekeskus AS acts as an authorized personal data processor (data processor) on our behalf for the purposes of payment processing and fraud prevention, in accordance with applicable data protection laws.

Depending on the payment method selected, payments may also be processed by other third-party payment service providers (such as PayPal or similar providers). These providers process personal data independently in accordance with their own privacy policies and applicable data protection laws.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information to provide and improve the Services. Information submitted through the Services may be transferred to Shopify and other service providers located outside your country of residence.

To learn more about Shopify’s data practices, please visit the Shopify Consumer Privacy Policy and Shopify Privacy Portal.

Third Party Websites and Links

The Services may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites.

Children's Data

The Services are not intended for children, and we do not knowingly collect personal information from children under the age of majority.

Security and Retention of Your Information

We use reasonable safeguards to protect personal information. However, no security system is completely secure. We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal information, as well as the right to data portability and to object to certain processing activities.

You may exercise your rights by contacting us using the contact details below.

International Transfers

Your personal information may be transferred outside your country of residence. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: info@mylashy.com
Address: Haabersti linnaosa, Pikaliiva tn 112, Tallinn, 13516, Estonia

For the purposes of applicable data protection laws, we are the data controller of your personal information.