Connected OÜ is the controller of personal data.
Below we explain how your personal data as a data subject are processed. When processing personal data, we follow the General Data Protection Regulation and any applicable special laws.
Our data protection contact is: Diana Ossipova (diana.ossipova@datavie.eu)
I Definitions
To make this privacy notice clear and understandable to you, we explain some of the more important terms used in the privacy notice:
- Data subject – a natural person whose personal data are processed by Connected OÜ. Data subjects are: Company representatives, Company contact persons, Employees of partners, Other contact, Existing employees, Software users, Ultimate beneficial owners
- Personal data – any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, personal ID code, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Controller – as controller, Connected OÜ determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
- Automated decisions – a decision taken by a data processing system without the participation of the data subject, which assesses his or her character traits, abilities or other personal characteristics, where it produces legal effects concerning the data subject or similarly significantly affects him or her.
- Partners – natural or legal persons or public authorities with whom Connected OÜ processes personal data in the course of business or to whom data are transferred. For the purposes of this document, partners are recipients of personal data, processors, and third parties.
- Recipient of personal data – a natural or legal person to whom data are disclosed in the context of processing personal data.
- Processor – a natural or legal person who is authorized to process personal data on behalf of Connected OÜ, i.e., the controller, in accordance with the controller’s instructions.
Connected OÜ ensures the lawfulness of personal data processing and considers the confidentiality and protection of personal data to be very important. The goal is to ensure responsible processing of personal data based on the interests, rights, and freedoms of the data subject.
The exact scope of the personal data processed by Connected OÜ depends on the purpose for which personal data are processed. Personal data are collected only for specified and legitimate purposes and are not further processed in a manner incompatible with those purposes.
Below we present the necessary information about the purposes and activities of processing your personal data, depending on whether the data were obtained from you, arose in the course of cooperation between you and Connected OÜ, i.e., us, or were obtained from a third party.
Connected OÜ retains personal data for as long as necessary to achieve the purpose of processing. If it is desired to keep personal data longer than necessary for the collection purpose, the personal data are anonymized so that you as the data subject are no longer identifiable.
II Processing activities with data obtained from you
Here we provide an overview of the purposes and activities for which Connected OÜ collects your personal data, the legal basis for processing, and how long the data are retained. We also indicate whether the provision of personal data is voluntary, a legal or contractual obligation, or a requirement necessary for concluding a contract, and the consequences of not providing the data.
| Activity | Purpose | Legal basis | Basis for providing data | Consequence of failing to provide data | Retention period |
| Service activation | Provision of the service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Voluntary | Service not provided | 7 years from termination of the contract |
| Customer registration | Provision of the service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Voluntary | Service not provided | 7 years from termination of the contract |
| Compliance with data protection requirements (responding to requests, resolving incidents) | Protection of individuals | Compliance with a legal obligation | Voluntary | Compliance with data protection requirements may be impeded | 3 years from the response; |
| 3 years from the registration of the incident | |||||
| Making sales calls | Sales | Legitimate interest (Increasing the Company’s turnover) | Voluntary | Sales offer not sent | Data are not retained |
| Responding to requests for quotation | Sales | Legitimate interest (Increasing the Company’s turnover) | Voluntary | Sales offer not sent | 7 years from the response |
| Contract management | Protection of the Company’s interests | Legitimate interest (Protection of the Company’s rights) | Voluntary | The contract will not be concluded | 7 years from termination of the contract |
| Verification of representation rights | Protection of the Company’s interests | Legitimate interest (Mitigating the Company’s credit risk, Fraud prevention) | Requirement necessary for concluding the contract | Service may be impeded, The contract will not be concluded | Data are not retained |
| Pre-contractual negotiations | Sales | Legitimate interest (Increasing the Company’s turnover) | Voluntary | The contract will not be concluded | 7 years from the end of the negotiations |
| Billing | Financial operations | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Contractual obligation | Breach of contract | 7 years from recording the business transaction |
| Sending quotations | Sales | Legitimate interest (Increasing the Company’s turnover) | Voluntary | Sales offer not sent | 7 years from making the offer |
| Responding to customer inquiries | Customer service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Voluntary | Service may be impeded | 7 years from the response |
You can review legitimate interest assessments by submitting a corresponding request: diana.ossipova@datavie.eu
III Processing activities with data that have arisen in the course of our cooperation or that we have obtained from a third party
In addition to you providing us with your data, data about you also arise in the course of our cooperation, and we store your data in the systems we use. We also obtain data about you from third parties.
