Privacy Policy




The responsible data processor is Falbrock OÜ, registry code 12026140, address: Tammepõllu tee 17-17, 74001, Haabneeme, e-mail: (hereinafter referred to as Suppama or the processor).

Suppama takes care of the privacy of its users and has taken measures that regulate the collection of data, their usage, publication and transmission. Suppama has brought its methods of data collection into accordance with relevant practices and legislation, including the Regulation of the European Union on the protection of natural persons with regard to the processing of personal data, which is accessible at data . Please take your time to familiarise yourself with the present principles carefully, which are applied to the provision of privacy.


Personal data includes any kind of information that can be associated directly or indirectly with a natural person and that is collected and processed by Suppama with the purpose of performing the contract and communicating with users, and in some cases also for discharging the obligations arising from the legislation.

Personal data can be stored and processed in the following ways:
• When registering the account at Suppama or taking part in the events arranged by Suppama or using the SUP-Station, personal data can be asked from the user, such as name and surname, a personal identification number, address, a postcode, a phone number, bankcard details, e-mail address, and the preferred communication mode;
• When using the webpage of Suppama, data are collected via cookies. The storage of cookies can be forbidden by making relevant changes in the settings of a web browser;
• When making a purchase in Suppama store or in the online store, you can be asked for your contact details or purchase preferences;
• When using a bankcard and other means of payment, Suppama can store and process the data provided to Suppama.

Processing of other kinds of data
• The processor can also collect other anonymised data (hereinafter referred to as anonymised data), in which case it is not possible to identify a specific person. Such kind of data can include sex, age, language preferences, location.
• For example, anonymised data can include the data collected while using Suppama webpages. Suppama can collect data in connection with the behaviour of users on the webpage or in the online store.
• Such data are used with the purpose of providing personalised information to users, i.e. the information based on the needs of a particular user. The collection of such data helps Suppama to have a better idea of the attendance rate of the webpage as well as which parts of the webpage can be regarded as being of the greatest interest for users.



The collected personal data can be used for forwarding e-mail letters to customers as well as newsletters about the products sold and campaigns held by Suppama and future events. A customer has the right to refuse from getting the newsletter at any time. Personal data can also be used for fulfilling the obligations to the customer.

By giving his or her consent to the General Terms and Conditions of Suppama as well as its privacy policy, the customer gives his or her consent to Suppama for processing his or her personal data. A user has the right to withdraw his or her consent at any time via the webpage of by sending a written application to Suppama. Such applications do not have a retroactive effect.

The processor shall keep the data provided by users confidential and shall not sell, distribute, or transfer such data to third parties in any other case, except for transferring them to authorised processors or, in cases prescribed by law, to designated institutions.

In order to provide better customer service, Suppama can forward the information to third parties that provide services to Suppama and are bound with a duty of confidentiality by contract.


A user, or a data subject, has the right to obtain information from the processor concerning the personal data collected about him or her and at any time to demand the correction of incorrect personal data as well as the termination of processing of personal data and forbid the transfer of personal data to third parties. Among other things, a user has the right to obtain the information about where the personal data collected about him or her is stored.

A user has the right to transfer data, which means that he or she has the right to ask for and receive from the processor all of the personal data related to him or her, which has been forwarded to the processor or collected by the processor about the user in some other way. Hereby a user has the right to ask for the deletion of information collected about him or her.

A user has the right arising from the legislation to demand for the compensation of damage caused by the processing of his or her personal data.

In addition to that, a user has the right to turn both to the processor and the Data Protection Inspectorate regarding all of the issues pertaining to his or her personal data.

The processor can authorise other persons or institutions to process the personal data of users (hereinafter an authorised processor), provided that the authorised processor has entered into the contract, according to which the authorised processor undertakes to keep the personal data to be processed confidential as well as to provide the protection of personal data and the fulfilment of extended obligations established for authorised processors by legislation. Suppama shall make a relevant list of all of the names, addresses, and other contact details of authorised processors available for users on the basis of an application filed by a user.

At the moment of provision of this consent, the following entities are authorised processors: Google Analytics, Facebook, Mailchimp


Customers can supplement and make changes in their personal data on the webpage of Suppama in the section “My data”. If you want to make changes in your personal data, please do that immediately. If you want to make a change in the e-mail address (the name of the user of Suppama webpage), please inform us about your wish to do so, and we will make a relevant change.


The processor shall store personal data for the duration of the period that is required for achieving the goals specified in the privacy policy or until it has been provided for by the obligation established by law. Personal data shall not be processed for longer than it is required and shall only be stored until it is required for the identification of a data subject, i.e. until the contract between the data subject and Suppama is valid.

It is important to bear in mind that in certain cases, there are exceptions that apply in relation to usual terms of deletion of data, for example, some terms of deletion do not apply if there is indebtedness. Additionally, those rules do not apply to the storage of anonymous data, since in this case the data is no longer regarded as personal, and this is the case of the processing of data for analytical or statistical purposes.


The processor shall apply the required organisational, physical and information technology measures for the provision of integrity, availability and confidentiality of data. Only authorised persons shall have access to personal data for making changes and processing them.

If there is any doubt as to whether or not personal data have been handled appropriately or the way used to handle data has been appropriate, or if there is a threat that data have leaked or fallen into the hands of unauthorised persons, please inform us about it immediately.

In order to avoid the improper use of the rights arising from the protection of personal data, the applications specified in the Privacy Policy should be submitted in writing and in a way, on the basis of which it would be possible to identify the person who has filed an application (with a digital signature or signed in person at the office of Suppama). The processor has the right to respond to such applications within 30 calendar days.

All personal data that are entered via the online store while making a purchase shall be regarded as confidential information. Bankcard details shall be stored in a safe PCI environment at PayPal, which provides payment services to Suppama. The intermediation of card payments at Suppama account shall take place by means of SSL data communications and MasterCard SecureCode and Verified by Visa security systems.

Suppama has the right to make changes in the Privacy Policy at any time and, whenever necessary, to inform users about such changes.

If you have any questions, contact us by