Privacy Policy
General
As the operator of this website and as a company, we come into contact with your personal data. This
concerns all data that reveals something about you and by which you can be identified. In this privacy policy,
we would like to explain how, for what purpose and on which legal basis we process your data.
Responsible for the data processing (“data controller”) on this website and in our company is:
TechWebInnovations
Sepapaja tn 6
11415 Tallinn
Phone: 01763683426
E-mail: info@techwebinnovations.com
General Information
SSL or TLS encryption
When you enter your data on websites, place online orders or send e-mails via the Internet, you must always
be prepared for unauthorized third parties to access your data. There is no complete protection against such
access. However, we do our utmost to protect your data as best we can and to close security gaps as far as
we can.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you
transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the
Internet address entered in your browser and by the fact that our Internet address begins with https:// and not
with http://.
Encrypted payment transactions
Payment data, such as account or credit card numbers, require special protection. For this reason, payment
transactions made with the most common means of payment are carried out exclusively via an encrypted SSL
or TLS connection.
How long do we store your data?
In some parts in this privacy policy, we inform you about how long we or the companies that process your
data on our behalf will store your data. In the absence of such information, we store your data until the
purpose of the data processing no longer applies, you object to the data processing or you revoke your
consent to the data processing.
In the event of an objection or revocation, we may however continue to process your data if at least one of the
following conditions applies:
We have compelling legitimate grounds for continuing to process the data that override your interests,
rights and freedoms (only applies in the case of an objection to data processing; if the objection is to
direct marketing, we cannot provide legitimate grounds).
The data processing is necessary to assert, exercise or defend legal claims (does not apply if your
objection is directed against direct advertising).
We are required by law to retain your data.
In this case, we will delete your data as soon as the requirement(s) cease to apply.
Data transfer to the USA
On our website, we use tools from companies that transfer your data to the USA and store it there and, if
necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US
data protection framework. The decision establishes that the US ensures an adequate level of protection for
EU personal data transferred to US companies. This decision is based on new safeguards and measures put
in place by the US to meet data protection requirements. The adequacy decision includes, among other
things, restrictions and safeguards on access to data by US intelligence agencies. Binding safeguards were
introduced to limit US intelligence agencies’ access to what is necessary and proportionate to protect national
security. In addition, enhanced oversight of US intelligence activities was established to ensure that
restrictions on surveillance activities are respected. An independent redress mechanism has also been
established to handle and resolve complaints from European citizens about access to their data. The EU-US
data protection framework thus allows European companies to transfer data to certified US companies without
having to introduce additional data protection safeguards. A list of all certified companies can be found at the
following link: https://www.dataprivacyframework.gov/s/participant-search.
A change in the European Commission’s decision cannot be ruled out
Your rights
Objection to data processing
IF IT’S STATED IN THIS PRIVACY STATEMENT THAT WE HAVE LEGITIMATE INTERESTS FOR THE
PROCESSING OF YOUR DATA AND THAT THIS PROCESSING IS THEREFORE BASED ON ART. 6
PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO OBJECT IN ACCORDANCE WITH ART.
21 GDPR. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE
AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE REASONS FOR THE
OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASONS ARE REQUIRED IF
THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA.
THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING PREREQUISITS EXISTS:
WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT
OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
THE PROCESSING IS NECESSARY FOR ASSERTING, EXERCISING OR DEFENDING LEGAL
CLAIMS.
THESE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST THE USE OF
YOUR DATA FOR DIRECT ADVERTISING OR TO PROFILING RELATED TO IT.
Other rights
Withdrawal of your consent to data processing
Many data processing operations are based on your consent. You can give this consent, for example, by
ticking the appropriate box on online forms before you send the form, or by allowing the operation of certain
cookies when you visit our website. You may revoke your consent at any time without giving reasons (Art. 7
(3) GDPR). From the time of revocation, we may then no longer process your data. The only exception: we
are required by law to retain the data for a certain period of time. Such retention periods exist in particular in
tax and commercial law.
