Privacy Policy
Effective date: 25 - 07 - 2025
1 Introduction
Fernanz OÜ ("Fernanz", "we", "our", "us") is committed to protecting the privacy of individuals who interact with our websites, products and services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, store and protect your personal information, and the rights and choices available to you. By using our Services, you acknowledge that you have read and understood this Policy.
2 Definitions
Service – the Websites, applications, platforms and related offerings operated by Fernanz.
Personal Data – any information relating to an identified or identifiable natural person.
Usage Data – data collected automatically when you interact with the Service (e.g., device identifiers, log files, cookies).
Data Controller – the legal entity that determines the purposes and means of processing Personal Data (Fernanz).
Data Processor (Service Provider) – a third party that processes Personal Data on behalf of the Data Controller.
Data Subject – the individual whose Personal Data is processed.
3 Who Is the Data Controller?
Fernanz OÜ (registry code 16886772, Majaka 37, 11411 Tallinn, Estonia) holds the controller of Personal Data processed under this Policy. You may contact us, or our Data Protection Officer (DPO), at [email protected].
4 Categories of Personal Data We Collect
- Information you provide directly
Identification and contact details (name, company, email, phone).
Account credentials, profile information and communications.
Billing and payment details (handled by our payment processors).
Content you upload or otherwise provide through the Services.
- Information collected automatically
Usage Data such as IP address, browser type, device identifiers, referring pages, time stamps and pages viewed.
Cookies, pixels and similar technologies (see § 11).
- Information from third parties – e.g., analytics providers, integration partners, social media platforms, or publicly‑available sources, as permitted by law.
5 Legal Bases for Processing (EEA/UK‑GDPR)
We process Personal Data on one or more of the following legal grounds:
- Contract – to provide or take steps to enter into the Services you request.
- Legitimate interests – to operate, protect and improve our business and Services, provided these interests are not overridden by your rights.
- Consent – where you have given clear consent (e.g., certain marketing cookies or newsletters). You may withdraw consent at any time.
- Legal obligation – to comply with applicable laws, court orders or regulatory requirements.
6 How We Use Personal Data
- Provide, operate and maintain the Services.
- Manage user accounts, transactions, subscriptions and support.
- Monitor, analyse and enhance Service performance, availability and security.
- Communicate important changes, product updates and promotional offers (you may opt out).
- Detect, prevent and investigate fraud, abuse or security incidents.
- Enforce contracts and protect our rights and those of users and third parties.
- Comply with legal obligations and fulfil any purpose disclosed at the time of collection or with your consent.
7 Sharing and Disclosure
We disclose Personal Data only as described below, with appropriate safeguards:
- Service Providers/Sub‑processors – cloud hosting, analytics, customer‑support, email/SMS providers, payment processors (e.g., AWS, Twilio, Stripe, ). Each provider is contractually bound to process data only on our instructions and to implement suitable security measures.
- Business transfers – as part of a merger, acquisition or sale of assets, provided the acquirer assumes privacy obligations.
- Legal compliance – to competent authorities when required by law, court order or to defend legal claims.
- With your consent – or at your direction. Fernanz does not sell or rent Personal Data for monetary consideration.
8 International Data Transfers
Where we transfer Personal Data outside the European Economic Area ("EEA") or United Kingdom, we rely on adequacy decisions, Standard Contractual Clauses (SCCs) or other approved safeguards, and implement additional technical and organizational measures when necessary.
9 Data Retention
Personal Data is retained only for as long as necessary to: (i) fulfil the purposes outlined in § 6; (ii) comply with legal, accounting or reporting requirements; or (iii) resolve disputes. Usage Data is typically retained for up to 24 months unless a longer retention is required for security or analytical purposes. Back‑ups may persist for an additional 30 days before secure deletion.
10 Security Measures
We maintain administrative, technical and physical safeguards designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Measures include encryption in transit and at rest, least‑privilege access controls, regular vulnerability assessments, employee training and incident‑response procedures.
11 Cookies and Similar Technologies
We use the following categories of cookies:
- Strictly Necessary (Session) – essential for the Services to function.
- Preference – remember settings and user choices.
- Analytics – understand Service usage, traffic and improve performance.
- Advertising/Retargeting – deliver relevant ads (only with your consent).
You can manage cookie preferences via our cookie banner or your browser settings. We honor "Do Not Track" signals where supported.
12 Your Rights
12.1 GDRP / UK-GDPR
If you are located in the EEA or UK, you have the right to:
Access, correct, delete or restrict processing of your Personal Data.
Object to processing based on legitimate interests or direct marketing.
Port your data to another controller.
Withdraw consent at any time without affecting prior processing.
Lodge a complaint with your local supervisory authority.
12.2 California Consumers (CCPA/CPRA)
California residents have the right to:
Know the categories and specific pieces of Personal Data we collect, use and disclose.
Request deletion of Personal Data (subject to exceptions).
Opt‑out of "sharing" or "selling" of Personal Data (we do not sell data).
Non‑discrimination for exercising privacy rights.
Submit requests via [email protected] or +372 5559 5001. We will verify your identity before responding.
12.3 Other Jurisdictions
You may have additional rights under other applicable laws. Contact us to exercise any rights available to you.
13 Children’s Privacy
Our Services are not directed to children under 18. We do not knowingly collect Personal Data from children. If you believe we have unintentionally collected such data, please contact us so we can delete it promptly.
14 Automated Decision‑Making
Fernanz does not use Personal Data for automated decision‑making or profiling that could discriminate or that produces legal or similarly significant effects.
15 Data Breach Notification
In the event of a personal data breach, we will notify affected individuals and relevant supervisory authorities in accordance with applicable law, without undue delay.
16 Changes to This Policy
We may revise this Policy periodically. We will post the updated version and, where material changes are made, provide notice via email or prominent Service banner at least 30 days before the changes take effect. The "Effective date" at the top will indicate when the latest version becomes effective.
17 Contact Us
For questions, requests or complaints regarding this Privacy Policy or our privacy practices:
Fernanz OÜ
Majaka 37, 11411 Tallinn, Estonia
Email: [email protected]
Phone: +372 5559 5001
