Privacy Policy

1. Data Controller

The controller of your personal data is:

This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the European Union General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act (IKS).

2. Data We Collect

We may collect and process the following personal data:

• Contact data: name, email address, phone number
• Company data: company name, registry code, address
• Order data: ordered services, files, project descriptions
• Technical data: IP address, browser type, visit time
• Communication data: correspondence, feedback, inquiries

3. Legal Basis and Purposes of Data Processing

We process your personal data on the following bases (GDPR Article 6):

• Contract performance (Art. 6(1)(b)): provision of services, fulfillment of orders, preparation of quotations, issuing invoices
• Legal obligation (Art. 6(1)(c)): accounting, tax reporting
• Legitimate interest (Art. 6(1)(f)): website improvement, analytics, ensuring customer service quality, preparing marketing materials
• Consent (Art. 6(1)(a)): newsletters and marketing communications (only with your consent)

4. Data Retention

We retain your personal data only as long as necessary to fulfill the purpose for which it was collected or to comply with legal obligations.

• Customer data: up to 3 years after the last transaction
• Accounting documents: 7 years as required by law
• Technical logs: up to 1 year
• Marketing consent: until withdrawal of consent

5. Data Sharing and Third Countries

We do not sell, rent, or share your personal data with third parties, except in the following cases:

• Partners necessary for service delivery (e.g., payment services, courier services)
• Legal obligations (e.g., tax authority, court orders)
• Your explicit consent

For website analytics, we use Umami, whose servers are located in the EU.

Sub-processors

The following third-party services may process data on our behalf:

• Umami Cloud (EU) — website analytics, anonymized visitor statistics. No personal data transferred.
• Anthropic (Claude AI) (USA) — AI-assisted quoting and project planning. Order descriptions may be processed. Anthropic's privacy policy applies. Data processed under Standard Contractual Clauses (SCCs) for EU-US transfers.
• Omniva / DPD (EU) — delivery services. Recipient name, address, and phone number shared for shipping.
• Gmail SMTP (Google, USA) — email delivery. Email addresses and message content processed under Google's privacy policy and SCCs.
• Meta Platforms (USA) — Meta Pixel for advertising conversion tracking. Only activated with your marketing consent. Data processed under Meta's privacy policy and SCCs.

We do not transfer personal data to third countries outside the European Economic Area (EEA) without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

6. Your Rights

Under the GDPR, you have the following rights:

• Right of access: right to obtain information about your data
• Right to rectification: right to request correction of inaccurate data
• Right to erasure: right to request deletion of data ("right to be forgotten")
• Right to restriction: right to restrict data processing
• Right to data portability: right to receive your data in a structured format
• Right to object: right to object to data processing
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time

To exercise your rights, please contact us at .... We will respond to your request within 30 days.

7. Automated Decisions

We do not use automated decision-making or profiling that would have legal consequences for you.

8. Cookies

Our website may use cookies and similar tracking technologies to improve user experience. Cookies are small text files stored on your device.

We use the following categories of cookies:

• Essential cookies: to ensure basic website functionality (always active)
• Analytical cookies: to collect visitor statistics (Umami — privacy-friendly analytics that does not track personal data)
• Marketing cookies: to measure advertising effectiveness and show more relevant ads. We use Meta Pixel (Facebook), which may place cookies on your device to track conversions and build advertising audiences. Meta Pixel is only loaded with your explicit consent. Meta's privacy policy applies to data collected through the pixel.

When you first visit our website, a cookie consent banner allows you to choose which categories of cookies you accept. You can change your preferences at any time by clearing your browser's local storage and revisiting the site. Disabling cookies may affect website functionality.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes the use of SSL encryption for data transmission.

10. Changes

We may update this privacy policy from time to time. In case of significant changes, we will notify you through our website. We recommend regularly visiting this page.

11. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to file a complaint with the Estonian Data Protection Inspectorate: