Privacy policy

Personal data refers to information that OÜ Puupõld collects for the purpose of providing services, identifying individuals, contacting them for service provision, resolving issues, or sending promotional content.

OÜ Puupõld does not process sensitive personal data as defined in the General Data Protection Regulation (GDPR, EU Regulation 2016/679).

OÜ Puupõld is committed to protecting the personal data and privacy of its clients and users. Its online activities comply with all applicable regulations, including EU Regulation 2016/679 and the laws of the Republic of Estonia. OÜ Puupõld implements administrative, technical, and physical precautions to safeguard collected personal data. Access to data modification and processing is limited to authorized personnel.

Security

All personal data obtained during visits to OÜ Puupõld’s websites is treated as confidential information.

The following outlines OÜ Puupõld’s privacy principles regarding the collection, processing, use, disclosure, transfer, modification, erasure, and deletion of personal data.

These principles do not apply to the processing of data of legal entities or other organizations, nor do they cover data processing on third-party websites or services linked on our website.

Representatives of legal entities (as service clients) are not considered natural persons under GDPR and are not subject to its provisions.

What Data Is Collected?

When visiting our websites, non-personalized technical data about visitors is collected, such as:

  • IP address of the computer or network used,
  • Browser and operating system version,
  • Date and time of visit,
  • Geographic location of the visit.

IP addresses are not associated with identifiable personal information.
Data is collected to improve website functionality and user experience.
Google Analytics is used for data collection. If you prefer not to share this data, you can disable Google Analytics data collection as described here.

For individuals, collected data may include, as necessary:

  • Personal identification number for uniqueness,
  • Name, email address, phone number, city, and country for communication.

For legal entities, collected data includes:

  • Name, country, address, email for invoicing and contact purposes,
  • Names, emails, and phone numbers of representatives.

We may collect information about your interaction with our emails, such as whether you opened the email, clicked on links, or device and technical specifications. This data is saved in the contact history.

Marketing-related personal data (e.g., name, email, or phone number) may also be used for promotional purposes on social media and online platforms like Facebook, Instagram, and Google for up to 5 years from the date of consent. OÜ Puupõld has a legitimate interest (GDPR Art. 6(1)(f)) to send marketing communications to maintain business relationships.

Personal data uploaded by clients within OÜ Puupõld’s environment is protected under the confidentiality agreement signed by the client as part of the service contract.

Data Retention

  • Non-personal technical data collected through websites is stored indefinitely.
  • Personal data related to specific queries or transactions is stored for up to 7 years from the last interaction with the service provider, as required by accounting laws.

Disclosure of Data

Personal data processed by OÜ Puupõld may only be shared without consent if required by law (e.g., courts or pre-trial authorities with justified necessity).

Data processed on behalf of clients remains confidential, and ownership lies solely with the client. OÜ Puupõld may provide technical assistance but does not assume ownership or responsibility for the data.

Rights Regarding Collected Data

Individuals have the right to:

  • Access, modify, or cease processing their data.
  • Opt-out of marketing communications via the link in the footer of emails.
  • Request data deletion, cessation of processing, or restriction of access when there is no longer a legal basis for data processing.

Requests will not be fulfilled if:

  1. It infringes the rights of others.
  2. It impedes service delivery.
  3. It interferes with legal processes.
  4. It is technically unfeasible or unnecessary.
  5. The requester cannot be identified.

Examples:

  • An email address cannot be deleted if it is required to prevent further marketing communications.
  • Sufficient data must remain in the CRM to ensure no further contact is made.

Privacy Policy Terms and Changes

By using OÜ Puupõld websites, you acknowledge and agree to these principles. OÜ Puupõld reserves the right to modify its privacy policy and will notify all affected parties of any changes.