Privacy Policy

Our website is committed to protecting the privacy of our customers and users. Based on this, we have prepared these privacy policy principles, which deal with the collection, use, publication, transmission and storage of customer data. Our activities on the Internet are in accordance with all relevant activities and the relevant legislation of the European Union and the laws of the Republic of Estonia. Please take the time to familiarize yourself with our privacy policy.

Collection and use of personal data

We are the sole owners of the information collected on the CRU website. We only have access to collected information that you voluntarily provide to us via email or other direct contact. We do not sell or rent this information. We use information about you to respond to the question you contacted us about. We will not share information about you with any third party outside of our organization unless it is necessary to fulfill your request. We may contact you by email in the future to notify you of special offers, new products or services, or changes to this Privacy Policy, unless you have indicated that we do not wish to do so.

Collection of other data

We also collect non-personalized data – data that cannot be directly linked to a specific person (gender, age, language preference, location). We may also collect data about customer activities on our website. This data is aggregated and used so that we can deliver more useful information to customers and learn which parts of the website, products and services are of most interest. Aggregated data is treated as non-personalized data in this privacy policy.

Use and storage of data

With the help of collected personal data, we can inform customers about news, campaigns and future events. A customer who does not want to be on our newsletter list or receive notifications about packages that may be of interest to him can remove himself from the target group of recipients at any time. We also use the collected personal data to deliver the goods and to fulfill our obligations to the customer. By accepting the terms of the privacy policy, the customer gives us consent to the automated processing of his data. You can always withdraw your consent via our website or by making a statement in a form that allows for written reproduction. There is no retroactive effect on the application or withdrawal of consent. To delete personal data, you must contact customer support by e-mail. The deletion request will be answered no later than within a month, and the data deletion period will be specified.

In order to better serve the customer, we may disclose information about individual users to a third party that provides services to the online store and is contractually obligated to keep the shared information confidential. The third party is, for example, our partner, whose tasks are the transport of the services sold. We retain the customer’s personal data until the service and offers are terminated. Collected data, which is required to be stored as a result of the legislation (e.g. accounting data), based on the requirements set out in the legislation.

Data protection and security

Our website takes all precautions (including administrative, technical and physical measures) to protect the customer’s personal data. Only authorized persons have access to change and process data. The customer has the right to demand the termination of the processing of his data, information about the use of the data and the transfer of data to himself or a third party in a commonly used format. In order to avoid the misuse of the customer’s data and rights, applications may only be submitted in a form where the applicant’s identity can be identified (digitally signed or personally signed at the representative office). We reserve the right to respond to such requests within 30 days. All data obtained during the visit of the website are treated as confidential information.

Security and access to personal data

Personal data is stored on Elkdata OÜ’s servers, which are located on the territory of a member state of the European Union or a country that has joined the European Economic Area. Data may be transferred to countries whose level of data protection has been assessed as adequate by the European Commission and to US companies that are affiliated with the Privacy Shield framework. Access to personal data is available to our employees, who can view personal data in order to solve technical issues related to the use of the website and to provide customer support services. Our website implements appropriate physical, organizational and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized access and disclosure. Transfer of personal data to authorized processors (e.g. transport service provider and data hosting) takes place on the basis of contracts concluded with authorized processors. Authorized processors are obliged to ensure appropriate protection measures when processing personal data.

Privacy Policy terms and changes

By booking on the website, sending an information request and subscribing to the newsletter, you have read and agreed to these principles and conditions. We reserve the right to change the general conditions of the privacy policy if necessary, but we do our best to keep our privacy policy up-to-date and available to you on our website. For all questions or concerns about the privacy policy or data processing, please send a letter to the e-mail address: You always have the right to contact the Data Protection Inspectorate or the court to protect your data. In the form of the Data Protection Inspectorate, it is a state institution that can also be contacted for consultation or assistance on personal data protection issues.

Our location

We are located in the old town of Tallinn, in the oldest building on Viru street, where every detail glows from long ago. Here, history walks elegantly on a velvety symphony of flavors.

Viru 8
10140 Tallinn, Estonia