Privacy Policy

Last Updated: December 02, 2025

1. Introduction

Welcome to nordih.com (the “Website”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how RePlast OÜ (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you visit our Website or purchase our products.

This policy is compliant with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

Data Controller Details

The entity responsible for your personal data is:

• Company Name: RePlast OÜ
• Registry Code: 11979263
• Address: Valdeku tn 168, 11217, Tallinn, Harju maakond, Eesti Vabariik
• Email: info@nordih.com

If you have any questions about this policy or how we handle your data, please contact us at info@nordih.com.

2. Personal Data We Collect

We process personal data to fulfill orders, improve our services, and for marketing purposes. We may collect the following categories of data:

1. Identity Data: First name, last name.
2. Contact Data: Billing address, delivery address, email address, and telephone number.
3. Financial Data: Payment details (such as partial credit card details, payment method used).
   • Note: We do not store full credit card numbers on our servers. All direct payment gateway adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council.
4. Transaction Data: Details about payments to and from you and other details of products you have purchased from us.
5. Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
6. Usage Data: Information about how you use our Website (e.g., clicks, time spent on page).
7. Marketing & Communications Data: Your preferences in receiving marketing from us and your communication preferences.

3. How We Collect Your Data

We collect data through:

• Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
  • Place an order on our Website;
  • Subscribe to our newsletter;
  • Request marketing to be sent to you; or
  • Give us feedback.
• Automated Technologies: As you interact with our Website, we may automatically collect Technical and Usage Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies (see Section 8).

4. Purpose and Legal Basis for Processing

Under GDPR, we must have a legal basis to process your data. We rely on the following:

Purpose/Activity	Type of Data	Legal Basis for Processing
To process and deliver your order (manage payments, fees, and charges; collect and recover money owed to us).	Identity, Contact, Financial, Transaction	Performance of a Contract (We cannot send your goods without this info).
To manage our relationship with you (notify you about changes to our terms or privacy policy; ask you to leave a review).	Identity, Contact, Profile	Legal Obligation and Legitimate Interests (to keep our records updated).
To administer and protect our business (troubleshooting, data analysis, testing, system maintenance, support, reporting).	Identity, Contact, Technical	Legitimate Interests (for running our business, provision of administration and IT services).
To deliver relevant website content and advertisements to you and measure the effectiveness of the advertising we serve to you.	Identity, Contact, Profile, Usage, Marketing, Technical	Consent (where required for tracking/cookies) or Legitimate Interests (to study how customers use our products).
To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences.	Technical, Usage	Legitimate Interests (to define types of customers for our products, to keep our website updated and relevant).
To make suggestions and recommendations to you about goods or services that may be of interest to you (Email Marketing).	Identity, Contact, Technical, Usage	Consent (You can opt-out at any time).

5. Disclosure of Your Personal Data

We may share your personal data with the parties set out below for the purposes set out in the table above.

Payment Processors

We use third-party payment processors to handle secure payments. We do not store your full credit card details.

• Modena Estonia OÜ: For Buy Now, Pay Later and installment solutions.
• Stripe & PayPal: For credit card and wallet payments.
  • Data shared: Name, billing address, transaction amount, and order details necessary to process the payment.

Service Providers

• Delivery Companies: Courier services (e.g., Omniva, Itella, DPD, DHL) to deliver your products.
• Email Marketing: We use Mailchimp to manage our email marketing lists and send emails to subscribers.

Analytics & Advertising Partners

We share aggregated or pseudonymized data (cookies/identifiers) with the following partners to analyze site traffic and serve ads:

• Google Analytics & Google Ads
• Meta (Facebook) Pixel
• Microsoft Clarity
• Pinterest Ads
• TikTok Ads

Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., Estonian Tax and Customs Board).

6. International Transfers

Some of our external third parties (like Google, Meta, Stripe, Mailchimp) are based outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers (e.g., in the US), we may use specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Accounting Documents: In Estonia, we are legally required to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for 7 years after they cease being customers for tax purposes.
• Marketing Data: We keep your data for marketing purposes until you unsubscribe or withdraw your consent.

8. Cookies and Tracking Technologies

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our site.

We use the following types of cookies:

• Strictly Necessary Cookies: Required for the operation of our Website (e.g., adding items to the cart, secure checkout).
• Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Website (Google Analytics, Microsoft Clarity).
• Targeting/Advertising Cookies: These cookies record your visit to our Website, the pages you have visited, and the links you have followed. We use this information to make our Website and the advertising displayed on it more relevant to your interests (Facebook Pixel, Google Ads, Pinterest Ads, TikTok Ads).

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly.

9. Your Legal Rights

Under GDPR, you have rights in relation to your personal data. You have the right to:

1. Request access to your personal data (commonly known as a “data subject access request”).
2. Request correction of the personal data that we hold about you.
3. Request erasure of your personal data (“right to be forgotten”), subject to legal retention requirements (e.g., tax laws).
4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
5. Request restriction of processing of your personal data.
6. Request the transfer of your personal data to you or to a third party.
7. Withdraw consent at any time where we are relying on consent to process your personal data (e.g., newsletter subscription).

To exercise any of these rights, please contact us at info@nordih.com. We try to respond to all legitimate requests within one month.