1. Introduction
Splintara OÜ (“Splintara”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard personal data when you visit our website or engage our services.
This policy is issued in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Estonian Personal Data Protection Act.
2. Data Controller
Splintara OÜ (Private limited company)
Harju maakond, Tallinn, Lasnamäe linnaosa, Peterburi tee 53, 11415, Estonia
Email: info@splintara-ou.com
Phone: +372 536 87111
3. Our Role: Data Controller or Data Processor
Splintara acts in two distinct roles, depending on the context. Different responsibilities under the GDPR apply to each:
- Data Controller — for personal data of website visitors, leads who submit our contact form, prospects, and our own clients (e.g., billing contacts). This Privacy Policy describes how we handle that data.
- Data Processor — when a Client provides personal data (user databases, customer lists, employee records, etc.) for us to process as part of a development, SEO, integration, or maintenance engagement. In that case, the Client is the Controller; we process such data only on the Client’s documented instructions and under a separate Data Processing Agreement (DPA) available on request. See also Section 17 (“Data Handling During Projects”) in our Terms of Service.
4. Personal Data We Collect
As Controller, we collect personal data that you provide directly to us or that is generated automatically when you interact with our Website:
- Contact details — name, email address, phone number.
- Project information — any details you share through our contact form, email, or during consultations.
- Technical data — IP address, browser type, device information, pages visited (via standard server logs and our hosting provider).
- Client-tool access — where engaged for SEO or integration work, the Client may grant us read access to platforms such as Google Analytics, Google Search Console, or similar tools. We view this data to perform the engagement but do not extract or store it beyond what is necessary for the report or task.
We do not collect special categories of personal data (such as data revealing racial or ethnic origin, health, religious beliefs, or biometric data).
5. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Responding to inquiries and preparing quotes | Pre-contractual measures — Art. 6(1)(b) |
| Delivering agreed services | Performance of a contract — Art. 6(1)(b) |
| Sending occasional updates about our services | Legitimate interests — Art. 6(1)(f) |
| Complying with legal obligations | Legal obligation — Art. 6(1)(c) |
| Ensuring website security and integrity | Legitimate interests — Art. 6(1)(f) |
6. Sub-processors
We rely on a small number of trusted service providers to operate our business. These act as our sub-processors (when we are a Processor) or as processors (when we are a Controller). All are bound by appropriate data-protection terms.
| Provider | Service | Location |
|---|---|---|
| Hostinger International Ltd. | Web hosting & SMTP for splintara.com | EU (Lithuania) |
| Cloudflare, Inc. | CDN, security, basic bot mitigation, email-link obfuscation | Global (SCCs in place) |
If we add analytics, marketing, or CRM tools in the future (for example, Google Analytics, Plausible, or a CRM platform), this list will be updated and visitors will be informed where required.
For Client engagements, sub-processors used to deliver the engagement (for example, the Client’s own hosting or CMS provider) are listed in the relevant DPA.
7. Sharing Your Data
We do not sell your personal data. We may share it with:
- The sub-processors listed in Section 6, acting under data processing agreements.
- Legal authorities when required by law or to defend our legal rights.
- Successors in the event of a merger, acquisition, or asset sale.
All recipients are required to protect your data to the standards set by this policy and applicable law.
8. International Transfers
Where possible, your data stays within the European Economic Area (EEA). Where a transfer outside the EEA is necessary — for example, when content is routed through Cloudflare’s global network — we rely on adequate safeguards, primarily Standard Contractual Clauses approved by the European Commission.
9. Data Retention
- Inquiries that do not result in a contract — up to 12 months.
- Active client records — for the duration of the engagement plus 7 years, for accounting and legal compliance under Estonian law.
- Server logs — up to 30 days.
- Client-provided personal data (Processor role) — returned or deleted at the end of the engagement, per the Client’s instructions.
10. Your Rights
Under the GDPR you have the right to:
- Access your personal data;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”);
- Restrict processing;
- Object to processing based on legitimate interests;
- Data portability — receive your data in a structured, machine-readable format;
- Withdraw consent at any time, without affecting prior lawful processing;
- Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or your local supervisory authority.
For data processed in our role as Processor (e.g., personal data held within a Client’s system we operate), please direct requests to the Client first; we will support the Client in responding.
To exercise rights regarding data we hold as Controller, email info@splintara-ou.com. We respond within 30 days.
11. Cookies
Our website uses cookies and similar technologies. See our Cookie Policy for details.
12. Security
We apply appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction — including encrypted transmission (HTTPS), access controls, principle-of-least-privilege within our team, and regular review of our systems.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be highlighted on this page, and active Clients affected by Processor-role changes will be notified directly.
14. Contact
For privacy questions or to exercise your rights:
Email: info@splintara-ou.com
Address: Splintara OÜ, Peterburi tee 53, 11415 Tallinn, Estonia