Privacy Policy

This Privacy Policy explains how Adeliance OÜ, with its registered office at Pärnu mnt 113, 11312, Tallinn, Estonia (“we”, “us”, or “our”), collects, uses, and protects Personal Data in connection with its business activities and website operations.

We act as the data controller for the purposes of applicable data protection legislation, including the Estonian Data Protection Act (Act No. 110/2019 Coll.) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This policy outlines what data we process, the reasons for processing, your rights, and how those rights may be exercised.

If you have any questions regarding this Privacy Policy, you may contact us at [email protected].

1. KEY DEFINITIONS

Personal Data means any information relating to an identified or identifiable natural person. This may include identifiers such as name, contact details, online identifiers (including IP addresses), or other data that can reasonably be linked to an individual.

Information that cannot be associated with a specific individual, such as aggregated website statistics, does not constitute Personal Data.

Processing refers to any operation performed on Personal Data, whether automated or manual, including collection, storage, use, disclosure, or deletion.

2. LEGAL GROUNDS FOR PROCESSING

We process Personal Data only where a lawful basis exists under data protection law. Depending on the circumstances, processing may be based on one or more of the following grounds:

  • Consent – where you have explicitly agreed to the processing of your Personal Data for one or more specific purposes;
  • Contractual necessity – where processing is required to perform a contract with you or to take steps at your request prior to entering into a contract;
  • Legitimate interests – where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms.

3. YOUR RIGHTS AS A DATA SUBJECT

In accordance with the GDPR and applicable national legislation, you have the following rights in relation to your Personal Data:

a) Right of Access
You may request confirmation as to whether we process your Personal Data and obtain a copy of such data.

b) Right to Rectification
You may request correction of inaccurate Personal Data or completion of incomplete data without undue delay.

c) Right to Restriction of Processing
You may request that processing be restricted in certain circumstances, including where accuracy is contested or processing is unlawful.

d) Right to Erasure
You may request deletion of your Personal Data where processing is no longer necessary, subject to legal retention obligations.

e) Right to Data Portability
Where applicable, you may request your Personal Data in a structured, commonly used, and machine-readable format and request its transfer to another controller.

f) Right to Object
You may object to processing based on legitimate interests, including processing for direct marketing purposes.

g) Right to Withdraw Consent
Where processing is based on consent, you may withdraw such consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

h) Right to Lodge a Complaint
You have the right to lodge a complaint with a competent supervisory authority if you believe your data protection rights have been infringed.

i) Protection Against Automated Decisions
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us. For security reasons, we may need to verify your identity before responding.

4. SUPERVISORY AUTHORITY

The competent supervisory authority in Estonia is the Office for Personal Data Protection (OPDP). You may submit a complaint directly to the OPDP if you consider that your Personal Data has been processed unlawfully. We encourage you to contact us first so that we may attempt to resolve any concerns.

5. HOW WE PROCESS PERSONAL DATA

In the course of providing our services and operating our website, we process Personal Data for various purposes, as described below.

a) Website Access and Hosting
You may access our website without actively providing Personal Data. When you do so, technical data such as IP address, access time, requested resources, and browser information may be logged automatically. This data is used to ensure website security, stability, and functionality and is typically deleted within seven days.

b) Communications
If you contact us via email or social media, we process the information you provide solely to respond to your inquiry. Such data is deleted once the matter is resolved, unless retention is required by law.

c) Contractual Services
When you request or use our services, we process the Personal Data necessary to fulfill contractual obligations. Mandatory information is clearly identified where required.

d) Marketing Activities
Where you have provided separate consent, we may process your contact details for marketing communications. Each message includes a clear option to opt out at any time.

6. DATA SHARING AND TRANSFERS

We may engage external service providers to process Personal Data on our behalf. Such providers act only under our instructions and are subject to contractual data protection obligations.

Personal Data may be transferred outside the European Economic Area where necessary. In such cases, we implement appropriate safeguards to ensure an adequate level of protection in accordance with applicable law.

7. DATA SECURITY

We apply technical and organizational measures to protect Personal Data against unauthorized access, loss, alteration, or disclosure. Data transmissions are encrypted using HTTPS, and security controls are regularly reviewed.

8. DATA RETENTION

Personal Data is retained only for as long as necessary to achieve the purposes for which it was collected or to comply with legal obligations. Statutory retention periods may require data to be stored for up to six years.

9. AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling within the meaning of the GDPR.

10. CHILDREN’S DATA

Our services are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from minors without verified parental consent.

11. POLICY CHANGES

This Privacy Policy may be updated periodically to reflect legal or operational changes. The most recent update took place on Friday, January 24, 2025.

12. CONTACT

If you have questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, please contact us using the details provided above.