Astri Group Privacy Policy

The Privacy Policy applies to the use of the Astri.ee environment (hereinafter referred to as the Online Store) and the purchase of gift cards, as well as the processing of data collected by the shopping centers of the Astri Group (hereinafter referred to as the Center). The Online Store is managed by Astri Internet OÜ (registration code 12555312, address Lääneringtee 39, Tartu 50501), while the Centers are managed by different legal entities. You can view the list of Centers and their managers here. For clarity and simplicity, in these privacy terms, the managers of the Online Store and Centers belonging to the Astri Group are collectively referred to as Astri. Astri is the data controller of the collected personal data. The Privacy Policy describes how Astri processes (including collects, uses, discloses, stores, transfers, deletes, etc.) personal data. It also provides information about your rights as a data subject. Please read the Privacy Policy carefully before submitting any data, using services, or entering into agreements. The Privacy Policy is an inseparable part of the Online Store Terms of Use https://astri.ee/kasutustingimused/. On matters not regulated by the Privacy Policy, Astri follows the applicable legal acts.

1.1. Identification data and general information – first and last name,
personal identification code, gender, online store username;
1.2. Contact information – postal address, email, phone number;
1.3. Consumer behavior data – preferred parcel lockers, preferred
payment methods, preferred centers, etc.;
1.4. Purchase data – receipt numbers, campaign codes, bank account
number, orders placed, gift card usage locations, etc.;
1.5. Customer feedback – ratings, email statistics, etc.;
1.6. Digital data in the online store – web cookies, log information,
etc.

2.1 Astri collects personal data when a user (for the purposes of these privacy terms, a user is both an Online Store user and a Center visitor): 

2.1.1. registers an Astri ID account (hereinafter referred to as the account); 

2.1.2. updates account information; 

2.1.3 performs searches; 

2.1.4 orders a gift card; 

2.1.5 participates in campaigns (for example, coupon campaigns organized in the Centers); 

2.1.6. participates in the loyalty program; 

2.1.7. submits information via Astri Group customer support. 

2.2. Astri collects cookies about all Website visitors (including non-users).

3.1 Astri processes the user's first name, phone number, address (if you choose delivery via courier), and email address primarily for the sale and delivery of a gift card, that is, for the preparation, conclusion, and fulfillment of the contract, as well as for resolving any disputes arising from the contract. 

3.2 If the user has provided Astri with personal data, the user can additionally grant Astri the right to send information about Astri’s (including the Web Store’s and various Centers’) products and services (direct marketing offers) on a voluntary basis. In this case, Astri processes the user's personal data with the user's consent for making offers, including personalized offers. The user can give such consent during registration or later via their account at https://astri.ee/account/ (hereinafter via their account). For the purpose of making better offers, the user can add additional information to their account, such as gender, personal identification code, etc. Giving consent for direct marketing offers is voluntary and the user has the right to withdraw their consent at any time via their account. This means that processing will be stopped from the moment the consent is withdrawn. 

3.3 Astri may also process personal data on the basis of consent in other cases (for example, for participation in loyalty programs or campaigns); in such cases, the purpose of processing will be specified during the collection of consent. Every consent given for processing is voluntary and can be withdrawn at any time. This means that processing will be stopped from the moment the consent is withdrawn. 

3.4 Astri processes personal data in order to fulfill obligations arising from legal acts. These obligations mainly derive from the European Union General Data Protection Regulation, the Personal Data Protection Act, the Law of Obligations Act, and other applicable legislation. For example, in connection with legal obligations, Astri processes the user's purchase data, which is also necessary for fulfilling accounting obligations. 

3.5 Astri processes personal data based on Astri’s legitimate interest, including for business purposes and for security purposes (detection and prevention of fraud). For example, Astri has a legitimate interest in retaining user data for the duration of the limitation period for claims arising from the contract in order to protect its rights. Astri may also process consumer behavior data based on legitimate interest. Astri collects data about the user’s preferred payment methods, parcel machines and postal addresses, viewed offers and searches, participation in campaigns, and other consumer behavior in order to offer the user the most convenient shopping experience and personalized service. In every such case, Astri will thoroughly assess whether its interests in processing outweigh the interests and rights of the user. If Astri finds that the processing is justified, it will implement sufficient measures to ensure the protection of the user’s rights, including fairness, impartiality, and accuracy of the processing. 

4.1 Astri has both the right and the obligation, arising from legal acts, to retain collected personal data. Astri does not retain personal data longer than necessary for fulfilling obligations to the user or those arising from legal acts, or for asserting or defending Astri’s legal claims, except where the user has given consent for longer retention and processing of the data. 

4.2 Astri generally retains data related to the user’s account and purchases while the account remains active and for three years and three months after the account is deleted. If Astri has reason to believe that the user has intentionally breached obligations towards Astri, Astri may retain the user's data for ten years and three months after the account is deleted. You can submit a request to delete your account via your account in the Online Store. 

4.3 Astri will retain your account for five years from the date of your last purchase (active account), unless you have explicitly expressed a wish to delete the account. If you have not made any purchases within five years, Astri will send you an inquiry to check the activity of your account. If you do not respond to the inquiry within the specified period, Astri will assume your account is inactive and may delete your account. 

