Privacy Policy

This Privacy Policy applies to OÜ (“Website”). This Privacy Policy describes how we collect, use, share and secure the information provided by our customers. It also describes our customers’ choices regarding use, access, correction, and deletion of their data. We value all of our customers and respect their right to privacy and data protection.

The following terms, when used in the Privacy Policy, the Agreement, and any communication between the Parties, have the meanings given below:

    1. “Agreement” is a Service Agreement or other agreement between OÜ and the Customer.
    2. “Cookies” are small data files that are placed on visitors’ devices by a website containing details of your browsing history on that particular website.
    3. “Customer” is any individual or legal person who uses or has expressed a wish to use the Services of OÜ.
    4. “Customer Account” is the personal data account of the Data Subject, which in particular gives access to his / her data and services and through which the Client identifies himself / herself. The Customer Account belongs to the Data Subject and is valid during the validity of the Agreement.
    5. “Data Subject” is an individual person for whom OÜ has information or information that can be used to identify an individual person. Data Subject includes, but is not limited to, customers, visitors, partners, and employees for whom OÜ have personal data.
    6. “Legitimate Interest” means OÜ’s interest in managing its own business to provide the best possible Services on the market.
    7. “Personal Data” is any information about an identified or identifiable individual person.
    8. “Processing of Personal Data” or “Processing” is any act performed by the Data Subject with Personal Data like collecting, recording, organizing, storing, modifying and disclosing Personal Data, providing access, performing queries and retrieving, using, transmitting, cross-linking, merging, closing, deleting or destroying, or several of the previously mentioned operations, regardless of the manner in which the operations are performed and the means used.
    9. “Sales Channels” are the means of communication with the Data Subject, used by OÜ, a tool for the sales of goods and the provision of services. Sales Channels may include but is not limited to email, phone, public and social media, various chat lines, individualized and interactive ads, and other similar tools.
    10. “Services” are all services and products offered by OÜ.
    11. “Service Portfolio” is a range of OÜ products and Services, which are available on the Website or on a received offer.
    12. “Visitor” is the person who uses the website of OÜ.
    1. By utilizing our Services, the Customer agrees to this Privacy Policy.
    2. The Privacy Policy applies to the Data Subjects, and the rights and obligations specified in the Privacy Policy are the responsibility of all employees and partners of OÜ who have contact with Personal Data held by OÜ.
    3. This Privacy Policy may be supplemented by privacy notices published on the Website.
      1. When processing Personal Data, OÜ always follows the interests, rights and freedoms of Data Subjects.
      2. OÜ all processes, guides, operations and activities related to the Processing of Personal Data are based on the following principles:
        • Legal. There is a legal basis for processing Personal Data, such as an Agreement;
        • Justice. Processing of Personal Data is fair, in particular by requiring the Data Subject to have sufficient information and information about how Personal Data is processed.
        • Transparent. Processing of Personal Data is transparent to the Data Subject, including through the Client Account created specifically for this purpose, which explains in simple language why, how, and when Personal Data is processed.
        • Purpose. Personal Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes. It is possible for the Data Subject to check the specific purpose of the Data Processing.
        • Minimized. Personal Data is relevant, important, and limited to what is necessary for the purpose for which they are processed. When processing Personal Data, OÜ shall follow the Minimum Processing Principle, and if Personal Data is not necessary or is no longer necessary for the purpose for which it was collected, the Personal Data shall be deleted.
        • Correct. Personal Data are correct and up-to-date, and all reasonable steps have been taken to ensure that inappropriate Personal Data will be corrected or deleted.
        • Restriction on storage. Personal Data shall be kept in a form which permits identification of the Data Subject only for as long as it is necessary for the purpose for which the Personal Data are processed. This means that if OÜ wants to keep Personal Data longer than is necessary for the purpose of the collection, OÜ will anonymize the data such that the Data Subject is no longer identifiable. In the case of data that OÜ has obtained through a customer or similar relationship, OÜ will, in accordance with best practice and Data Subject to consent, retain generally until the withdrawal of consent. Deadlines for storage are set by the internal rules of OÜ.
