Privacy Policy

These terms apply to the website https://esrap.ee and its subpages. Last updated: 20.03.2026

1. Data Controller

The data controller is Esrap OÜ, registry code 17482196, address Harju maakond, Viimsi vald, Haabneeme alevik, Laanelinnu tee 3-12 , email info@esrap.ee, phone +372 555 2329.

2. What Data We Process

We may process the following personal data:
- identification and contact data (e.g., name, email, phone, company)
- e-commerce data (e.g., order details, delivery address, purchase history, customer account data)
- communication data (e.g., contact form, chatbot conversations, customer support correspondence)
- technical data (e.g., IP address, browser type, device info, logs)
- marketing data (e.g., direct marketing preferences, campaign responses)
- analytics data (aggregated usage statistics)

3. Processing Purposes and Legal Bases

We process data for the following purposes:
- conclusion and performance of contracts (e-commerce orders, delivery, customer service)
- accounting and compliance with legal obligations
- ensuring the website, service, and security
- sending direct marketing to existing customers
- marketing cookies and other consent-based tracking

4. Cookies and Analytics

We use:
- essential cookies (for website functionality);
- marketing cookies (only based on consent).
Cookie preferences can be changed at any time in the cookie manager. More information is available on the Cookie Policy page.

For analytics, we use self-hosted Plausible. Plausible is cookieless by default. If additional tracking technologies are introduced, this will be done according to consent choices.

5. Recipients and Processors

We use service providers that process data on our behalf:
- Hetzner Cloud (web hosting)
- Microsoft Outlook (email)
- Odoo (CRM, newsletter, accounting, chat)
- Shipit24 (delivery)

We may also disclose data to competent authorities when required by law.

6. Transfers Outside the EEA

We do not transfer data outside the European Economic Area.
If such a need arises exceptionally, we apply safeguards under GDPR Article 46 (e.g., European Commission standard contractual clauses).

7. Retention Periods

We retain data only as long as necessary:

- contact form and chatbot inquiries: up to 24 months

- customer communication correspondence: up to 36 months

- e-commerce order data: up to 3 years after the last purchase (except legal obligations)

- invoices and accounting documents: 7 years as required by law

- server security logs: up to 90 days

- direct marketing data: until objection or the end of the customer relationship

8. Data Subject Rights

You have the right to:

- receive information about data processing

- request access to data

- request correction of inaccurate data

- request deletion of data

- restrict processing

- object (especially to direct marketing)

- receive data in a portable format (where applicable)

- withdraw consent (if processing is based on consent)

You can opt out of direct marketing via the unsubscribe link in any marketing message or by contacting us.

9. Automated Decisions and Profiling

We do not make automated decisions or profiling that would have legal or similarly significant effects on you.

10. Children’s Data

The services are not directed to minors, and we do not knowingly collect children’s data.

11. Obligation to Provide Data

Providing certain data is necessary for contract performance. If you do not provide such data, we may not be able to provide the service (e.g., fulfill an order).

12. Security Measures

We apply appropriate technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction.

13. Filing a Complaint

If you believe your data has been processed unlawfully, you have the right to contact the Estonian Data Protection Inspectorate:

- web: https://www.aki.ee

- email: info@aki.ee

14. Changes to the Terms

We may update these terms from time to time. We publish the new version on the same page together with the update date.