+372 610 42 52

Privacy Policy

This Privacy Policy (hereinafter “Policy”) sets out the procedure by which the website administrator collects, stores, uses, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Estonia.

 

1. General Provisions

This Policy contains information about what personal data of yours is collected and processed when visiting the website and using its functions, as well as explains the purposes and legal bases of such processing in accordance with the GDPR and applicable law.

The following key terms, corresponding to those defined in the GDPR, are used in this document:

 

2. Key Definitions

Personal Data – any information relating to an identified or identifiable natural person.

 

Processing of Personal Data – any operation or set of operations performed on personal data, including, but not limited to:

  • collection, recording, organisation, structuring, storage, adaptation or alteration;
  • downloading, viewing, use;
  • disclosure by transmission, dissemination or otherwise making available;
  • comparison or combination;
  • restriction, erasure or destruction.

Controller – a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Processor – a natural or legal person who processes personal data on behalf of the controller.

Data Subject – a natural person whose personal data is processed.

Data Subject’s Consent – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she signifies agreement to the processing of personal data relating to him or her.

Cookies – small text files that a website stores on a user’s device to store information about the user’s activities or preferences.

Please note that data transmission over the internet (e.g., when communicating via email) may involve security risks, and complete protection against third-party access cannot be guaranteed. Detailed information on the processing of personal data and the measures implemented for their protection is provided in the subsequent sections of this document.

 

3. Data Collection on This Website
3.1. Who is Responsible for Data Collection

Definition:
Controller – a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.) and is responsible for the processing of the data subject’s personal data.

Controller’s Contact Information on This Website:
Parallel Ideas OÜ
Registry Code: 11767041
Address: Harju County, Jõelähtme Parish, Kostivere village, Jõe street 4-8, 74204, Estonia
Phone: +372 610 4252
Email: info@parallel-ideas.ee

Inquiries regarding personal data processing:
You may submit requests concerning the processing of your personal data and notifications of possible infringements related to this website or the provision of services to the aforementioned email address.

We undertake to review the inquiry and provide a response no later than 30 calendar days from its receipt, in accordance with GDPR Article 12.

3.2. How We Collect Your Data

Your data is collected, on the one hand, when you provide it to us yourself. This may include:

  • data you enter into the website’s contact form;
  • data you provide to us via email;
  • data you provide by phone;
  • data you provide by checking the relevant checkboxes in forms (e.g., newsletter subscription);
  • data you enter when submitting an order or service request;
  • other data that you voluntarily provide during the use of our services.

Other data is collected automatically by our IT systems or with your consent when visiting the website. This may include:

  • technical data: internet browser, browser version, operating system, device type (computer, smartphone, tablet), screen resolution, system language, IP address, website access time, session duration;
  • data on website usage behavior: pages visited, clicks on elements, navigation sequence, interaction duration with content;
  • location data (based on IP address or other geolocation technologies);
  • data on traffic source: referrer (the page you came from), search query used, or advertising campaign;
  • download and error data: files you have downloaded, errors when loading pages or applications.

3.3. Purposes of Using Your Data

We collect and process your personal data solely for the following purposes:

  • Provision of Services and Support: to fulfill contractual obligations, communicate with you within the scope of projects, and process your inquiries;
  • Improvement of Our Website and Services: to analyze website usage to enhance user experience and service quality;
  • Marketing and Customer Communication: only with your consent, for example, to send newsletters and special offers or display advertisements;
  • Fulfillment of Legal Obligations: to comply with tax, accounting, and other legal regulations;
  • Ensuring Security: to protect our IT systems and prevent misuse.

3.4. Legal Bases for Processing Personal Data

In accordance with GDPR Article 6, we process your personal data only if at least one of the following legal bases exists:

Consent (Article 6(1)(a) GDPR): if you have given us your voluntary, specific, informed, and unambiguous consent, we process your data only to the extent of that consent. This may include, for example:

  • newsletter subscription;
  • use of non-essential cookies;
  • submission of information via feedback forms outside of contractual relationships.

Performance of a Contract or Pre-contractual Measures (Article 6(1)(b) GDPR): we process your data if it is necessary:

  • for the performance of a contract to which you are a party (e.g., website development, consultation);
  • to take steps at your request prior to entering into a contract (e.g., preparing an offer).

Compliance with a Legal Obligation (Article 6(1)(c) GDPR): processing may be necessary for compliance with our legal obligations, such as:

  • for retaining accounting documents for the period prescribed by law;
  • for responding to mandatory inquiries from state authorities.

