Data Protection Policy

1. Introduction

Our company values your privacy and is committed to protecting your personal data in accordance with applicable laws in Estonia, including the General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act (Isikuandmete Kaitse Seadus).

This document explains how we collect, use, and protect the personal information you provide when using our platform or interacting with our services.

2. Data Controller

The data controller responsible for processing your personal data is:

Company Name
Address: [Specify address]
Email: [Specify contact email]

If you have any questions about how your personal data is handled, please contact us through the details provided above.

3. Personal Data Collected

We may collect the following categories of personal data:

Identification information: full name, address, phone number, and email address.
Financial data: details of transactions carried out through our platform.
Technical information: IP address, browser type, session data, and cookies (refer to our Cookie Policy).
Other information: data voluntarily provided by you during registration, inquiries, or the use of our services.

4. Purpose of Data Processing

Your personal data will be processed for the following purposes:

Providing our services, including account and transaction management.
Communicating with users about service updates or important notifications.
Complying with legal obligations, including anti-money laundering (AML) and counter-terrorism financing requirements.
Enhancing and personalizing your experience on our platform.
Sending commercial communications, subject to your explicit consent.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

Performance of a contract: to provide the requested services.
Legal obligation: to comply with applicable regulations, such as the Estonian AML Act and GDPR.
Consent: when required for activities such as sending commercial communications or additional processing.

6. Data Sharing with Third Parties

We do not share your personal data with third parties except in the following cases:

Regulatory authorities and official bodies when required by law.
Service providers acting as data processors (e.g., storage or communication services), under strict security measures.
Other third parties, with your explicit consent.

7. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure compliance with applicable data protection laws, including the use of EU-approved Standard Contractual Clauses.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by legal or regulatory obligations.

9. User Rights

Under applicable laws, you have the following rights:

Right of access: to request information about your personal data being processed.
Right to rectification: to request correction of incorrect or incomplete data.
Right to erasure: to request deletion of your personal data, subject to legal limitations.
Right to object: to object to data processing under certain circumstances.
Right to data portability: to request the transfer of your personal data to another data controller.

To exercise these rights, please contact us using the information provided in Section 2.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure.

11. Changes to the Data Protection Policy

We reserve the right to amend this policy at any time to reflect changes in our practices or legal requirements. The updated version will be available on our website with a visible revision date.

12. Complaints

If you believe that your personal data has been processed in violation of applicable laws, you have the right to file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).