Privacy Policy

Effective date: April 6, 2026
Last updated: April 6, 2026

This Privacy Policy describes how BaKey OÜ ("Company", "we", "us", or "our") collects, uses, stores, shares, and otherwise processes personal data when you visit or use our website, place an order, contact us, or otherwise interact with our services.

We are committed to handling personal data in a transparent, lawful, and secure manner, including in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), where applicable.

1. Who we are

BaKey OÜ
Registration number: 17412818
Country of registration: Estonia
Support email: support@brw-stars.store
Abuse / legal contact: abuse@brw-stars.store
Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 7-557, 10117

For the purposes of applicable data protection law, BaKey OÜ is generally the controller of the personal data described in this Privacy Policy, meaning we determine the purposes and means of processing that personal data. Certain third-party providers, including our e-commerce platform and infrastructure providers, may process personal data on our behalf.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data collected through:

• our website;
• our storefront and checkout functionality;
• customer support communications;
• abuse, legal, and compliance communications;
• order processing and fulfillment activities;
• cookies, pixels, analytics tools, and related technologies, where enabled.

Our store is hosted on Shopify, which means certain customer and transaction data may be processed through Shopify’s infrastructure and related services in order to operate the storefront, cart, checkout, payments integrations, customer privacy settings, fraud prevention, and store administration.

3. What personal data we collect

Depending on how you use our website and services, we may collect the following categories of personal data:

3.1 Information you provide directly

We may collect personal data that you provide to us directly, including:

• full name;
• billing address;
• delivery address, if applicable;
• email address;
• phone number, if provided;
• account or order-related details you submit;
• any information you include in support requests, complaints, abuse reports, or direct messages.

3.2 Order and transaction data

When you place an order or attempt to place an order, we may collect:

• order details;
• items purchased;
• order value;
• payment status;
• transaction identifiers;
• customer notes and order history.

We do not necessarily store full payment card details ourselves. Payment information may be processed by Shopify, payment gateways, payment processors, or other authorized providers depending on the payment method used.

3.3 Automatically collected information

When you visit the site, certain data may be collected automatically, such as:

• IP address;
• browser type and version;
• device identifiers;
• operating system;
• language and regional settings;
• pages viewed;
• referring URLs;
• approximate location inferred from IP;
• timestamps and browsing activity;
• cookies and similar tracking data.

3.4 Customer support and communications data

If you contact us at support@brw-stars.store or abuse@brw-stars.store, we may collect:

• your email address;
• your name or alias;
• the content of your message;
• attachments or screenshots you provide;
• any order, account, or issue-related data necessary to review and respond to your request.

3.5 Fraud, security, and abuse-prevention data

We may process technical, transactional, and behavioral information that is reasonably necessary to:

• detect fraud and abuse;
• investigate suspicious transactions;
• prevent unauthorized access;
• enforce our Terms and store policies;
• comply with legal obligations and lawful requests.

4. How we collect personal data

We collect personal data:

• directly from you when you place an order, fill out forms, or contact us;
• automatically through your use of the website;
• from Shopify and apps, plugins, integrations, or service providers connected to our store;
• from payment processors, fraud prevention services, shipping or fulfillment partners, if used;
• from publicly available or legally obtained sources where necessary for fraud, compliance, or dispute handling.

5. Why we process your personal data

5.1 To operate our website and store

We use personal data to:

• provide and maintain the storefront;
• enable browsing, cart, and checkout functionality;
• manage user sessions;
• display relevant store content;
• administer our site and services.

5.2 To process orders and provide services

We process personal data to:

• accept and manage orders;
• confirm purchases;
• communicate about order status;
• fulfill purchased products or services;
• provide customer assistance regarding purchases and transactions.

5.3 To communicate with you

We use personal data to:

• respond to support requests;
• respond to legal, abuse, and complaint notices;
• send service-related notices;
• provide important information about your order or our policies.

5.4 To improve our services

We may analyze usage information to:

• understand how visitors use the site;
• improve user experience, performance, and site stability;
• troubleshoot technical issues;
• measure conversion, traffic, and store effectiveness.

5.5 To maintain security and prevent misuse

We process personal data where necessary to:

• protect our business, systems, customers, and users;
• investigate fraud, unauthorized use, chargebacks, or abuse;
• monitor violations of our policies;
• enforce contractual and legal rights.

5.6 To comply with legal obligations

We may process personal data to:

• comply with accounting, tax, consumer protection, and reporting obligations;
• comply with legal requests, court orders, or law enforcement requests where required;
• maintain appropriate records for regulatory and legal purposes.

6. Legal bases for processing under GDPR

Where the GDPR applies, we rely on one or more of the following legal bases:

6.1 Performance of a contract

We process personal data where necessary to enter into or perform a contract with you, including:

• processing your order;
• delivering products or services;
• handling support relating to your purchase.

6.2 Legitimate interests

We may process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include:

• operating and improving our website;
• fraud prevention and security;
• internal administration;
• responding to complaints and disputes;
• defending legal claims.

6.3 Legal obligation

We may process personal data where necessary to comply with a legal obligation, including tax, accounting, consumer, regulatory, or law-enforcement obligations.

6.4 Consent

Where required by law, we rely on your consent, for example for certain cookies, pixels, or similar tracking technologies.

7. Cookies and similar technologies

We and our service providers may use cookies, pixels, local storage, tags, scripts, and similar technologies to:

• keep the website functional;
• remember settings and preferences;
• support the cart and checkout;
• analyze traffic and usage;
• measure the effectiveness of campaigns;
• support fraud prevention and security;
• manage consent preferences where applicable.

Some cookies are necessary for the basic operation of the website. Others may be optional and used only where you provide the required consent under applicable law.

Depending on your location, you may be shown a cookie banner or privacy choice tool. You may also be able to control cookies through your browser settings. Blocking certain cookies may affect site functionality.

8. How we share personal data

We do not sell personal data in the ordinary sense of exchanging your personal data for money. However, we may share personal data with trusted third parties where necessary to operate our business and services, including:

8.1 Shopify

Our store is hosted on Shopify, and customer personal data may be processed through Shopify to provide storefront, checkout, infrastructure, fraud prevention, analytics, and related e-commerce functionality.

8.2 Payment providers

We may share transaction-related data with payment gateways, acquirers, or payment service providers to process payments, detect fraud, and manage refunds, disputes, or chargebacks.

8.3 Technical and infrastructure providers

We may share data with hosting, email, analytics, security, customer support, anti-fraud, and IT service providers where necessary to operate the site and deliver services.

8.4 Professional advisors and compliance recipients

We may disclose data to legal advisors, accountants, auditors, regulators, courts, law enforcement, or other competent authorities where required by law or where necessary to establish, exercise, or defend legal claims.

8.5 Business transfers

If our business is sold, merged, reorganized, or transferred, personal data may be disclosed as part of that transaction, subject to applicable confidentiality and legal safeguards.

We require service providers processing data on our behalf to handle personal data in a lawful and secure manner appropriate to the nature of the data and processing.

9. International transfers

Because our store uses Shopify and may rely on third-party providers with global infrastructure, your personal data may be processed outside your country of residence, including outside the European Economic Area in some cases.

Where required by applicable law, we take steps intended to ensure that transfers of personal data are subject to appropriate safeguards, such as:

• adequacy decisions;
• standard contractual clauses;
• contractual and technical measures appropriate to the transfer.

10. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may depend on:

• whether you made a purchase;
• whether the data is needed for customer support;
• whether the data is needed for security, dispute resolution, or fraud prevention;
• whether we are subject to legal, tax, accounting, or recordkeeping obligations;
• whether the data is needed to establish, exercise, or defend legal claims.

When personal data is no longer needed, we will delete, anonymize, or securely store it in accordance with applicable law and reasonable technical practices.

11. Data security

We take reasonable technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

However, no method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, while we take reasonable steps to protect personal data, we cannot guarantee absolute security.

12. Your rights

Where applicable under the GDPR and other data protection laws, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete personal data;
• request deletion of your personal data;
• request restriction of processing;
• object to processing based on legitimate interests;
• request data portability;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with a competent supervisory authority.

If you would like to exercise any of these rights, please contact us at:

• support@brw-stars.store
• abuse@brw-stars.store

We may ask you to verify your identity before responding to your request. In some cases, we may limit or decline a request where permitted by law, for example where the request is manifestly unfounded, excessive, or where we are legally required to retain certain information.

13. Complaints

If you believe your personal data has been processed unlawfully or in a way that violates applicable data protection law, you may contact us first so that we can try to resolve the issue.

You also have the right, where applicable, to lodge a complaint with your local data protection authority, including the competent authority in the EU/EEA country relevant to you or to us.

14. Children’s privacy

Our website and services are not intended for persons who are not legally able to provide valid consent under applicable law without involvement of a parent or guardian, where such restrictions apply.

We do not knowingly collect personal data from children in violation of applicable law. If you believe that a child has provided us with personal data unlawfully, please contact us and we will review the matter and, where appropriate, delete the data.

15. Third-party services and links

Our website may contain links to third-party websites, services, applications, social media pages, or integrations. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of those third parties before providing them with your personal data.

16. Automated decision-making

We may use automated tools or signals related to fraud prevention, abuse detection, transaction review, or website security. However, we do not intend to make decisions producing legal or similarly significant effects solely by automated means unless permitted by applicable law and appropriate safeguards are in place.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, legal requirements, technologies, or data processing practices.

When we make changes, we will update the “Last updated” date at the top of this page. Where required by law, we will take additional steps to notify users of material changes.

18. Contact us

BaKey OÜ
Reg. No.: 17412818
Country: Estonia
Support: support@brw-stars.store
Abuse / legal: abuse@brw-stars.store
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 7-557, 10117