Operational IT support for companies operating in Estonia

Contact
ENETRU
Back to Home

Privacy Policy

Effective Date: 25.05.2018

Last Updated: 08.09.2024

1. Introduction

Advisetree OÜ ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our managed IT services or visit our website.

As a company operating in Estonia and providing services across the EU, we comply with the General Data Protection Regulation (GDPR) and Estonian Personal Data Protection Act.

2. Contact Information

Data Controller:

Advisetree OÜ

Registry Code: 12989921

Tartu mnt 43

10128 Tallinn, Estonia

Contact:

Email: info@advisetree.com

Phone: +372 6330256

Website: https://advisetree.com

3. Types of Personal Data We Collect

3.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, job title
  • Account Information: Login credentials for service portals and ticketing systems
  • Communication Data: Contents of emails, support tickets, chat messages, and phone calls
  • Service Requests: Technical requirements, IT infrastructure details, business needs

3.2 Information We Collect Automatically

  • Website Usage Data: IP address, browser type, device information, pages visited, time spent
  • Service Performance Data: System logs, performance metrics, uptime statistics
  • Security Information: Access logs, authentication attempts, security incident data

3.3 Information from Third Parties

  • Microsoft 365/Azure Data: User accounts, licensing information, configuration settings (as your IT service provider)
  • Vendor Information: Technical specifications, support communications from hardware/software vendors

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide managed IT services as outlined in our service agreements
  • Legitimate Interests: To improve our services, ensure security, and maintain business operations
  • Legal Obligation: To comply with cybersecurity regulations, data retention requirements, and tax laws
  • Consent: When you voluntarily subscribe to marketing communications or provide feedback

5. How We Use Your Personal Data

5.1 Service Delivery

  • Providing managed IT services including service desk, onboarding/offboarding, and system administration
  • Managing Microsoft 365/Azure environments and user accounts
  • Implementing and maintaining cybersecurity measures
  • Responding to support requests and technical incidents
  • Conducting environment audits and assessments

5.2 Communication and Reporting

  • Sending service updates, maintenance notifications, and security alerts
  • Providing monthly reports and QBR (Quarterly Business Review) meetings
  • Communicating with headquarters and stakeholders as required
  • Documentation and knowledge base maintenance

5.3 Business Operations

  • Invoicing and payment processing
  • Vendor management and procurement coordination
  • Compliance monitoring and audit preparation
  • Service improvement and optimization

5.4 Marketing (with consent)

  • Sending newsletters and service updates
  • Sharing relevant industry insights and best practices
  • Promoting additional services that may benefit your organization

6. Data Sharing and Disclosure

6.1 Service Providers and Partners

We may share personal data with trusted third parties who assist in service delivery:

  • Microsoft: For 365/Azure administration and licensing
  • Technology Vendors: For hardware/software support and maintenance
  • Subcontractors: For specialized technical services (under strict confidentiality agreements)

6.2 Legal Requirements

We may disclose personal data when required by law, regulation, or court order, or to:

  • Protect our rights and property
  • Investigate suspected fraud or security incidents
  • Comply with Estonian or EU legal obligations

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity, subject to the same privacy protections.

7. International Data Transfers

As we serve international companies with operations in Estonia and other EU/UK jurisdictions:

  • EU/EEA: Data transfers within the EU/EEA are covered by GDPR adequacy
  • UK: Transfers are made under adequacy decisions or appropriate safeguards
  • Other Countries: Any transfers to third countries will use appropriate safeguards such as Standard Contractual Clauses

8. Data Retention

We retain personal data for different periods based on the type of information and legal requirements:

  • Service Data: During the contract period plus 7 years (Estonian commercial law requirement)
  • Financial Records: 7 years from the end of the financial year
  • Security Logs: 12 months unless required for ongoing investigations
  • Marketing Communications: Until consent is withdrawn
  • Website Analytics: 26 months maximum

9. Data Security

We implement comprehensive security measures including:

  • Technical Safeguards: Encryption, access controls, secure networks, multi-factor authentication
  • Organizational Measures: Staff training, confidentiality agreements, incident response procedures
  • Physical Security: Secured offices and data centers with restricted access
  • Regular Audits: Security assessments and compliance monitoring

10. Your Rights Under GDPR

As a data subject, you have the following rights:

10.1 Access and Portability

  • Request access to your personal data
  • Receive a copy of your data in a portable format

10.2 Correction and Completion

  • Request correction of inaccurate personal data
  • Request completion of incomplete data

10.3 Erasure and Restriction

  • Request deletion of personal data (subject to legal retention requirements)
  • Request restriction of processing in certain circumstances

10.4 Objection and Consent

  • Object to processing based on legitimate interests
  • Withdraw consent for marketing communications at any time

10.5 Complaints

  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

11. Cookies and Website Analytics

Our website uses:

  • Essential Cookies: For basic website functionality
  • Analytics Cookies: We use Vercel Analytics to understand website usage with privacy-focused, anonymized data that doesn't track individual users
  • Performance Cookies: To optimize website loading and functionality

Vercel Analytics: We use Vercel Analytics which is designed to be privacy-friendly and GDPR compliant. It collects anonymized usage data without using cookies or tracking individual users across sessions. For more information, see Vercel's privacy policy at https://vercel.com/legal/privacy-policy.

You can manage cookie preferences through your browser settings.

12. Data Protection Contact

For data protection matters and privacy inquiries, you can contact us at:

Data Protection Contact:

Email: info@advisetree.com

Phone: +372 6330256

13. Children's Privacy

Our services are designed for business use and we do not knowingly collect personal data from individuals under 16 years of age.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via email or website notice.

15. Contact Us

For privacy-related questions, requests, or concerns, please contact us:

Email: info@advisetree.com

Phone: +372 6330256

Mail: Advisetree OÜ, Tartu mnt 43, 10128 Tallinn, Estonia

For urgent security matters, please use our priority contact channels outlined in your service agreement.

Language Availability: This Privacy Policy is available in English, Estonian, and Russian upon request.

Governing Law: This Privacy Policy is governed by Estonian law and GDPR regulations.