Privacy policy


The master processor of personal data of the e-store is PotiTomat OÜ.

What personal data is processed

  • - name, telephone number and e-mail address;

  • - delivery address;

  • - Bank account number;

  • - cost of goods and data related to payments (purchase history);

For what purpose personal data is processed

  • Personal data is used to manage customer orders and deliver goods.

  • Purchase history data (purchase date, goods, quantity, customer data) is used to compile an overview of purchased goods and to analyze customer preferences.

  • The bank account number is used to return payments to the customer.

  • Personal data, such as e-mail, telephone number, customer name, is processed to resolve issues related to the provision of goods and services (customer support).

  • The e-shop user's IP address or other network identifiers are processed to provide the e-shop as an information society service and to compile web usage statistics.

Legal basis

  • processing of personal data is carried out for the purpose of fulfilling the contract concluded with the customer, for fulfilling the legal obligation of the seller of the goods (accounting and settlement of consumer disputes) and for compiling online usage statistics.

  • Recipients to whom personal data is transmitted (authorized processors)

  • The name, telephone number, address and e-mail address will be forwarded to the transport service provider (Omniva or Itella) selected by the customer for delivery, if necessary. In the case of goods delivered by courier, the customer's address will be provided in addition to the contact details.

  • The name and cost of the goods will be forwarded to the payment service provider selected by the customer (bank links, payment service providers).

  • The IP address or other network identifiers of the e-store user are transmitted for the provision of the e-store as an information society service and for the use of web usage statistics (Google, Facebook).

Security and access to

  • Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated to the Privacy Shield framework or covered by the Standard Contractual Clauses

  • The employees of the e-store have access to personal data, in order to resolve technical issues related to the use of the e-store and to provide customer support services.

  • The e-shop implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure.

  • The transfer of personal data to the authorized processors of the e-store (transport service provider, payment solution providers and data hosting) takes place on the basis of agreements concluded with the e-store and the authorized processors. Authorized processors are required to ensure appropriate safeguards for the processing of personal data.

  • The authorized processors for processing payments are Payera, Maksekeskus AS, Everypay AS, banks according to the selected payment methods.

Accessing and correcting personal data

  • The collected personal data can be accessed and corrected by logging in to the e-shop in the user profile. This is in the "My Account" menu as well as in the order history.

  • If the purchase has been made without a user account, personal data can be accessed via customer support.

  • Withdrawal of consent

    • If the processing of personal data takes place on the basis of the customer's consent, the customer has the right to withdraw the consent by notifying the customer support by e-mail.


  • Upon closing the customer account of the e-store, personal data will be deleted, unless such data needs to be retained for accounting or resolution of consumer disputes.

  • If the purchase in the e-store has been made without a customer account, the purchase history will be stored for three years.

  • In the case of disputes relating to payments and consumer disputes, personal data shall be kept until the claim is fulfilled or the limitation period expires.

  • Personal data required for accounting purposes shall be kept for seven years.


  • To delete personal information, contact customer support via email. A request for deletion shall be answered within a month at the latest and the period for deletion shall be specified.


  • A request for the transfer of personal data submitted by e-mail will be answered within a month at the latest. Customer support identifies and notifies you of personal information that is subject to transfer.

Dispute resolution

  • Disputes related to the processing of personal data are resolved through the customer support of the PotiTomat OÜ e-store ( The supervisory authority is the Estonian Data Protection Inspectorate (

Tomato plants for your greenhouse, terrace or garden. Secure payments in the Internet bank. Lots of different and exciting varieties from around the world.