        • Reliability and confidentiality. Processing of Personal Data shall be carried out in a manner that ensures appropriate security of the Personal Data, including protection from unauthorized or illegal Processing and accidental loss, destruction or damage through reasonable technical or organizational measures. OÜ has internal rules, internal instructions or regulations for employees, as well as separate contracts with each authorized processor that provides best practices, continuous risk assessment and appropriate technical and organizational measures for the processing of Personal Data.
        • Default and integrated data protection. OÜ ensures that all systems used meet the required technical criteria. Appropriate data protection measures are prepared for updates or design of each information and data system (eg, information systems and business processes are built around pseudonymization and encryption assumptions).
    1. Personal Data may be processed by OÜ:
      • identifying the purposes and means of processing as a controller;
      • as processor in accordance with the instructions of the controller;
      • as a recipient to the extent that Personal Data is transmitted.
    2. OÜ processes and collects, in particular, the following types of Personal Data:
      • Personal Data published by the Data Subject to OÜ; 
      • Personal Data resulting from the normal communication between the Data Subject and OÜ;
      • Personal Data obviously disclosed by the Data Subject (e.g., social media posts);
      • Personal Data generated when using the Services;
      • Personal Data resulting from visitation and use of the Website (e.g., time spent on the Website);
      • Personal Data created and combined by OÜ (e-mail correspondence or contract flow and history list).
      • Personal Data generated from the customer relationship between the Data Subject and OÜ.
    1. OÜ processes Personal Data exclusively on the basis of consent or law. The principles for processing Personal Data arising from law include, but are not limited to, a Legitimate Interest or Agreement between the Data Subject and OÜ.
    2. On the basis of consent, Personal Data is processed within the limits, to the extent and for the purposes specified by the Data Subject. The principle of OÜ is that each consent must be clearly distinguishable from other issues, and in an understandable and easily accessible form, in clear and simple language. Consent may be given in writing or by electronic means or as a verbal statement. The Data Subject gives consent voluntarily, specifically, knowingly and unequivocally, for example, by marking the cell on the Website.
    3. While signing and fulfilling the Contract, Processing of Personal Data may be specified in an Agreement, but OÜ may also process Personal Data for the following purposes:
      • Taking pre-contractual measures at the request of the Data Subject;
      • Taking pre-contractual measures to prevent money laundering and terrorist financing;
      • Identifying Customers to the extent required by due diligence;
      • Fulfilling the Customer’s expectations regarding provision of  Services;
      • Communicating with the Customer;
      • Securing the Customer’s payment obligation;
      • Realizing and protecting claims.
    4. On the basis of the law, OÜ processes Personal Data only after careful evaluation and confirmation that OÜ has a Legitimate Interest, on the basis of which the Processing of Personal Data is necessary and in accordance with the data subject’s interests and rights. In particular, the Processing of Personal Data may be based on Legitimate Interest for the following purposes:
      • Securing a trusted customer relationship, such as Processing Personal Data, strictly necessary to identify actual beneficiaries or to prevent fraud and money laundering and terrorist financing;
      • Managing and analyzing the customer base to improve the availability, choice, quality of the Services and Products, and to make the best and most personalized offers to the Customer upon consent;
      • Using collected data for web analysis or service analysis in order to ensure reliable workflow, to improve processes, to produce statistics and to analyze the visitor’s behavior and usage experience, and to provide a better and more personalized Service;
      • Conducting campaigns, including arranging personalized and targeted campaigns, conducting customer and visitor satisfaction surveys and measuring the effectiveness of marketing activities performed;
      • Analyzing Customer and Visitor Behavior in various sales channels, websites;
      • Storing notices and orders given on its own premises as well as by means of communication (e-mail, telephone, etc.), as well as information and other actions that OÜ has made and, if necessary, using them for verifying orders or other operations;
      • Fighting piracy, securing the Website, making and storing backups and other actions for network, information, and cyber security as OÜ sees fit;
      • Managing finances and Processing Personal Data of Clients or employees;
      • Preparing, submitting, or defending against legal claims.
    5. For the purpose of fulfilling an obligation by the Law, the Personal Data shall be processed by OÜ for the performance of the obligations provided by law or for the implementation of permitted uses permitted by law.
    6. If the Processing of Personal Data is for a purpose other than the one for which the Personal Data was originally collected or is not based on the consent of the Data Subject, OÜ shall carefully evaluate the permissibility of such new Processing. OÜ will determine whether the New Purpose is consistent with the purpose for which Personal Data was originally collected, including:
      • The link between the purposes for which the Personal Data was collected and the intended further Processing intensions;
      • The context of the collection of personal data, in particular the relationship between the Data Subject and OÜ;
      • The nature of the Personal Data, in particular whether Personal Data relating to specific categories or Personal Data relating to convictions and offenses in criminal matters;
      • The possible consequences of the proposed further processing for Data Subjects;
      • The existence of appropriate protection measures, such as encryption and pseudonymisation.
    1. OÜ cooperates with entities to which OÜ may provide Data Subject data, including Personal Data, within the framework of and for the purpose of cooperation.
    2. Such third-parties may include OÜ accounting and financial services partners, government agencies, advertising and marketing partners, companies that conduct customer satisfaction surveys, debt recovery service providers, payroll registers, IT partners, e-mail service providers,  or other persons or agencies, provided that:
      • The purpose and Processing are legitimate;
      • Processing of Personal Data is carried out in accordance with the instructions of OÜ and under a valid agreement;
      • For such authorized processors, data have been declared to Data Subjects;
    3. OÜ will only transfer Personal Data outside the European Union if:
      • The European Commission has decided that there is sufficient protection in the country to which the data is to be transferred;
      • OÜ has put in place adequate protection measures (e.g., binding corporate rules or standard data protection clauses);
      • The Data Subject has confirmed the transfer after being informed by OÜ of the possible dangers of such transmission resulting from the absence of relevant protection measures;
      • The transfer is necessary for the performance of a contract between the Data Subject and the controller or for the implementation of pre-contractual measures taken at the request of the Data Subject;
      • The transfer is necessary for the conclusion or performance of a contract between the controller and another individual or legal person in the interest of the Data Subject;
      • Transmission is necessary for the public interest;
      • Transmission is necessary for the preparation, filing or protection of legal claims;
      • Transmission is necessary to protect the vital interests of the Data Subject or other persons if the Data Subject is physically or legally incapable of giving consent;
      • The transfer is made from a register which, under European Union or national law, is intended to inform the public and is open to inspection by the general public or anyone who can prove a Legitimate Interest, but only to the extent that, the access conditions are fulfilled under European Union or Member State law;
      • Transmission is not repeated; concerns only a limited number of Data Subjects; it is necessary to protect the Legitimate Interests of OÜ in respect of the Data Subject’s interests, rights, or freedoms; and when all circumstances relating to the transmission have been assessed and appropriate protection measures have been established to protect the Personal Data. OÜ announces the transfer to the Data Protection Inspection.
    1. Personally identifiable information is deleted after 7 days on our servers. Personal Data for which the retention period has expired will be destroyed using best practices and in accordance with the procedures established by OÜ for this purpose.
    2. Payment information is saved and stored for 10 years, as required by law, on the third-party payment service provider Stripe. We refer to their Privacy Policy.
    3. OÜ has established guidelines and rules of procedure on how to ensure the security of Personal Data through both organizational and technical measures.
    4. In case of any incident with respect to Personal Data, OÜ shall take all necessary measures to relieve the consequences and hedge future risks. Among other things, OÜ registers all incidents and informs the Data Protection Inspection and the Data Subject directly or publicly.
    1. OÜ services are not aimed at children.
    2. If OÜ becomes aware that it has collected Personal Data about a child, OÜ will attempt to terminate such Processing of Personal Data.
    1. Authorization rights:
      • The Data Subject has the right at any time to notify OÜ of its wish to withdraw the Processing of Personal Data.
      • Data Subject can view, modify and withdraw the approval given to OÜ in the Customer Account or by contacting OÜ. Contacts can be found in section 13 of the Privacy Policy.
    2. The Data Subject also has the following rights when processing Personal Data:
      • Right to receive information, the Data Subject has the right to receive information about the Personal Data collected about him / her.
      • Right to Access Data. Including the right for the copy of Processed Personal Data. The Client has the opportunity to get info about the Personal Data collected by OÜ on the Client Account.
