Privacy Policy

Last updated: 21 February 2025

1. Data Controller

Innovadata OÜ (registry code 17267954), registered at Harju maakond, Estonia, is the data controller responsible for your personal data.

Data protection contact: privacy@innovadata.eu

2. Data We Collect

We collect the following categories of personal data:

2.1 Order Data

When you place an order: full name, email address, phone number (optional), company name and registry code (for business customers), VAT number (optional). Legal basis: contract performance (GDPR Art. 6(1)(b)).

2.2 Analytics Data

With your consent: page views, session duration, browser language, screen resolution, referrer URL. We use a self-hosted, lightweight analytics tracker : no third-party cookies. Data is stored with a pseudonymous visitor ID in localStorage. Legal basis: consent (GDPR Art. 6(1)(a)).

2.3 Support Data

When you contact support: name, email address, message content. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) : to respond to your inquiry.

2.4 Technical Data

Server logs may temporarily record IP addresses, user-agent strings, and timestamps for security and error monitoring. These are deleted within 30 days. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

3. Cookies and Similar Technologies

We use the following storage technologies:

3.1 Necessary (always active)

  • innovadata_lang : localStorage : stores your language preference (EN/ET).
  • innovadata_consent : localStorage : stores your cookie consent choices.

3.2 Analytics (requires consent)

  • _iv : localStorage : pseudonymous visitor identifier for analytics.
  • _is : sessionStorage : session identifier (resets when tab closes).

3.3 Marketing

Currently not used. No marketing cookies or third-party trackers are deployed.

You can manage your cookie preferences at any time by clicking the 🍪 cookie icon in the bottom-left corner of any page, or by using the "Manage Preferences" option in the cookie banner.

4. Purpose of Processing

  • Order fulfillment : to process your purchase, deliver data files, and send invoices.
  • Analytics : to understand site usage patterns and improve the service (with consent).
  • Customer support : to respond to your inquiries.
  • Legal compliance : to comply with tax, accounting, and other legal obligations.
  • Security : to protect the service against abuse and unauthorized access.

5. Data Sharing

We share personal data only with:

  • Montonio Finance OÜ : payment processing (acts as independent controller for payment data).
  • Email service provider : for sending invoices and order confirmations (data processing agreement in place).
  • Server hosting provider : infrastructure where data is stored (EU-based servers).

We do not sell, rent, or trade your personal data to any third parties.

6. Data Retention

  • Order data : 7 years (Estonian accounting law requirements).
  • Analytics data : 26 months from last activity, then automatically deleted.
  • Support messages : 2 years from last communication.
  • Server logs : 30 days.

7. Your Rights (GDPR Art. 15–22)

You have the following rights regarding your personal data:

  • Right of access (Art. 15) : request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16) : request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) : request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Right to restriction (Art. 18) : request that we limit processing of your data.
  • Right to data portability (Art. 20) : receive your data in a machine-readable format.
  • Right to object (Art. 21) : object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)) : withdraw consent for analytics tracking at any time via cookie settings.

To exercise any of these rights, send an email to privacy@innovadata.eu with the subject line "Data Subject Request". We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (TLS/HTTPS), access controls, regular security reviews, and secure server infrastructure within the European Union.

9. International Transfers

All data is stored and processed within the European Union/European Economic Area. We do not transfer personal data to countries outside the EU/EEA.

10. Children's Data

Our service is intended for business professionals. We do not knowingly collect personal data from children under 16. If you believe a child has provided data, contact us for immediate deletion.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via a notice on our website. The "last updated" date at the top indicates the most recent revision.

12. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

13. Contact

For any privacy-related questions or data subject requests: