Privacy Policy

1. General provisions

ARVUTIABI-ESOFT OÜ respects the privacy of its users and processes personal data in accordance with the laws of the European Union and the Republic of Estonia, including the General Data Protection Regulation (GDPR).

This Privacy Policy explains what personal data is collected, for what purposes and on what legal grounds it is processed, and what rights data subjects have.

2. Collection and processing of personal data

The Company may process the following personal data:

• contact details provided by the user (name, phone number, email address, address);
• data related to service orders and customer communication;
• customer account data and order history;
• data provided when applying for instalment payments;
• data collected via cookies and similar technologies.

3. Collection of technical and aggregated data

The Company may also collect aggregated and technical data that does not directly identify a user, including:

• device and browser technical characteristics;
• approximate location;
• website usage statistics;
• general user behaviour on the website.

Such data is used to analyse and improve the quality of services and website performance.

4. Security and fraud prevention

For the purposes of ensuring the security of the website, services and infrastructure, and preventing fraud and abuse, ARVUTIABI-ESOFT OÜ processes certain technical data.

Such processing is based on the Company’s legitimate interest pursuant to Article 6(1)(f) GDPR.

For these purposes, the following technical data may be processed:

• IP address;
• technical device identifiers;
• browser technical data (e.g. user-agent);
• request metadata and security logs.

These data are used solely for security and fraud prevention purposes and are not used for marketing or user profiling. Processing is carried out within the Company’s infrastructure, and data are retained for a limited period.

5. Use of personal data

Personal data are used to:

• provide services and fulfil contractual obligations;
• respond to customer inquiries;
• deliver goods and services;
• comply with legal obligations;
• improve services and website performance.

Marketing communications are sent only with the user’s consent, which can be withdrawn at any time.

6. Disclosure of personal data

The Company may disclose personal data to third parties only to the extent necessary for service provision (e.g. payment or logistics partners), provided that such parties comply with confidentiality and data protection requirements.

7. Data security

The Company implements appropriate technical, organisational and physical measures to protect personal data against unauthorised access, alteration, disclosure or destruction. Access to data is granted only to authorised persons.

8. Data subject rights

Users have the right to:

• obtain information about the processing of their personal data;
• request correction of inaccurate data;
• request deletion of data where permitted by law;
• restrict data processing;
• object to processing based on legitimate interest.

Requests may be sent to: [email protected]

9. Policy updates

The Company reserves the right to update this Privacy Policy. The current version is always available on the website.