      • Right to demand correction of inaccurate Personal Data. The Data Subject may also correct incorrect data in his / her Client Account.
      • Right to erase data. In some cases, the Data Subject has the right to request that the Personal Data be deleted, for example, if the Processing is performed only on the basis of agreement.
      • Right to restrict the Processing of Personal Data. This right arises if the Processing of Personal Data is not permitted by law or if the Data Subject contests the accuracy of the Personal Data. The Data Subject has the right to request that the Processing of Personal Data be restricted for a period of time that enables the Controller to verify the correctness of Personal Data or if Processing of Personal Data is illegal, if the Data Subject does not request the deletion of personal data.
      • Right to transfer data. Data Subject is entitled to receive Personal Data in machine-readable form or transferred to another responsible processor in some cases.
      • Rights related to automated Processing. Data Subject has the right, at any time, to object to decisions made based on automated Personal Data Processing. For the sake of clarity – OÜ can process Personal Data for business-driven automated decisions (eg in the marketing context for segmenting and personalizing personalized messages, initiating an employment relationship, and ensuring that our employees comply with our internal security policies). Automated Processing can partly rely on data collected from public sources. Data Subject has the right to avoid any decisions based on automatic Personal Data Processing if they can be classified as profiling;
      • Right of the supervisory authority to evaluate whether the processing of the Personal Data is legal;
      • Right to compensation for damage caused by the Processing of Personal Data to the Data Subject.
    1. In order to enter into a contract of employment on the basis of a contract and a Legitimate Interest, OÜ will apply the Personal Data Processing as follows:
      • Processing of the data submitted by the candidate to OÜ for the purpose of concluding an employment contract;
      • the Processing of Personal Data received from the person who was marked as a reference by the candidate;
      • Processing of Personal Data collected from national databases and registers and from public (social) media.
      • If the candidate for employment is not elected, OÜ will keep the Personal Data collected for the employment contract only for two years in order to make a job offer to the candidate upon release of a suitable job position. Two years after submission of the application for employment Personal Data will be deleted.
    1. Claiming the rights:
      • The Data Subject has the right to contact OÜ in the contact details provided in clause 15 in case of any question, application or complaint related to the Processing of Personal Data.
      • OÜ encourages Data Subjects to use their rights to claim info about their personal data issues.
    2. Submitting complaints:
      • The Data Subject has the right to appeal to the OÜ and the Data Protection Inspection or the court if the Data Subject finds that his / her rights have been violated in the Processing of Personal Data.
      • Contact details of the Data Protection Board (AKI) can be found on the AKI website:
    1. OÜ may collect data about the visitors of Websites and other Information Society Services using Cookies (ie, small information chips stored on the hard drive of the visitor’s computer or other device by the visitor’s browser) or other similar technologies (e.g., IP address, device information, location information). You can learn more about cookies and how we use them in our Cookie Policy.
    1. The following documents, procedures and instructions apply when implementing the OÜ Privacy Policy:
      • The internal rules set out all the purposes, ways of processing the Personal Data, the types and categories of Personal Data processed and the Processing Principles, as well as the different measures that OÜ implements to keep personal data always confidential and secure.
      • Cookie Policy. You can read more about how we use cookies here.
      • On Customer Account, through which the Data Subject can access his / her own Personal Data, Data Subject can correct, modify, and enforce any other rights granted under this Agreement and these Terms and Conditions;
      • All About Cookies: Descriptions of cookies and other web technologies used by OÜ;
      • Your Online Choices; About Ads; Network Advertising: A platform for checking and monitoring cookies and other web technologies that allows the Data Subject to change and control how Personal Data is used and collected.

If you have questions or concerns, OÜ can be contacted by e-mail:

  • CHANGES TO THIS PRIVACY POLICY OÜ has the right to unilaterally change these Privacy Terms. OÜ will inform the Data Subjects of the changes on the website of OÜ by e-mail or by other means.

  • Publication
  • 13.6.2022
  • Applies to existing Guest and Customers
  • 13.6.2022
  • Applies to New Visitors and Customers
  • 31.01.2023
  • Main changes
  • 31.01.2023