Privacy Policy
Nordic Functional Brands SIA
Last Updated: December 13, 2025
Also see our Terms and Conditions
1. General Provisions
This Privacy Policy regulates the principles of collection, processing, and storage of personal data. Personal data is processed and stored by Nordic Functional Brands SIA, registration number 40203700406, registered address Puces iela 49-53C, Riga, Latvia.
For the purposes of this Privacy Policy, a "data subject" means the customer or another natural person whose personal data is processed by the Controller.
For the purposes of this Privacy Policy, a "customer" means anyone who purchases goods or services on our website vesadrinks.com.
The Controller observes the principles relating to personal data processing provided by legislation and processes personal data in a lawful, fair, and secure manner. The Controller is able to declare that personal data has been processed in accordance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation) and the Personal Data Processing Law of the Republic of Latvia.
This Privacy Policy applies to the website vesadrinks.com and all related services provided by the Controller.
2. Collection, Processing, and Storage of Personal Data
The personal data collected, processed, and stored by the Controller is collected electronically via the website vesadrinks.com and e-mail communications.
By sharing their personal data, the data subject grants the Controller the right to collect, arrange, use, and administer, for the purposes defined in this Privacy Policy, the personal data that the data subject shares with the Controller either directly or indirectly when purchasing goods or services on the website.
The data subject is liable for the accuracy, correctness, and integrity of the data submitted by them. The submission of knowingly false data is regarded as a breach of this Privacy Policy. The data subject is required to immediately notify the Controller of any changes in the data submitted.
The Controller is not liable for any damage or loss caused to the data subject or a third party as a result of the submission of false data by the data subject.
3. Personal Data We Collect
The Controller may process the following personal data of the data subject:
| Data Type | Purpose |
|---|---|
| Given name and surname | Order processing, delivery, invoicing |
| E-mail address | Order confirmation, shipping updates, customer service |
| Telephone number | Delivery coordination, customer service |
| Delivery address | Order fulfillment and shipping |
| Billing address | Invoicing and payment processing |
| Company details (for B2B) | VAT invoicing, business transactions |
| Payment information | Processing payments via secure payment provider |
| IP address | Security, fraud prevention, analytics |
| Browser and device information | Website optimization, security |
We do NOT collect:
- Date of birth (unless required for age verification)
- Bank account numbers directly (handled by payment processor)
- Payment card details directly (handled by payment processor)
In addition to the foregoing, the Controller has the right to collect data about the customer that are available in public registers (e.g., company registration data for B2B customers).
4. Legal Basis for Processing
The legal basis for the processing of personal data is provided by points (a), (b), (c), and (f) of Article 6(1) of the General Data Protection Regulation:
- (a) Consent – the data subject has given consent to the processing of their personal data for one or more specific purposes (e.g., marketing communications);
- (b) Contract – processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
- (c) Legal obligation – processing is necessary for compliance with a legal obligation to which the Controller is subject (e.g., tax and accounting requirements);
- (f) Legitimate interests – processing is necessary for the purposes of the legitimate interests pursued by the Controller (e.g., fraud prevention, website security), except where such interests are overridden by the interests or fundamental rights of the data subject.
5. Purpose and Retention of Personal Data
| Purpose of Processing | Retention Period |
|---|---|
| Order processing and fulfillment | 3 years from order date |
| Customer service and support | 3 years from last interaction |
| Financial activities and accounting | 5 years (as required by Latvian law) |
| Marketing communications (with consent) | Until consent is withdrawn |
| Website security and fraud prevention | 1 year |
| Analytics and website improvement | 2 years (anonymized after 6 months) |
6. Sharing Personal Data with Third Parties
The Controller may share personal data with the following categories of third parties:
Payment Processing
We transmit the personal data necessary for the execution of payments to our authorized payment processor:
Montonio Finance UAB
Company code: 305635623
Address: Antakalnio str. 17, Vilnius, Lithuania
montonio.com/privacy-policy
Montonio processes payment data in accordance with PCI DSS standards and their own privacy policy.
Shipping and Delivery
We share delivery information with our logistics partners:
- Omniva – parcel machines and postal services
- DPD Latvia – parcel machines and courier delivery
- Venipak – parcel machines
- Other carriers as selected by the customer during checkout
Warehousing and Fulfillment
We work with third-party logistics providers for order fulfillment who process personal data solely for the purpose of shipping orders.
Professional Services
- Accounting services (as required by law)
- Legal advisors (when necessary)
- IT service providers (website hosting, email services)
The Controller ensures that all third parties process personal data in accordance with GDPR and have appropriate data protection agreements in place.
We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.
7. Cookies and Tracking Technologies
Our website uses cookies to improve user experience and analyze website traffic.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Website functionality, shopping cart | Session |
| Analytics cookies | Understanding how visitors use our site | 2 years |
| Marketing cookies | Personalized advertising (with consent) | 1 year |
You can control cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.
For more information, please see our Cookie Policy.
8. Data Security
The Controller processes and stores personal data implementing organizational and technical measures to ensure that personal data is protected against any accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
Security measures include:
- SSL/TLS encryption for all data transmission
- Secure payment processing through PCI DSS compliant providers
- Access controls limiting data access to authorized personnel only
- Regular security assessments and updates
9. Rights of the Data Subject
Under GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of access | Request a copy of your personal data |
| Right to rectification | Request correction of inaccurate data |
| Right to erasure | Request deletion of your data ("right to be forgotten") |
| Right to restriction | Request limitation of processing |
| Right to data portability | Receive your data in a structured format |
| Right to object | Object to processing based on legitimate interests |
| Right to withdraw consent | Withdraw consent for marketing at any time |
To exercise your rights, please contact us at:
Email: info@nordicfunctional.com
Phone: +371 25276696
Address: Nordic Functional Brands SIA, Puces iela 49-53C, Riga, Latvia
We will respond to your request within 30 days.
If you believe your data protection rights have been violated, you have the right to file a complaint with the supervisory authority:
Datu valsts inspekcija (Data State Inspectorate)
Elijas iela 17, Riga, LV-1050, Latvia
pasts@dvi.gov.lv | www.dvi.gov.lv
10. International Data Transfers
Your personal data is primarily processed within the European Economic Area (EEA).
If any data transfer outside the EEA is necessary, we ensure appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses
- Adequacy decisions by the European Commission
- Other legally approved transfer mechanisms
11. Children's Privacy
Our products contain caffeine and are not intended for children under 18 years of age.
We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected such data, please contact us immediately.
12. Changes to This Privacy Policy
The Controller reserves the right to amend this Privacy Policy at any time.
Changes will be published on our website at vesadrinks.com/privacy-policy.
Significant changes will be communicated to registered customers via email.
Continued use of our services after changes constitutes acceptance of the updated Privacy Policy.
13. Contact Information
For any questions regarding this Privacy Policy or your personal data, please contact:
Nordic Functional Brands SIA
Puces iela 49-53C
Riga, LV-1050, Latvia
Email: info@nordicfunctional.com
Phone: +371 25276696
Website: vesadrinks.com
This Privacy Policy has been prepared in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) and the Personal Data Processing Law of the Republic of Latvia.