Back to Home

Makselink OÜ Privacy Policy

v1.1 - Last updated: February 15, 2026

Data controller: Makselink OÜ (reg. code 17346797), Pärnu mnt 110, Kesklinna district, 11313 Tallinn, Harju County, Estonia
Contact: abi@makselink.ee

Makselink ("Makselink", "we") processes personal data when you use Makselink on the web or in the app ("Platform"). This policy explains what data we process, for what purposes, on what legal basis, for how long, with whom we share it, and what your rights are.

1. General provisions

  • We process personal data in accordance with the General Data Protection Regulation (GDPR) and Estonian law.
  • We process data only to the minimum extent necessary to provide the service, ensure security, and comply with legal requirements.

2. When we collect your data

  • When you create an account or use the Platform.
  • When you initiate a transaction, make a payment, sell, or buy an item.
  • When you contact customer support or dispute a transaction.
  • When you visit our website (cookies and similar technologies – see section 10).

3. Purposes of processing and legal basis

  • Providing the service and performing the contract (GDPR Art. 6(1)(b)): creating and managing an account, facilitating transactions, notifications, payment flow and payouts, and handling Purchase Protection claims.
  • Compliance with legal obligations (GDPR Art. 6(1)(c)): accounting, payment-related requirements, AML/KYC obligations, DAC7 reporting (where applicable).
  • Legitimate interests (GDPR Art. 6(1)(f)): Platform security, prevention of fraud and abuse, service quality and reliability, logs and evidence for resolving disputes/legal claims.
  • Consent (GDPR Art. 6(1)(a)): marketing (e.g., newsletter) and website analytics/marketing cookies/pixels via CookieScript.
  • If you do not provide the data necessary to provide the service, we may be unable to offer certain features (e.g., completing a transaction, making a payout).

4. What personal data we process

  • Account data: name (if provided), email, phone number, and technical data related to account creation and login.
  • Transaction data: purchase/sale information, amount, fees, transaction status, timestamps, and transaction-related notifications.
  • Payout data (for the Seller): account holder name and Estonian bank account (IBAN), if required to make a payout.
  • Delivery and tracking (if used): recipient name/phone number, delivery details and shipment tracking information.
  • Dispute and Purchase Protection data: explanations, evidence (e.g., photos), tracking and other information necessary to make a decision.
  • Customer support data: content of enquiries and related metadata (time, channel), and attached files.
  • Security data: IP address, device data, logs, and indicators of fraudulent behaviour (as needed).
  • AML/KYC and DAC7 (if required): depending on applicable law and payment partner requirements, identity verification data (e.g., ID document details, date of birth, address, personal identification code) and platform services/income data.

5. Who we share personal data with

We share data only on a need-to-know basis with the following recipients:

  • PSPs and payment partners – to process payments, hold funds for Purchase Protection transactions, and make payouts.
  • Messente – SMS/notification delivery service (if used).
  • Klaviyo – email and marketing automation service (service notifications and marketing emails, where applicable).
  • Google Analytics – website analytics (based on consent; see section 10).
  • Meta Pixel and TikTok Pixel – marketing measurement and ad attribution (based on consent; see section 10).
  • IT and infrastructure partners (hosting, cloud services, logs, security services) – to operate and secure the Platform.
  • Accounting providers and auditors – to comply with legal obligations.
  • Public authorities – where required by law or a valid request (incl. MTA/DAC7 and supervisory authorities).

6. Transfers outside the EEA

  • Some service providers may process data outside the European Economic Area. In such cases, we ensure GDPR-compliant safeguards (e.g., European Commission Standard Contractual Clauses and/or another legal basis).

7. Data retention

  • We retain data for as long as necessary to fulfil the purposes, including to protect legal claims.
  • Account and transaction data: generally during the account's validity and thereafter up to 7 years (disputes, claims, security, accounting links).
  • Accounting data: generally 7 years as required by law (or another applicable retention period).
  • Cookies and analytics: according to cookie expiry periods described in CookieScript (in certain cases up to 3 years).
  • Where the retention period depends on a specific situation (e.g., a dispute/investigation), we retain data until the matter is resolved and for the period necessary to protect rights.

8. Security

  • We use reasonable technical and organisational security measures to protect data against unauthorised access, alteration, disclosure or destruction.
  • Access to personal data is restricted to employees and partners who need it to provide the service.

9. Your rights

  • You have the right to receive information about the processing of your data and obtain a copy, rectify inaccurate data, request erasure (where the legal basis allows), restrict processing, object to processing based on legitimate interests, data portability (where applicable), and withdraw consent (for consent-based processing).
  • Please send requests to: abi@makselink.ee. We generally respond within 1 month; if necessary, the deadline may be extended and we will inform you.

10. Cookies and CookieScript (Google Analytics, Meta Pixel, TikTok Pixel)

  • Makselink uses the CookieScript service on the website to manage consent for cookies and similar technologies (incl. pixels).
  • Google Analytics – used to analyse website usage and make improvements.
  • Meta Pixel and TikTok Pixel – used to measure ad performance and for attribution.
  • We use analytics and marketing cookies/pixels only if you give consent in the CookieScript consent panel. You can change or withdraw your consent at any time in CookieScript settings.

11. Direct marketing (Klaviyo)

  • If you consent to marketing, we may send newsletters and offers via Klaviyo.
  • You can unsubscribe at any time (link at the end of the email or by contacting abi@makselink.ee).
  • Transaction-related service notifications (e.g., purchase confirmations, security notices) are not marketing and may be sent without marketing consent.

12. Complaints

  • If you are not satisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate: Tatari 39, Tallinn 10134; info@aki.ee; +372 627 4135.

13. Changes to this Privacy Policy

  • We may update this Privacy Policy to keep it current and aligned with the development of the service. We will notify you of changes in the Platform and/or via your contact details.