Legitimate Interest (Article 6(1)(f) GDPR): in certain cases, data processing may occur based on our legitimate interest, if:

  • it is necessary for the secure, efficient, and reliable operation of our website;
  • we conduct limited customer communication after project completion;
  • we analyze user behavior on the website for optimization purposes.

In such cases, we always conduct an assessment to ensure that the interests, fundamental rights, and freedoms of the data subject do not override our legitimate interest. You have the right to object to such processing at any time on grounds relating to your particular situation.

 

4. List of Personal Data Processed

We collect and process the following personal data of our clients and website users:

  • contact details (first and last name, email address, phone number);
  • data submitted via feedback forms and requests;
  • company data (name, address, legal details);
  • IP address and location data, if necessary for service improvement and security;
  • data collected via cookies and other tracking technologies on the website;
  • data voluntarily provided during consultations, contract performance, and communication with us;
  • information necessary for invoicing and fulfilling contractual obligations;
  • technical data about the user’s browser and device (browser type, version, operating system).

All data is processed only to the extent necessary to achieve the purposes set out in this privacy policy.

 

5. Personal Data Retention Periods

Unless a more specific retention period is stipulated in these terms, your personal data will be retained until the purpose for data processing is no longer relevant (GDPR Article 5(1)(b)).

After the processing is completed or the contract ends, mandatory retention periods stipulated in the laws of the Republic of Estonia may apply: business documentation and accounting records – up to 7 years; correspondence – up to 6 years.

If you exercise your right to erasure of personal data or withdraw your consent for their processing, we will delete the respective data, unless their further retention is necessary on other legal grounds (e.g., to comply with mandatory retention periods stipulated in Estonian laws). In such a case, deletion will occur after the expiry of the respective retention period or the cessation of other legal grounds.

 

6. Data Subject Rights

In accordance with the General Data Protection Regulation (GDPR), you, as a data subject, have the following rights:

6.1. Right to Rectification

You have the right to demand the immediate rectification or completion of inaccurate or incomplete personal data that we process.

6.2. Right to Erasure (“Right to be Forgotten”)

You have the right to request the erasure of your personal data if there is no legal basis for their processing (e.g., for fulfilling a legal obligation).
You will be informed of the fulfillment of your request within the period prescribed by law (generally no later than 30 calendar days).

6.3. Right personal data processing restriction

You have the right to request the restriction of processing of your personal data (GDPR Article 18). To exercise this right, you may contact us at any time.

The right to restriction of processing applies in the following situations:

  • if you contest the accuracy of personal data held by us – you have the right to request restriction of processing for the period of verification;
  • if your personal data has been or is being unlawfully processed – you may request restriction of processing instead of erasure;
  • if we no longer need your personal data, but they are required by you for the establishment, exercise, or defense of legal claims – you have the right to request restriction of processing;
  • if you have objected to processing pursuant to GDPR Article 21(1) and there is a need to verify whether our legitimate grounds override yours.

If the processing of your personal data is restricted, they may – with the exception of storage – only be processed:

  • with your consent;
  • for the establishment, exercise, or defense of legal claims;
  • for the protection of the rights of another natural or legal person;
  • for reasons of important public interest of the European Union or of a Member State.

6.4. Right to Withdraw Consent

You have the right to withdraw your consent for the processing of personal data at any time through the following methods:

  • unsubscribing from newsletters via the “Unsubscribe” link in emails;
  • changing cookie settings via the banner or browser settings;
  • contacting us via the contact details provided in the “Who is Responsible for Data Collection” section.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6.5. Right to Data Portability

You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance from us, where technically feasible.

6.6. Right to Object to Data Processing

You have the right to object at any time to the processing of your personal data if the processing is based on legitimate interest (GDPR Article 6(1)(e) or (f)), for example, for analysis or profiling purposes.
We will cease processing if we cannot demonstrate compelling legitimate grounds.

If your data is used for direct marketing purposes, you have the right to object to this at any time. In such a case, your data will no longer be used for advertising purposes.

6.7. Right to Lodge a Complaint with a Supervisory Authority

In the event of a GDPR infringement, you have the right to lodge a complaint with a supervisory authority in accordance with GDPR Article 77, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement within the European Union.

In Estonia, the competent supervisory authority is:

Estonian Data Protection Inspectorate
Address: Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: www.aki.ee

 

7. Cookies

Our websites use so-called cookies.

When you first visit the website, a cookie banner will be displayed, providing information about the use of cookies and allowing you to give consent for their use or set your preferences.