| Activity | Purpose | Legal basis | Categories and sources of personal data | Retention period |
| Responding to requests from public authorities | Providing data to public authorities | Compliance with a legal obligation | First and last name (System), Personal ID code (System), Response to the request (System) | Data are not retained |
| Ensuring the functioning of the service | Provision of the service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Invoice data (System), Contract data (System) | 7 years from termination of the contract |
| Service activation | Provision of the service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Email address (Data subject), First and last name (Data subject), Personal ID code (Data subject), Customer number (System) | 7 years from termination of the contract |
| Management of customer accounts | Provision of the service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Invoice data (System), Email address (System), First and last name (System), Personal ID code (System), Customer number (System) | 7 years from deletion of the account |
| Debt collection | Protection of the Company’s interests | Legitimate interest (Protection of the Company’s rights, Avoiding losses) | Email address (System), First and last name (System), Personal ID code (System), Debt information (System) | 7 years from the claim becoming due |
| Notifications to the customer | Ensuring customer satisfaction, Customer service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract, Legitimate interest (Ensuring customer satisfaction) | Email address (System), First and last name (System), Phone number (System) | Data are not retained |
| Compliance with data protection requirements (responding to requests, resolving incidents) | Protection of individuals | Compliance with a legal obligation | Email address (Data subject, System), First and last name (Data subject, System), Personal ID code (Data subject, System), Response to the request (System) | 3 years from the response; |
| 3 years from the registration of the incident | ||||
| Management of personal data (modification, rectification, deletion) | Protection of individuals | Compliance with a legal obligation | Email address (System), First and last name (System), Personal ID code (System), Customer number (System), Phone number (System) | 7 years from making the reservation |
| Implementation of information security measures | Protection of the Company’s assets, Protection of individuals | Legitimate interest (Protection of the Company’s assets, incl. information assets) | Email address (Data media (excluding systems), System), First and last name (Data media (excluding systems), System), Home address (Data media (excluding systems), System), Personal ID code (Data media (excluding systems), System), Logs (System), Phone number (Data media (excluding systems), System) | 10 years from the creation of the log |
| Making sales calls | Sales | Legitimate interest (Increasing the Company’s turnover) | First and last name (Data subject, System), Phone number (Data subject, System) | Data are not retained |
| Sending marketing offers | Marketing | Data subject’s consent, Legitimate interest (Increasing the Company’s turnover) | Email address (System), First and last name (System) | Data are not retained |
| Responding to requests for quotation | Sales | Legitimate interest (Increasing the Company’s turnover) | Email address (Data subject, System), First and last name (Data subject, System), Customer inquiries (Data subject), Phone number (Data subject, System) | 7 years from the response |
| Saving chat window conversations | Ensuring customer satisfaction, Customer service | Legitimate interest (Protection of the Company’s rights, Ensuring customer satisfaction) | Chat window conversations (System) | 3 years from recording |
| Software development | Product development | Legitimate interest (Ensuring the functionality of the Company’s software, including development) | Email address (System), First and last name (System), Personal ID code (System), Customer inquiries (System) | 7 years from making the entry |
| Billing | Financial operations | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Invoice data (System), Invoice payer data (Data subject), Bank account (System), Email address (System) | 7 years from recording the business transaction |
| Reporting to public authorities | Providing data to public authorities | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract, Compliance with a legal obligation | First and last name (System), Personal ID code (System) | Data are not retained |
| Sending quotations | Sales | Legitimate interest (Increasing the Company’s turnover) | Email address (Data subject, System), First and last name (Data subject, System) | 7 years from making the offer |
| Accounting | Financial operations | Compliance with a legal obligation | Invoice data (System), Invoice payer data (System), Bank account (System), Email address (System) | 7 years from recording the business transaction |
| Responding to customer inquiries | Customer service | Processing necessary to enter into a contract at the data subject’s request and for the performance of the contract | Email address (System), First and last name (System), Customer inquiries (Data subject), Phone number (System) | 7 years from the response |
You can review legitimate interest assessments by submitting a corresponding request: diana.ossipova@datavie.eu
IV Disclosure of personal data to partners
In the course of our cooperation, it is necessary to disclose or transfer personal data to Connected OÜ partners, who are the following:
Partners
| Partner category |
| Data protection service provider |
| Cloud service provider |
| Accounting service provider |
| Server solution provider |
| Communications service provider |
| Technology partner |
| Work management software provider |
Partners are entitled to process personal data only to the extent necessary to achieve the specified purposes. Partners must comply with Connected OÜ requirements regarding the processing of personal data.