Right to complain to the competent supervisory authority
If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to
complain to a supervisory authority in accordance with Art. 77 GDPR. You may contact a supervisory authority
in the Member State of your residence, place of work or the place where the alleged infringement took place.
The right to complain exists alongside administrative or judicial remedies
Right to data portability
We must hand over data that we process automatically on the basis of your consent or in fulfillment of a
contract to you or a third party in a common machine-readable format if you request this. We can only transfer
the data to another “data controller” if this is technically possible.
Right to information, deletion, and correction of data
According to Art. 15 GDPR, you have the right to receive information free of charge about which of your
personal data we have stored, where the data came from, to whom we transmit the data and for what purpose
it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR), and under the conditions of
Art. 17 GDPR you may demand that we delete the data
Right to restriction of processing
In certain situations, according to Art. 18 GDPR, you may demand that we restrict the processing of your data.
The data may then – apart from storage – only be processed as follows:
with your consent
for the assertion, exercise or defense of legal claims
to protect the rights of another natural or legal person
for reasons of important public interest of the European Union or a Member State.
The right to restrict processing exists in the following situations:
You have disputed the accuracy of your personal data stored by us and we need time to verify this.
The right exists for the duration of the review.
The processing of your personal data is unlawful or was unlawful in the past. The right exists
alternatively to the deletion of the data.
We no longer need your personal data, but you need it to exercise, defend or assert legal claims. The
right exists alternatively to the deletion of the data.
You have filed an objection pursuant to Art. 21 (1) GDPR and now your interests and our interests
must be weighed against each other. The right exists as long as the result of the balancing of interests
has not yet been determined.
Hosting and Content Delivery Networks (CDN)
External hosting
Our website is hosted on a server of the following Internet service provider (hoster):
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen, Germany
Has a data processing agreement been concluded with the hoster or are standard contractual clauses (SCC) in place?
Yes
How do we process your data?
The hoster stores all the data from our website. This includes all personal data that is collected automatically
or through entering. This can be in particular: Your IP address, pages accessed, names, contact details and
requests, as well as meta and communication data. When processing data, our hoster adheres to our
instructions and always processes the data only insofar as this is necessary to fulfill the service obligation to
us.
On what legal basis do we process your data?
Since we address potential customers via our website and maintain contacts with existing customers, the data
processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 (1) lit. b) GDPR.
In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the
necessary requirements for security, speed and efficiency. In this respect, we also process your data on the
legal basis of Art. 6 (1) lit. f) GDPR.
Cloudflare
What is Cloudflare?
Content Delivery Network (CDN) with Domain Name System (DNS)
Who processes your data?
Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
Where can you find more information about Cloudflare’s privacy policy?
https://www.cloudflare.com/privacypolicy/
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How do we process your data?
We use the services of Cloudflare for our website. The global content delivery network ensures that all content
we provide online reaches you quickly, even if this involves moving large amounts of data over long distances.
This is made possible by the fact that Cloudflare, with all its technical capabilities and servers around the
world, is interposed between our website and your browser, analyzing the traffic, and filtering out malicious
data before it reaches our server. In doing so, Cloudflare also comes into contact with personal data collected
through our website. In addition, the company may use cookies or other technologies to recognize Internet
users. The data processing by Cloudflare always serves the sole purpose of enabling fast data traffic.
On what legal basis do we process your data?
We have a legitimate interest in providing visitors to our website with the fastest and most efficient online
experience possible. The data processing is therefore carried out on the legal basis of Art. 6 (1) lit. f) GDPR.
Data collection on this website
Server log files
Server log files log all requests and accesses to our website and record error messages. They also include
personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so
that we cannot assign the data to your person. The data is automatically transmitted to our provider by your
browser.
How do we process your data?
Our provider stores the server log files in order to be able to track the activities on our website and to locate
errors. The files contain the following data:
browser type and version
operating system used
referrer URL
host name of the accessing computer
Time of the server request
IP address (anonymized if necessary)
We do not combine this data with other data but use it only for statistical analysis and to improve our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest
to obtain an anonymized overview of the accesses to our website. Therefore, the data processing is lawful
according to Art. 6 (1) lit. f) GDPR.