Privacy Notice

1. This Privacy Notice

We encourage you to carefully read this Privacy Notice, as it provides important information about the processing of your personal data in connection with:

Your access to and use of our website available at https://www.deka.agency, including any subdomains (Website).
Performance of or discussions regarding business relationships and transactions with us (Business Relationship).
Your interaction with our accounts on various platforms, such as Upwork, LinkedIn, and Instagram (Accounts).

In this Privacy Notice, "personal data" and "personal information" are used interchangeably to refer to any information that can directly or indirectly identify you as an individual. In this document, we explain the types of personal data we collect, how we collect and process it, how long we retain it, and more.

2. Information About Us

When we refer to “we,” “us,” or “our,” we mean DekaDigital OÜ, a limited liability company established in Estonia, acting as a data controller, meaning a person responsible for processing your personal data.

“You” or “your” refers to you as:

a visitor to the Website;
a person:
- we cooperate with in the course of the Business Relationship; or
- someone who was contacted by us regarding the Business Relationship; or
- someone who contacts us us regarding the Business Relationship;
a person who accesses and uses our Accounts; or
any other individual whose personal data we process in accordance with this Privacy Notice, as we may inform you.

We respect your privacy and are committed to protecting your personal data. We process your personal data in line with this Privacy Notice and strive to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

If you have any questions about this Privacy Notice or the processing of your personal data, please contact us at legal@deka.agency

3. Our Principles

a. Lawfulness

We strive to process personal data in accordance with the applicable legislation and only on valid legal grounds.

b. Fairness

We handle personal data in ways that you would reasonably expect, ensuring that we do not use your information in ways that cause unjustified harm or negative impact.

c. Transparency

We make every effort to ensure that our processing activities are clear and understandable, providing you with all reasonably necessary information about how your data is processed.

d. Data Minimisation

We process only the personal data that is necessary, in line with the requirements of the applicable legislation.

e. Purpose Limitation

We use your data only for the purposes it was originally collected. If we need to use it for any other purpose, we will inform you in advance.

f. Accuracy

We strive to ensure that your personal data is accurate, providing you with the opportunity to correct or complete it if necessary.

g. Confidentiality, Integrity, and Availability

We aim to follow best practices for developing and maintaining security systems to protect your data.

h. Storage Limitation

We retain personal data only for as long as necessary, as outlined in this Privacy Notice and based on the purposes for which it was collected.

i. Accountability

We work to comply with the applicable legislation and ensure that if we disclose personal data to third parties, we take steps to ensure they also comply with the relevant laws and this Privacy Notice.

j. Security

We are committed to keeping your personal data secure and regularly review and update our technical and organisational measures to:

Safeguard your personal data in compliance with the applicable legislation, as well as our internal policies and procedures on data storage, access, and disclosure.
Protect against unauthorised or unlawful processing, accidental loss, destruction, or damage of your personal data.

We implement and maintain necessary security measures to ensure the confidentiality, integrity, and availability of your personal data. Where appropriate, your personal information may be anonymised, pseudonymised, or encrypted to enhance its security during transfer and processing.

4. Personal Data We Process

Please see below the categories of personal data we collect and process.

The types of personal data we collect depend on how you interact with us and the requirements of the applicable legislation.

Please do not provide personal data unless it is reasonably necessary or requested by us.

In addition to the personal data listed below, we may also collect additional information as required by applicable laws.

a. Business Data

This includes personal data relevant to your Business Relationship with us, such as your name, contact details, position, professional qualifications and background, identification data, tax data, financial information, and public data (e.g., public registers, profiles on online platforms).

‍b. Contact Data

This includes information related to your communication details, such as your name, address, email, phone number, and messenger handles.

c. Accounts Data

This includes personal data provided or generated when you interact with our Accounts, such as nicknames, names, photos, messages, comments, reviews, and other communications. It also includes any data you choose to provide us and any data generated for us by the relevant platform, such as a report on the interactions with our Accounts.

d. Analytical and Marketing Data

We collect analytical and marketing data through cookies provided by third parties. Cookies are small data files placed on your browser (such as on a computer, smartphone, or tablet) when you access online content, allowing us to recognise your device when you interact with or return to the Website.

Through cookies, we collect information including, but not limited to, your internet protocol (IP) address, browser details, device information, operating system, and other usage data related to the Website.

Cookies use unique codes that act as identifiers and, in certain cases, may be considered personal data under applicable legislation. This is because they can allow the user of a device to be uniquely recognised as the same user, even if their “real-world” identity is unknown.

Currently, we use cookies from Google Analytics (_ga and _ga_<container_id>) and Hotjar (_hjSessionUser_<site_id> and _hjSession_<site_id>). Please visit their respective websites if you wish to learn more.

