Privacy Policy for eyt.ee

Effective Date: April 17, 2025

1. Introduction

Welcome to eyt.ee (the "Website"). This Website is operated by EYT Eesti OÜ ("we", "us", "our"). We are committed to protecting the privacy and security of our visitors and users ("you", "your"). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit or interact with our Website.

Our data processing activities are governed by the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Estonian data protection laws.

The data controller for this Website is:

2. Information We Collect

We may collect different types of information from you, depending on how you interact with our Website:

• Personal Identification Information: This may include your name, email address, phone number, or other contact details, but only if you voluntarily provide it to us, for example, by filling out a contact form, subscribing to a newsletter, or making an inquiry.
• Technical Information: When you visit our Website, we may automatically collect certain technical information sent by your browser or device. This can include:
  • Your Internet Protocol (IP) address
  • Browser type and version
  • Operating system and platform
  • Device type
  • Time zone setting and location (country/city level)
  • Referrer URL (the website you came from)
• Usage Information: We may collect information about how you use our Website, such as:
  • Pages you visited
  • Time spent on pages
  • Links clicked
  • Date and time of access
  • Website navigation paths

3. How We Collect Information

We collect information in the following ways:

• Directly from You: When you voluntarily provide information through forms, emails, or other direct interactions on the Website.
• Automatically: Through technologies like cookies, web beacons, server logs, and analytics tools (e.g., Google Analytics) when you browse the Website.

4. How We Use Your Information

We use the information we collect for various purposes, including:

• To Provide and Maintain Our Website: Ensuring the Website functions correctly and securely.
• To Respond to Inquiries: Addressing your questions or requests submitted via contact forms or email.
• To Improve Our Website: Analyzing usage patterns to understand how visitors interact with the Website, allowing us to enhance user experience, content, and functionality. (e.g., via aggregated analytics data).
• For Security Purposes: Monitoring for fraudulent or malicious activity and protecting the integrity of our Website.
• To Comply with Legal Obligations: Fulfilling legal and regulatory requirements.
• [Optional: Add other specific purposes, e.g., To send newsletters or marketing communications, if applicable and consent obtained]

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under GDPR:

• Legitimate Interests: Processing technical and usage data to operate, maintain, secure, and improve our Website is based on our legitimate interests, provided these are not overridden by your fundamental rights and freedoms. Responding to your inquiries may also fall under legitimate interests.
• Consent: If we collect data for purposes like newsletters or specific types of cookies (e.g., marketing/tracking), we will rely on your explicit consent. You can withdraw your consent at any time.
• Legal Obligation: We may need to process your data to comply with applicable laws or regulations.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in limited circumstances with:

• Service Providers: Third-party companies that perform services on our behalf, such as website hosting, data analysis (e.g., Google Analytics), IT support, and security services. These providers are contractually obligated to protect your data and only use it for the purposes we specify. [List specific key providers if known, e.g., Google Analytics, web host name].
• Legal Requirements: If required by law, regulation, legal process, or governmental request (e.g., court order, subpoena).
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, user information may be transferred as a business asset.

7. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). If we transfer your personal data outside the EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or ensuring the recipient country has an adequacy decision, to protect your data according to GDPR standards.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include secure servers, encryption (e.g., HTTPS for the Website), access controls, and staff training. However, no internet transmission or electronic storage method is 100% secure, so we cannot guarantee absolute security.

9. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Anonymous or aggregated data may be kept for longer periods for statistical purposes.

• Technical and usage logs are typically retained for [Specify retention period, e.g., 6 months, 1 year, or link to service provider policies like Google Analytics].
• Information provided via contact forms is kept as long as needed to resolve the inquiry and potentially for a reasonable period afterward for record-keeping, unless you request deletion earlier.

10. Your Data Protection Rights (Under GDPR)

As a resident of the EEA, you have the following rights regarding your personal data:

• Right of Access: You can request copies of your personal data.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data under certain conditions.
• Right to Restrict Processing: You can request the restriction of processing your personal data under certain conditions.
• Right to Object to Processing: You can object to processing based on legitimate interests.
• Right to Data Portability: You can request the transfer of your data to another organization or directly to you, under certain conditions.
• Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon - AKI) or your local supervisory authority if you believe your data protection rights have been violated. (Website: www.aki.ee)

To exercise any of these rights, please contact us using the details provided in Section 1. We may need to verify your identity before processing your request.

11. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies (like web beacons or pixels) to enhance user experience, analyze traffic, and ensure website functionality.

• What are Cookies: Small text files stored on your device when you visit a website.
• Types We May Use:
  • Strictly Necessary Cookies: Essential for the Website to function (e.g., session management, security). These do not usually require consent.
  • Performance/Analytics Cookies: Help us understand how visitors use the Website (e.g., Google Analytics). These collect aggregated, anonymous data.
  • Functionality Cookies: Remember choices you make (e.g., language preference) to provide a more personalized experience.
  • [Optional: Targeting/Advertising Cookies:] [If used, explain their purpose, e.g., delivering relevant ads, usually requires consent].
• Managing Cookies: You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. You may also be presented with a cookie consent banner upon your first visit where you can manage non-essential cookies. Please note that blocking essential cookies may affect Website functionality. [Link to a separate Cookie Policy if you have one with more detail].

12. Children's Privacy

Our Website is not intended for children under the age of 16 (or a higher age if required by local law). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. We will post any changes on this page and update the "Effective Date" at the top. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

---