V Transfer of data to a partner located in a third country
In the course of our cooperation, it is necessary to transfer personal data to Connected OÜ partners located in third countries, and therefore we apply the following safeguards:
Safeguards
| Partner category | Primary place of business | Applicable safeguards |
| Cloud service provider | United States | European Commission adequacy decision (including the EU-US Data Privacy Framework) |
| Technology partner | United States | European Commission adequacy decision (including the EU-US Data Privacy Framework) |
| Work management software provider | Australia | Certification mechanisms |
| Work management software provider | United States | European Commission adequacy decision (including the EU-US Data Privacy Framework) |
You can obtain additional information about supplementary safeguards by submitting a corresponding request: diana.ossipova@datavie.eu
VI Profiling and automated decisions
We do not carry out profiling and/or automated decision-making concerning you.
VII Your rights
You have the right to obtain information about the conditions of data processing. Connected OÜ will make the data processing conditions available to you on the basis of this document or upon a corresponding request.
You have the right of access to the information referred to in points 1 and 2 of Article 15 of the General Data Protection Regulation. We will make the information specified in the Regulation available to you on the basis of this document and/or a corresponding request, which you can submit to: diana.ossipova@datavie.eu
You have the right to request rectification of personal data. You can rectify the data by sending a corresponding request to: diana.ossipova@datavie.eu
You have the right to erasure of personal data (“right to be forgotten”). You have the right to request that your personal data be erased, for example if you have withdrawn your consent to the processing of data and there is no other legal basis for processing your data.
You have the right to restriction of processing. You have the right to request restriction of processing if the processing of personal data is not permitted by law or if you contest the accuracy of the personal data. You have the right to request restriction of processing for a period enabling us to verify the accuracy of the personal data or where the processing is unlawful but you do not request the erasure of the personal data.
You have the right to receive the personal data concerning you which you have provided to us and the right to transmit those data to another controller (right to data portability).
You have the right to object at any time to the processing of personal data concerning you that is necessary on the basis of legitimate interests, including profiling based on legitimate interests.
You have the right to lodge a complaint with us, the Data Protection Inspectorate, or a court if you believe that your rights have been violated in the processing of personal data. You can find the contact details of the Data Protection Inspectorate on their website: https://aki.ee
You can submit a request or objection to us at: diana.ossipova@datavie.eu. We will respond to you no later than one month after receiving your request or objection. Where necessary, we may extend this period by two months, taking into account the complexity and number of requests or objections. In that case, we will inform you of the extension of the response deadline and the reasons for the delay within one month of receiving your request or objection. Where your request is made electronically, we will respond electronically as well, unless you prefer another means of response.
We are entitled to refuse your request to exercise your rights if we are unable to identify you as the data subject.
If we do not take action on your request or objection, we will inform you within one month of receiving your request or objection of the reasons for not taking action and explain your possibility to lodge a complaint with supervisory authorities and to seek a judicial remedy.
VIII Other terms
Connected OÜ reserves the right to update, specify, and supplement the terms at any time, based on changes in legislation and personal data processing.
Last updated: 17.06.2026