5. How We Get Personal Data

We typically collect personal data directly from you when you contact us or provide us with information or documents.

However, we may also collect information from third parties, which may include:

public information (e.g., public registers, online profiles);
references from third parties (e.g., past or current clients, vendors, or employers);
data generated by platform operators (e.g., reports on interactions with our Accounts);
analytics and marketing data from third-party cookies.

6. How We Use Personal Data

a. Business Data

Purposes:

To establish and perform a Business Relationship with you or the company you represent.
To execute the relevant agreements in connection with the Business Relationship.
To fulfill our rights and obligations under the Business Relationship.
To comply with applicable laws, including accounting and tax regulations.
To verify your identity and ensure you are duly authorised to act on behalf of the company.
To publish and publicly display testimonials made by you regarding our services and products for promotional and marketing purposes.

Legal basis:

To take steps at your request before entering into a contract (i.e., to establish the Business Relationship with you).
To perform a contract with you or the company you represent.
Our legitimate interests in entering into and performing the Business Relationship with the company you represent.
To comply with applicable laws, including accounting and tax regulations.
Our legitimate interests in showcasing testimonials for potential clients.

‍b. Contact Data

Purposes:

To contact you regarding matters related to the Business Relationship.
To respond to your inquiry.
To contact you regarding our products and services.

Legal basis:

Our legitimate interest in achieving these purposes.
To take steps at your request before entering into a contract and, if you wish to enter into a Business Relationship with us, to perform such a contract.

c. Accounts Data

Purposes:

To communicate with visitors, participants, or subscribers.
To handle requests from visitors via the Accounts.
To gather statistical information about the reach of the Accounts.
To conduct customer surveys, marketing campaigns, market analyses, or other promotions and events.

Legal basis:

Our legitimate interest in achieving these purposes, in particular, our legitimate interest to:
- Establish a Business Relationship with the company you represent;
- Execute the relevant agreements (such as service agreements, non-disclosure agreements, etc.) with the company you represent in connection with the Business Relationship.
To take steps at your request before entering into a contract and, if you wish to enter into a Business Relationship with us, to perform such a contract.

d. Analytical and Marketing Data

Purposes:

To analyse the use of the Website.
To improve the user experience by enhancing the Website’s flow and interface.
To allow providers to create reports on the use of the Website, containing aggregated and anonymised information.

Legal basis:

Your consent.
Our legitimate interests to improve the use of the website, better understand behaviour and patterns of our users, and improve our lead generation.

7. How Long We Process Personal Data

As a general rule, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected. However, we may process certain personal data for a longer period if required:

to comply with our legal obligations under applicable law;
in connection with anticipated or ongoing legal proceedings; or
to protect our rights, legitimate interests, or those of third parties.

a. Business and Contact Data

If we entered into a Business Relationship with you or the company you represent: As long as the Business Relationship is active and for five (5) years after its termination.

If we did not enter into a Business Relationship but had discussions, and either party had access to confidential information: For the duration of the pending negotiations and as long as the confidentiality obligations are in effect.

If we did not enter into a Business Relationship and neither party had access to confidential information: For three (3) years after our last contact regarding the Business Relationship, or earlier if requested by either party.

We set these retention periods for the following reasons:

to retain business records in compliance with applicable laws;
to fulfill our contract with you;
to maintain information about you as a representative of your company;
create and maintain a lead or client database, allowing us to contact you or the legal entity you represent as a former or potential counterparty for the Business Relationship;
to protect our rights or the rights of third parties in case of a violation of confidentiality or other obligations related to the Business Relationship;
to resolve disputes or establish, exercise, or defend legal claims or lawsuits arising from or in connection with the Business Relationship.

‍b. Accounts Data

There is no set retention period for statistical and analytical information, as it does not allow us to identify any specific individual.

The personal data you provide us is stored until you or the respective social media platform deletes it.

Other personal data is processed for as long as necessary to fulfill the purposes for which it was collected, unless a different retention period is expressly stated in a consent form, privacy notice, or statement.

We may not be able to erase the personal data you provide through the platforms, and in such cases, the data will be processed until you or the respective platform deletes it.

c. Analytical and Marketing Data

We do not set a specific retention period for reports generated by cookie providers, as these reports are anonymised and do not contain any personal information.

Cookies are stored as follows:

_ga: 2 years.
_ga_<container_id>: 2 years.
_hjSessionUser_<site_id>: 1 year.
_hjSession_<site_id>: 30 minutes.

8. How We Share Personal Data

We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Notice, applicable laws, or with your consent, as needed to fulfill the purposes outlined in this notice or to comply with legal requirements.

