Privacy Policy

Effective date: January 12, 2026

Version: 1.0

This Privacy Policy explains how SIA Timata (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit or make a purchase on oluny.com (the “Site”), or otherwise interact with us. Where applicable, we comply with the EU General Data Protection Regulation (GDPR) and other relevant privacy laws.

1) Data Controller (Who we are)

Controller: Timata Ltd.

Registration number: 40203669422

Address: Pildas street 50, Riga, Latvia

Privacy contact email: info@timata.lv

2) What personal data we collect

We collect personal data in the following ways:

A) Information you provide to us (Order & Support)

  • Identity & contact details: name, email, phone number.
  • Billing and shipping details: billing address, shipping address.
  • Order details: products purchased (e.g., weighted blankets), quantities, order value, order history, return/refund information.
  • Customer support messages: any information you share when contacting us.

Payment note: We generally do not store full card details. Payments are processed by our payment provider(s). We may receive transaction identifiers, payment status, and limited billing data.

B) Information collected automatically (Website usage)

  • Device & technical data: IP address, device type, browser, operating system, language settings.
  • Usage data: pages viewed, clicks, time spent, referrer URL.
  • Cookies and similar technologies: see Section 8.

C) Information from third parties

  • Payment providers (payment confirmation, fraud signals).
  • Shipping carriers (delivery status updates).
  • Analytics / advertising platforms (site performance and campaign metrics).

3) Why we use your data (Purposes)

We use personal data to:

  • Process and fulfill orders (payment confirmation, packing, shipping, delivery).
  • Provide customer service (questions, issues, warranty/returns).
  • Send transactional communications (order confirmations, shipping notifications).
  • Improve the Site (analytics, debugging, performance).
  • Prevent fraud and secure the Site (risk checks, log monitoring).
  • Marketing (where permitted) (newsletters, promotions, remarketing), subject to your choices and consent where required.
  • Comply with legal obligations (accounting, tax, consumer protection).

4) Legal bases for processing (GDPR)

If GDPR applies, we process your data based on:

  • Contract (Art. 6(1)(b)) — to complete your purchase and deliver products.
  • Legal obligation (Art. 6(1)(c)) — e.g., tax and accounting requirements.
  • Legitimate interests (Art. 6(1)(f)) — site security, fraud prevention, service improvement.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and certain marketing activities where required.

5) How we share your data

We may share your data with trusted third parties only as necessary:

  • Payment processors: Swedbank Latvia, EveryPay
  • Shipping and logistics providers: DPD
  • E-commerce / hosting / infrastructure providers: Hostinger
  • Analytics providers: Google Analytics
  • Email/marketing providers: inbox.eu
  • Professional advisors / authorities: where required by law or to protect our rights.

We do not sell your personal data.

6) International transfers

If we transfer personal data outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful mechanisms, depending on the provider and jurisdiction.

7) Data retention

We keep personal data only as long as necessary:

  • Order and accounting records: typically 5 years (or as required by law).
  • Customer support communications: 12 months.
  • Fraud/security logs: 180 days.
  • Marketing data: until you unsubscribe or object.

8) Cookies & similar technologies

We use cookies for:

  • Strictly necessary functions (cart, checkout, security).
  • Preferences (language, settings).
  • Analytics (understanding how the Site is used).
  • Marketing (ads/remarketing), where applicable and subject to consent where required.

You can manage cookies via your browser settings and, if available, our cookie banner/preferences tool.

9) Your rights (GDPR)

Depending on your location, you may have the right to:

  • access your data,
  • correct inaccurate data,
  • delete your data,
  • restrict processing,
  • data portability,
  • object to processing (especially marketing),
  • withdraw consent at any time (where processing is consent-based).

To exercise your rights, contact us at info@timata.lv. We may request verification of identity.

You also have the right to lodge a complaint with your local data protection authority.

10) Marketing communications

If you subscribe to marketing emails, you can unsubscribe anytime using the link in our emails or by contacting us. Transactional emails (e.g., order confirmations) are sent regardless of marketing preferences because they are necessary to fulfill your order.

11) Security

We use reasonable administrative, technical, and physical safeguards to protect personal data. However, no method of transmission or storage is 100% secure.

12) Children

The Site is not intended for children. We do not knowingly collect personal data from children.

13) Third-party links

The Site may contain links to third-party websites. We are not responsible for their privacy practices.

14) Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Site with a new effective date.

15) Contact

For privacy questions or requests: info@timata.lv