4.4 Astri retains accounting source documents, including any personal data contained therein, for seven years from the end of the financial year in which the transaction was recorded in the accounting register based on the source document. 

4.5 If you wish to receive additional information regarding the retention of your data, please submit a request via your account.

5.1 Astri transmits personal data to the extent and in the form necessary to fulfill the purposes listed in the privacy policy. Astri may transmit personal data to authorized processors who need access to the data in order to provide services to Astri. Data disclosure is carried out so that Astri can fulfill contracts (orders) concluded with the user. 

5.2 Astri generally ensures the processing and storage of data within the territory of the European Union, except for the user's email address if the user has given consent to receive direct marketing offers. Astri may also use authorized processors whose servers are located outside the European Union. In doing so, Astri ensures the comprehensive security of your personal data, including, among other things, compliance with the EU-US Privacy Shield Framework or by applying other data protection measures required by legislation. 

5.3 Astri will also disclose personal data if there is a legal obligation to do so. Such an obligation to disclose data may arise, for example, at the lawful request of authorities. 

6.1 Astri processes personal data in balance with the rights and freedoms of the user and in accordance with applicable laws.

6.2 The user has the right to obtain information about the types and sources of collected personal data, as well as the purposes of their use. The user can access the collected data in the Online Store on their account page. The user has the right to receive copies and extracts of the personal data processed by Astri. The user has the right to request the transfer of personal data, including the transfer of personal data to another data controller. The requested data will be sent by email in a machine-readable file.

6.3 If the data is incorrect or inaccurate, the user has the right to request that the data be supplemented or corrected.

6.4 The user has the right to request the deletion of personal data. The user's data will not be deleted and processing will not be terminated if this would conflict with the obligation to process personal data or if there is another basis for continuing the processing. Termination of personal data processing may prevent the provision of the service. In particular, the user has the right to request the termination of personal data processing and deletion of data if: the personal data is no longer needed for the purpose for which Astri processed it; the user withdraws their consent for processing and there is no other legal basis for processing the personal data; the user objects to the processing of personal data and there are no overriding legitimate reasons for processing; the personal data has been processed unlawfully; or the personal data must be deleted to comply with a legal obligation.

6.5 Please submit all questions and requests regarding the processing of personal data through your account. If you do not have an Online Store account or are unable to use it for any reason (for example, if you cannot log in), you can contact Astri by email at astri@astri.ee. Astri will respond to submitted questions and requests within one month at the latest. Disputes will be resolved through negotiations.

6.6 If the user considers that Astri has violated the user's rights and the dispute could not be resolved through negotiations, the user has the right to contact the Data Protection Inspectorate or a competent court.

7.1 Astri collects cookies from all website visitors (including non-users). Cookies are small text files that are stored on your device (computer, phone, tablet, etc.) via your web browser when you visit the website. Cookies are primarily used to ensure the smooth and efficient functioning of the website, as well as to provide a more convenient and personalized user experience. Cookies collect information about your use of the website and store data on your device to help you log in to your account, remember the contents of your shopping cart while shopping in the e-store, and analyze your visits to our website. Cookies do not collect data from your device. 

7.2 When you first visit the website, you will be notified about the use of cookies. You can disable the use of cookies at any time by changing your browser settings. To remove cookies that have already been installed on your device, you need to change your browser settings or manually delete the cookies. You can disable all cookies in your browser. If you disable the use of cookies, some parts of the website may not function properly and your use of the website may be affected. 

7.3 The Astri website uses session cookies and persistent cookies. Session cookies are stored on your device during your browser session and are deleted from your device after you close your browser. Persistent cookies are stored on your device between browser sessions. Persistent cookies allow your preferences or actions on the website to be remembered. Persistent cookies remain on your device after you close your browser and will be retained until you delete the cookies from your browser. 

7.4 The Astri website uses the following types of cookies: necessary cookies, analytical cookies, and third-party cookies. Necessary cookies are used to ensure the correct and secure functioning of the website; they are essential for using the website and for the operation of certain functions. Analytical cookies collect information about how many visitors our website receives, where visitors come from, etc. Analytical cookies allow us to improve the overall user experience. Third-party cookies enable us to display personalized and relevant advertisements, which visitors may also see when visiting other websites. 

7.5 We also draw your attention to the fact that the Astri website contains links to various public social media channels of the Astri Group and e-store partners, as well as to third-party websites. Astri is not responsible for the content or security of third-party websites; the owners of those websites are responsible for their security. If you visit any third-party websites or social media pages, please review the specific privacy policies of those websites. 

7.6 If you post messages, pictures, or comments on Astri's public social media pages or share Astri's social media posts on your own social media pages, please remember that information posted on public social media channels can be accessed by any user or visitor of the respective social media channel. We recommend that you make sure in advance that the data you share on social media is information you wish to make public. 

Astri reserves the right to make changes to the privacy policy. The terms may be amended primarily (but not exclusively) to comply with data protection legislation. Changes will be published in the e-store. The terms in force at the time of the transaction apply to the transaction. 

These privacy terms are published as of 18.06.2025.