If we share any of your personal data with third parties, we will take reasonable steps to ensure its protection through appropriate legal, organisational, and technical measures.

Depending on the purpose of the data processing, your personal information may be shared with the following categories of recipients:

Our personnel, contractors, and consultants who need the data to carry out their work, such as our legal department for paperwork or our finance team for processing payments.
Our partners who are involved in your project, such as design agencies or independent designers.
CRM systems and other data management and storage systems.
Support and technical teams.
Sales and marketing teams.
Email delivery service providers.
Analytical tool providers, such as Google Analytics and Hotjar.
Government authorities, if required to meet legal obligations or upon request.
Another person or entity in the case of business changes, such as a merger, acquisition, reorganisation, or liquidation.

Sometimes, we may transfer your personal data to countries that do not provide the same level of data protection as the laws of the European Economic Area or your country. If we transfer your personal data to such a country, we will implement suitable safeguards to ensure that your personal data remains protected and that your privacy rights are respected, as outlined in this Privacy Notice and the applicable laws. Generally, we will use Standard Contractual Clauses (special documents created by the European Commission) as a safeguard. If you would like to know whether your personal data is being transferred to a third country, please contact us.

9. Third-Party Services

While performing transactions with us, you may interact with third-party services, websites, and applications. These third parties may collect or share certain data about you.

We do not control these third-parties and are not responsible for their privacy practices. We recommend reviewing the applicable privacy policy of the third-party services you use.

10. Data Subject Rights

According to the applicable legislation, you may have the rights outlined below. To exercise these rights, we may ask for certain information to verify your identity and confirm your eligibility.

a. Data Access (Access Request):

You have the right to:

Ask whether we process your personal data.
Request details about how we process it and/or obtain a copy of the personal data we hold about you.
Verify that we are processing your data lawfully.

b. Rectification

If the personal data we hold about you is incomplete or inaccurate, you can request that we correct or complete it. We may need to verify the accuracy of any new information you provide.

c. Erasure (Right to Be Forgotten)

You can ask us to delete or remove your personal data if there is no valid reason for us to continue processing it. In particular, this right applies if:

You have successfully exercised your right to object to processing (see below).
We have processed your data unlawfully.
We are required by law to delete your personal data.

However, in some cases, we may not be able to fulfill your request due to legal or technical reasons. If this applies, we will inform you at the time of your request.

d. Object to Processing

You have the right to object to the processing of your personal data if we are relying on a legitimate interest and something about your situation makes you feel it affects your fundamental rights and freedoms. You can also object to the processing of your data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your data that override your rights and freedoms.

e. Restrict Processing

You can ask us to temporarily suspend the processing of your personal data in the following situations:

If you want us to verify the accuracy of the data.
If our use of the data is unlawful, but you do not want it erased.
If you need us to keep the data even if we no longer require it, for example, to establish, exercise, or defend legal claims.
If you have objected to our use of your data, but we need to determine whether we have overriding legitimate grounds to continue processing it.

f. Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format, either for yourself or for a third party of your choice. This right only applies to automated data that you initially provided consent for us to process or data we used to perform a contract with you.

g. Consent Withdrawal

If we are processing your personal data based on your consent, you have the right to withdraw it at any time.

h. Automated Decision-Making

Under the applicable legislation, you have the right not to be subject to decisions based solely on automated processing of data, including profiling, that produce legal effects or similarly significantly affect you.

Automated decision-making refers to the process of making decisions using automated means without human intervention. Even if a human inputs the data, the decision is still considered fully automated if it is carried out by an automated system.

Currently, we do not engage in automated decision-making based on your personal data, including profiling, that would produce legal effects or significantly impact you. If we plan to do so in the future, we will make every effort to inform you in advance.

i. Complaint

If you believe we have violated your rights or failed to meet our legal obligations, you can file a complaint with the relevant supervisory authority based on your location.

We are located in Estonia, therefore our regulatory authority is the Estonian Data Protection Inspectorate. You can find their contact information below:

Address: Tatari 39, Tallinn, 10134, Estonia.
Phone Number: +372 627 4135.
Email: info@aki.ee.

11. Child Personal Data

We do not knowingly market to, solicit, collect, process, or use personal data of children, meaning individuals under 18 years old or older if your country sets a higher age limit.

If we become aware that a child has provided us with personal information, we will make commercially reasonable efforts to delete it from our records.

If you are a parent or legal guardian and believe we have collected your child's personal information, please contact us.

12. Modifications

We regularly review and update our Privacy Notice. If we make any changes, we will update the "Last Updated" date at the top of this page. If there are significant changes to how we handle your personal information, we will notify you before they take effect.