Privacy Policy

This Privacy Policy explains how INOVARE OÜ collects, uses, processes, and protects personal data collected through our website in accordance with the General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act.

A. Data Controller

Data Controller:
 INOVARE OÜ
Registry Code: 17289944
Registered Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Contact Email: hello@resnova.io
Website: [insert website URL]

B. Data We Collect and Purpose

We collect and process the following categories of personal data:

1. Contact Data

What we collect: Name, email address, phone number, company name, job title

Purpose:

  • To respond to inquiries submitted through our contact forms

  • To provide information about our services

  • To maintain business communications

Legal Basis:

  • Legitimate Interest (Article 6(1)(f) GDPR) - to respond to inquiries and conduct business communications

  • Contractual Necessity (Article 6(1)(b) GDPR) - to negotiate and perform contracts

  • Consent (Article 6(1)(a) GDPR) - where specifically requested for marketing communications

Retention Period: Contact information is retained for 3 years from the last interaction, or as long as required for contractual purposes.

2. Service and Contract Data

What we collect: Billing information, contract details, payment information, project specifications, correspondence

Purpose:

  • To fulfill contractual obligations

  • To process invoices and payments

  • For accounting and tax compliance

  • To maintain records as required by law

Legal Basis:

  • Contractual Necessity (Article 6(1)(b) GDPR)

  • Legal Obligation (Article 6(1)(c) GDPR) - Estonian Accounting Act requires 7-year retention

Retention Period: 7 years from the end of the relevant financial year (Estonian Accounting Act requirement), or longer if required for ongoing contractual obligations.

3. Technical Data

What we collect: IP address, browser type and version, device type, operating system, time zone setting, referring website, pages visited, time spent on pages

Purpose:

  • To ensure website security and prevent fraud

  • To analyze website traffic and improve user experience

  • To understand how visitors use our website

  • To maintain and improve website functionality

Legal Basis:

  • Legitimate Interest (Article 6(1)(f) GDPR) - for security, analytics, and website improvement

  • Consent (Article 6(1)(a) GDPR) - for non-essential analytics cookies

Retention Period: Technical data is retained for up to 26 months for analytics purposes, or as long as necessary for security incident investigation.

C. How We Use Your Data

We use your personal data only for the purposes stated above. We do not:

  • Sell your personal data to third parties

  • Use your data for purposes beyond those disclosed

  • Share your data except as described in Section E below

D. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies.

What are Cookies?

Cookies are small text files stored on your device when you visit our website. They help the website remember your preferences and understand how you interact with our site.

Types of Cookies We Use

Essential Cookies (Always Active)

Purpose: These cookies are strictly necessary for the website to function and cannot be disabled. Examples:

  • Session management cookies

  • Security cookies to prevent fraud

  • Cookie consent preference storage

Legal Basis: Legitimate Interest - these are required for the website to work properly.

Analytics Cookies (Optional - Requires Consent)

Purpose: Help us understand how visitors interact with our website by collecting anonymous information.
Examples:

  • Google Analytics (anonymized IP addresses)

  • Page view tracking

  • User journey analysis

What we track:

  • Pages visited and time spent

  • Geographic location (country/city level only)

  • Device and browser information

  • Traffic sources (how you found our site)

Legal Basis: Consent (Article 6(1)(a) GDPR)

Third-party processor: Google Analytics - data is processed according to Google's privacy policy and our Data Processing Agreement with Google. IP addresses are anonymized.

Functional Cookies (Optional - Requires Consent)

Purpose: Enable enhanced functionality and personalization.
Examples:

  • Language preferences

  • Remember your contact form inputs if you navigate away

  • Accessibility settings

Legal Basis: Consent (Article 6(1)(a) GDPR)

Managing Your Cookie Preferences

When you first visit our website, you will see a cookie consent banner with the following options:

  • Accept All - enables all cookies including analytics and functional cookies

  • Reject Non-Essential - only essential cookies will be used

  • Cookie Settings - customize which cookie categories you accept

You can change your cookie preferences at any time by:

  • Clicking the "Cookie Settings" link in the website footer

  • Clearing cookies through your browser settings

  • Using browser privacy extensions

Note: Rejecting essential cookies may affect website functionality.

Cookie Duration:

  • Session cookies: Deleted when you close your browser

  • Persistent cookies: Stored for up to 26 months (analytics) or until you delete them

E. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients:

Service Providers and Processors

We use trusted third-party service providers who process data on our behalf:

  • Cloud hosting providers (e.g., website hosting)

  • Email service providers (for business communications)

  • Analytics providers (Google Analytics - with anonymized IPs)

  • Accounting software providers (for invoicing and financial records)

  • Payment processors (for invoice payments)

All service providers:

  • Are contractually bound to protect your data (Data Processing Agreements in place)

  • May only use data for the specific purposes we authorize

  • Must comply with GDPR requirements

  • Are carefully selected and regularly reviewed

Legal Requirements

We may disclose your data if required to:

  • Comply with legal obligations or court orders

  • Protect our legal rights or defend against legal claims

  • Prevent fraud or other illegal activity

  • Protect the safety of individuals

International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses

  • Adequacy decisions by the European Commission

  • Other legally approved transfer mechanisms

F. Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

1. Right of Access (Article 15)

You can request a copy of the personal data we hold about you, including:

  • What data we process

  • Why we process it

  • Who we share it with

  • How long we keep it

2. Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • It's no longer necessary for the purposes collected

  • You withdraw consent (where consent was the legal basis)

  • You object to processing and there are no overriding legitimate grounds

  • The data was unlawfully processed

Limitation: We may be required to retain data for legal obligations (e.g., 7-year accounting retention requirement).

4. Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data in certain circumstances.

5. Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format and transmit it to another controller.

6. Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

7. Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

G. How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: hello@resnova.io
Subject Line: "GDPR Data Subject Request"

Please include:

  • Your full name

  • Contact information

  • Description of your request

  • Proof of identity (to prevent unauthorized disclosure)

Response Time: We will respond to your request within 30 days. If the request is complex, we may extend this by an additional 60 days and will inform you.

Free of Charge: Exercising your rights is free of charge, unless requests are manifestly unfounded or excessive.

H. Data Security

We implement appropriate technical and organizational measures to protect your data against:

  • Unauthorized access or disclosure

  • Accidental loss or destruction

  • Malicious attacks

Security measures include:

  • Encryption of data in transit (SSL/TLS) and at rest

  • Access controls and authentication requirements

  • Regular security assessments and updates

  • Staff training on data protection

  • Secure backup procedures

  • Incident response procedures

Despite our best efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

I. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the Estonian Data Protection Inspectorate within 72 hours

  • We will notify you directly without undue delay if the breach poses a high risk

  • We will provide information about the nature of the breach and steps we are taking

J. Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

K. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Our practices

  • Legal requirements

  • Technology

When we make material changes:

  • We will update the "Last Updated" date

  • We will notify you via prominent notice on our website

  • For significant changes, we may seek renewed consent where required

We encourage you to review this policy periodically.

L. Supervisory Authority

You have the right to lodge a complaint with the data protection supervisory authority:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
 Address: Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: www.aki.ee

M. Contact Us

If you have questions about this Privacy Policy or our data practices:

INOVARE OÜ
 Data Protection Contact: Andy Wright
Email: hello@resnova.io
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Registry Code: 17289944