Privacy Policy

This Privacy Policy describes how estx.io OÜ (“Company”, “we”, “us”, or “our”) processes personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for processing personal data is:

estx.io OÜ
Registry code: 14647544
Address: Telliskivi 57, 10412 Tallinn, Estonia
Email: info@estx.io

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors of the website estx.io
  • Clients using our services
  • Individuals contacting us via email or forms

3. Categories of Personal Data

We may process the following categories of personal data:

3.1 Identification Data

  • Full name
  • Personal identification number
  • Date of birth (if required)

3.2 Contact Data

  • Email address
  • Phone number
  • Residential address

3.3 Business and Corporate Data

  • Shareholder and director information
  • Company ownership structure
  • Business activity information

3.4 Communication Data

  • Messages, inquiries, and correspondence

3.5 Technical Data

We do not use tracking analytics or profiling cookies.

Limited technical logs (e.g., server security logs) may be processed for security purposes.

4. Purposes of Processing

We process personal data strictly for the following purposes:

  • Provision of services (e.g., company formation, legal address, accounting)
  • Client identification and due diligence (KYC / AML compliance where applicable)
  • Communication and customer support
  • Contract performance and administration
  • Legal compliance under applicable laws
  • Protection of legal claims and dispute resolution

5. Legal Bases for Processing

We rely on the following legal bases under GDPR:

  • Article 6(1)(b) – Processing necessary for performance of a contract
  • Article 6(1)(c) – Compliance with legal obligations
  • Article 6(1)(f) – Legitimate interests (e.g., business operations, fraud prevention)
  • Article 6(1)(a) – Consent (where explicitly required)

Where processing is based on consent, you may withdraw it at any time.

6. Data Sharing and Disclosure

We may disclose personal data to:

  • Legal and financial advisors
  • Accounting service providers
  • IT and hosting providers
  • Payment processors (if applicable)
  • Public authorities when required by law

All third parties are contractually bound to:

  • Process data only on our instructions
  • Maintain confidentiality
  • Implement appropriate security measures

7. International Data Transfers

As a rule, personal data is processed within the European Economic Area (EEA).

If data is transferred outside the EEA, we ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

8. Data Retention

We retain personal data only as long as necessary:

  • Accounting and financial data: 7 years
  • Client and contract data: duration of relationship + up to 10 years
  • Communication data: up to 3 years
  • Legal claims: until limitation periods expire

After retention periods, data is securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures, including:

  • Access control and authentication
  • Encrypted data transmission (SSL/TLS)
  • Internal access restrictions
  • Secure hosting within the EU

Despite our efforts, no system is completely secure; however, we continuously improve safeguards.

10. Your Rights Under GDPR

You have the following rights:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time

To exercise your rights, contact us at: info@estx.io

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

12. Third-Party Links

Our website may contain links to third-party websites.

We are not responsible for their data protection practices.

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:

Estonian Data Protection Inspectorate

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time.

Changes will be published on this page with an updated revision date.

15. Contact

For all privacy-related inquiries: info@estx.io

16. Acceptance of Terms

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.