Here is the English version of the privacy policy for My Magic OÜ. I’ve ensured the terminology aligns with standard GDPR (General Data Protection Regulation) phrasing to keep it professional and legally sound.

Privacy Policy of My Magic OÜ

The data controller of personal data is My Magic OÜ (address: Rävala pst 19, 10143 Tallinn, Estonia; reg. code: 12700808) (hereinafter We or Us).

This Privacy Notice:

• explains what personal data we collect about you;

• explains the grounds and purposes for processing your personal data;

• helps you understand your rights regarding your personal data.

I Our Role in Ensuring Your Privacy

We process personal data in compliance with Estonian and European Union legislation. We use data for the purposes for which it was collected and to the extent necessary to fulfill those purposes. Once the purpose is achieved, we delete or anonymize the personal data.

This Privacy Notice provides information and instructions when you visit the MyMagic website. It does not reflect the data processing of other companies’ websites or services offered by them.

You can always contact us by writing to gerli@mymagic.ee.

II When and How Do We Collect Your Personal Data?

Personal data (hereinafter Data) is information specifically or indirectly associable with you as a private individual. The composition of processed data depends on which specific services you use or, for example, which consents you provide. We adhere to the principle of data minimization—collecting only what is necessary to achieve the objective.

We receive data directly from you or collect it automatically, primarily in the following ways:

• When you browse our website;

• When you become our customer, order goods or services, or use our service;

• When you subscribe to our newsletter;

• When we communicate via email, phone, or other means;

• When you consent to receiving marketing offers;

• When you submit an information request or a complaint.

Occasionally, we may receive data from other sources (e.g., other companies or public registers such as the population register, commercial register, etc.) if necessary for entering into or performing a contract, or for fulfilling a legal obligation.

III What Data Do We Collect and Process?

We collect and process the following data (main examples, list is not exhaustive):

• Contact information: name, address, phone number, email address…

• Contractual data: data from contracts and related documents…

• Identification data: IP address, browser type and version, time zone setting, operating system and version…

• Usage data: URL clickstreams (path through our site), products/services viewed, page response times, duration of visit…

Sensitive Data

We do not collect sensitive (special category) personal data unless you disclose it to us yourself or provide specific consent. These include racial/ethnic origin, political views, religious/philosophical beliefs, trade union membership, genetic/biometric data, health data, or data regarding sexual orientation.

IV Legal Grounds and Purposes for Processing

All processing must be justified and lawful. We process data based on the following:

Definitions of Legal Grounds:

• Consent: You have given clear permission. You can withdraw it at any time by emailing gerli@mymagic.ee.

• Legitimate Interest: Necessary for our (or a third party’s) interests, provided they do not override your rights (e.g., developing services, ensuring security).

• Performance of Contract: Necessary to fulfill our agreement with you.

• Legal Obligation: Data processing required by law (e.g., accounting).

V Data Retention Periods

We store your data as long as necessary for the processing purposes or as required by law.

• Customer Data: Throughout the customer relationship and for two years after termination (unless otherwise agreed).

• Accounting Data: 7 years (as required by Estonian law).

VI Processing Location and Security

We process and store your data within Estonia, the European Union, or the European Economic Area (EEA).

Please remember:

• Always consider to whom you disclose your data.

• Data transmission is at your own risk; 100% security cannot be guaranteed online.

• Keep your usernames, passwords, and sensitive information private.

• If you suspect a data breach, notify us immediately.

VII Third Parties

We use third-party partners to simplify our operations and provide better service:

• Statistics/Analytics: Google Analytics

• Marketing: Facebook

• Newsletters: Klaviyo

VIII Your Rights

1. Right of Access: You have the right to know what data we hold about you.

2. Right to Rectification/Erasure: You can ask us to correct wrong data or delete your data (the “right to be forgotten”), especially regarding marketing profiles.

3. Right to Object: You can object to processing based on legitimate interest.

4. Right to Data Portability: You can request your data in a machine-readable format.

5. Right to File a Complaint: You can contact us (gerli@mymagic.ee) or the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).