Cookies are small text files that do not harm your device. They are stored on your device either temporarily during a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your website visit ends. Persistent cookies remain on your device until you delete them yourself or until they are automatically removed by your web browser.

Sometimes third-party cookies may also be stored on your device (third-party cookies) by our website visit. These allow us or you to use certain third-party services (e.g., payment processing cookies).

Cookies fulfill various functions. Many cookies are technically necessary, as certain website functions do not work without them (e.g., displaying videos). Other cookies are used to analyze user behavior or display advertisements.

Cookies that are necessary for carrying out electronic communication (necessary cookies) or for providing certain functions requested by you (functional cookies) or for website optimization (e.g., web analytics cookies), are stored on the basis of GDPR Article 6(1)(f), unless another legal basis is provided. The website administrator has a legitimate interest in storing cookies to ensure technically flawless and optimized service provision.

If consent has been requested for storing cookies, the respective cookies are stored solely on the basis of that consent (GDPR Article 6(1)(a)). Consent can be withdrawn at any time.

You can configure your browser to inform you about the use of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies in certain situations or entirely, and to activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of the website may be limited.

If cookies are used by third parties or for analytical purposes, we will inform you separately within the framework of this privacy policy and, if necessary, ask for your consent.

Server Logs

The website service provider automatically collects and stores information in so-called server logs, which your browser automatically transmits to us. This data includes:

  • browser type and version;
  • operating system used;
  • referrer URL;
  • hostname of the accessing computer;
  • time of the server request;
  • IP address.

8. Third-Party Services and Analytics Tools Used

8.1. Cookie Banner CookieYes

Service Provider:
CookieYes Limited
Address: 3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom

Purpose of the Service:

managing user consent for the use of cookies on our website.

Operating Principle:

  • upon entering our website, CookieYes stores a cookie in your browser;
  • the cookie contains data about your choice: consent or refusal; date; IP address;
  • this data is not transferred to third parties.

Data Processing:

  • the plugin does not process personal data in terms of its transfer or use by third parties;
  • all information about your choice is stored locally in the browser as a cookie.

User Rights:

  • You can change or withdraw your consent at any time by clicking the “Cookie Settings” button, located at the bottom of the website.

CookieYes Privacy Policy:
https://www.cookieyes.com/privacy-policy/

8.2 Google Analytics

Service Provider:
Google Ireland Limited
Address: Gordon House, Barrow Street, Dublin 4, Ireland

Purpose of the Service:

  • analyzing website usage using cookies.

Operating Principle:

  • Google Analytics uses cookies, which enable the analysis of your website usage;
  • information collected by cookies (including your abbreviated IP address) is usually transmitted to and stored on Google’s servers in the United States;
  • we use IP address anonymization – your IP address is truncated beforehand in member states of the European Union or the European Economic Area.

Your Rights:

  • You have the right to withdraw your consent at any time.

Google’s Privacy Policy:
https://policies.google.com/privacy?hl=et

8.3 Divi’s Basic Captcha

Service Provider:
Elegant Themes
Address: 977 West Napa Street #1002, Sonoma, CA 95476, USA

Purpose of the Service:

  • protecting contact forms from automated submissions (bots);
  • preventing misuse;
  • ensuring the technical security of the website.

Specifics of Divi’s Basic Captcha operation:

  • operates locally;
  • does not use third-party APIs or external servers;
  • does not transmit or store personal data with third-party service providers;
  • the check is performed entirely in the user’s browser.

Scope of Data Processing:

  • processing is limited solely to the verification of functional input.

Elegant Themes’ Privacy Policy:
https://www.elegantthemes.com/policy/privacy/

8.4 Google Maps

Service Provider:
Google Ireland Limited
Address: Gordon House, Barrow Street, Dublin 4, Ireland

Purpose of the Service:

  • displaying our studio’s location on a map in real-time.

Specifics of Operation:

  • when using the map, your IP address may be transmitted to Google;
  • during the use of the service, cookies may be set and used.

Google’s Privacy Policy:
https://policies.google.com/privacy?hl=et

8.5. Third-Party Platforms (WhatsApp, Telegram, Threads, LinkedIn)

Our website may use hyperlinks, buttons, icons, or widgets that lead you to external platforms or chats:

  • WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Telegram (Telegram Messenger LLP, London, United Kingdom)
  • Threads (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

These elements (icons, buttons, etc.) are implemented as simple links, which are activated only upon your click.

Possible data transfer to platforms:

  • IP address;
  • data about your browser and operating system;
  • the address of the page from which the redirection occurred;
  • your user account identifier on the respective platform (if you are logged in).

