Privacy Notice

1. Introduction

This is an overview of how we process your personal data while you visit Datafruit website and contact us through website.

The controller of personal data is Datafruit OÜ, registry code 12769616, address Lõõtsa 1a Tallinn, Estonia.

2. How personal data is processed?

Datafruit is responsible of data processing and security regarding this website and the contact request form on the website.

We use web cookies to a) technically provide the website and b) optimize the user experience and keep the high level quality standard. You can make changes of how web cookies are used in your web browser settings.

In addition, you may provide us personal data by yourself by sending us contact request through web contact form on our website.

In contractual relationships with us the personal data processing is regulated by corresponding attachment of the service agreement and this Privacy Notice does not address the service between legal entities.

3. What kind of personal data we process and why?

Processing activity

Data categories


Legal basis

Data inserted by the website visitor to contact request form

First and Last Name, e-mail address, request content

Pre-contractual negotiations with potential Client


Website analytics

Web browser type, technical cookies, error messages

Providing and developing of website

Legitimate interest

Website visitor web behaviour

Web browser type, IP address, details of website usage

Optimization of website visitor user experience

Legitimate interest

4. Personal data transfer

Any data you provide will not be publicly displayed or shared to other Users. Our employees and business partners have access to personal data to the extent necessary for the performance of their work duties.

We may use third party processors from time to time to help provide our website on high quality standards. In such case the service provider may have access to some of your personal data to provide the service accordingly. The service provider do not have the right to use your personal data for any other purpose and/or extent other than directly necessary to provide the agreed service.  

Some of the service providers may be located outside the territory of European Union so your personal information might be sent outside the EU. In such instances we will ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and that appropriate contractual, technical, and organizational measures are in place.

Why and with whom we may share your personal data?

Categories of Recipients

Reason for sharing

Service providers

We work with service providers that work on our behalf which may need access to certain personal data to provide their services to us. These companies include those we have hired to operate the technical infrastructure that we need to provide service and assist in protecting and securing our systems and services. For more information please contact us

5. Information security

We have taken necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against the unauthorized disclosure, abuse or other processing in violation of applicable law (Identity and access management; Preventing unauthorized viewing of personal data; Deliberately set password requirements; Structurally safe network design; Encryption system; Data loss prevention (DLP) and other relevant continuously updated security measures).

6. Data storage and deletion

The storage period of personal data depends on which purpose and legal ground we process the data. The data collected through website usually falls under our legitimate interest or contractual obligation.

Data type


Retention time

First and Last Name, e-mail address, request content

Pre-contractual negotiations

1 year

Web browser type, technical cookies, error messages, IP address, details of website usage

Web analytics

Technical cookies up to 1 week

User experience related analytical cookies up to 3 months

7. Individual rights

Under data protection law, you have rights including:

  • Right to be informed and to access. You may get information regarding your personal data processed by us.
  • Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party.
  • Right to erasure. You have the right to have personal data we process about you erased from our systems if the personal data are no longer necessary for the related purposes.
  • Right to object and restrict. You have the right to object to the processing of your personal data and restrict it in certain cases.
  • Right to rectification. You have the right to make corrections to your personal data.
  • Right to withdraw consent. When you have given us consent to process your personal data, you may withdraw said consent at any time.

We will respond to your requests within 30 days.

If you have any questions regarding personal data processing by us, please contact

You may lodge a complaint to the supervisory authority, the Estonian Data Protection