Important: we have no influence whatsoever on the further processing of this data by the respective service providers.

Data processing is carried out according to the terms and privacy policies of these platforms. Redirection to such links occurs only at your own request and initiative.

Recommendation: before using such functions, we ask you to familiarize yourself with the privacy policies of the respective platforms.

Third-Party Platform Privacy Policies:

WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea

Telegram: https://telegram.org/privacy

Threads (Meta): https://privacycenter.instagram.com/policy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

8.6 MailerLite

Service Provider:
MailerLite Limited
Address: 88 Harcourt Street, Dublin 2, D02 DK18, Ireland

Purpose of the Service:

  • Delivery of newsletters and special offers.

Operating Principle:

  • Data is processed on MailerLite servers solely based on your given consent.

Data Processed:

  • email address;
  • name (if provided);
  • IP address;
  • information about interaction with emails (opens, clicks).

Your Rights:

You can unsubscribe from the newsletter at any time by clicking the “Unsubscribe” link at the bottom of the email.

MailerLite Privacy Policy:
https://www.mailerlite.com/legal/privacy-policy

8.7 Web Hosting

Service Description:
We use a service provider to host our website. The website is located on the service provider’s servers and is thus accessible via the internet (web hosting).

Data Processing by the Service Provider:
The service provider may process all data that your browser transmits and that arises from the use of our website. This includes, in particular:

  • Your IP address – necessary for delivering our web service to your browser;
  • all entries you make via our website.

In addition, the service provider may collect the following data:

  • date and time of access to our website;
  • time zone difference from Greenwich Mean Time (GMT);
  • access status (HTTP status);
  • volume of data transferred;
  • internet service provider of the access system;
  • type and version of the browser used;
  • operating system used;
  • the website from which you may have accessed our website;
  • the pages or subpages of our website that you visit.

Data Storage:
The above data is stored as log files on our service provider’s servers. This is necessary to ensure the reliability and security of our website.

Data Processed:

  • content-related information (e.g., posts, photos, videos);
  • usage data (e.g., access time, visited websites);
  • communication data (e.g., information about the device used, IP address).

Data Subjects:

  • users of our website.

Purpose of Processing:

  • displaying and ensuring the functionality of our websites.

Web hosting ordered by us:
Service Provider: Zone Media OÜ
Address: Lõõtsa tn 5, 11415 Tallinn, Estonia
Privacy Policy: https://www.zone.ee/en/zone-media-ou-privacy-policy/

9. Personal Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction in accordance with GDPR requirements and applicable Estonian law.

9.1 Technical Security Measures

  • Protection of data transmission via the website using a secure HTTPS protocol (SSL/TLS).
  • Implementation of firewalls and intrusion prevention systems.
  • Regular software updates, including CMS, plugins, and server software.
  • Data storage on servers with restricted physical and remote access.
  • Data backup with secure storage of backup copies.
  • Limiting the number of access points and monitoring system activity.

9.2 Organizational Security Measures

  • Access to personal data is restricted to authorized employees or contractual partners who are bound by confidentiality obligations.
  • Employee training on personal data processing and protection rules.
  • Conclusion of Data Processing Agreements in accordance with GDPR Article 28.
  • Implementation of internal password and access management policies.

9.3 Physical Protection

  • Servers are located in data centers with controlled physical access, video surveillance, and access card-based authorization.
  • Restricting unauthorized access to devices on which personal data is processed.

9.4 Security Control and Audit

  • Periodic review and testing of security measures.
  • Updating protection measures in accordance with technical changes or legal requirements.
  • Responding to security incidents within established deadlines and, if necessary, notifying supervisory authorities and data subjects in accordance with GDPR Articles 33–34.

10. Cross-Border Data Transfer

The processing and storage of your personal data primarily takes place on servers located in the European Union (EU) or the European Economic Area (EEA).

Data transfer outside the EU/EEA may only occur in the following cases:

  • When using Google Analytics and Google Maps services (service provider: Google Ireland Limited, possible data processing on Google LLC servers in the USA);
  • When sending newsletters via MailerLite (service provider: MailerLite Limited, Ireland; in certain cases, data transfer to third countries may occur due to technical necessity).

In all other cases, cross-border data transfer does not occur.

 

11. Changes to the Privacy Policy

We reserve the right to amend or supplement this privacy policy at any time to align it with legal changes or technical modifications on our website.

The current version is always available on our website.

Last updated: August 11, 2025