In case of any discrepancy between translations, the English version of this document shall prevail.

GDPR Compliance

Last updated: February 8, 2026

Tehnolabs Systems OÜ is committed to full compliance with the EU General Data Protection Regulation (GDPR). As an Estonian company operating within the European Economic Area, we adhere to the highest standards of data protection and privacy.

Our GDPR Commitment

We are fully committed to protecting your personal data and respecting your privacy rights under GDPR. Our compliance framework ensures:

Lawful Processing

All data processing has a lawful basis under GDPR

Transparency

Clear information about data collection and use

Data Minimization

We only collect necessary data

Security Measures

Strong technical and organizational safeguards

Your Rights Under GDPR

As a data subject, you have the following rights:

1. Right of Access (Article 15)

You can request a copy of your personal data we hold and information about how it's processed.

2. Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure (Article 17)

Also known as the "right to be forgotten" - you can request deletion of your personal data under certain circumstances.

4. Right to Restriction (Article 18)

You can request restriction of processing in certain situations.

5. Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format.

6. Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing.

7. Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated individual decision-making, including profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Send a request to our Data Protection Officer at dpo@tehnolabs.com
  2. Include your full name, contact information, and specific right you wish to exercise
  3. Provide sufficient information to verify your identity
  4. We will respond within 1 month (extendable by 2 months for complex requests)
  5. You will be informed if we cannot fulfill your request and the reasons why

Data Protection Principles

We process all personal data in accordance with GDPR principles (Article 5):

  • Lawfulness, Fairness, Transparency: Legal basis for all processing, fair and transparent operations
  • Purpose Limitation: Data collected for specified, explicit, legitimate purposes only
  • Data Minimization: Only necessary data is collected and processed
  • Accuracy: We keep personal data accurate and up to date
  • Storage Limitation: Data retained only as long as necessary
  • Integrity and Confidentiality: Appropriate security measures in place
  • Accountability: We demonstrate compliance with GDPR principles

Legal Basis for Processing

We process personal data under the following legal bases (Article 6):

  • Contract (Article 6(1)(b)): Processing necessary to perform our service agreement with you
  • Consent (Article 6(1)(a)): You have given clear consent for specific purposes
  • Legitimate Interest (Article 6(1)(f)): Our legitimate business interests (balanced against your rights)
  • Legal Obligation (Article 6(1)(c)): Compliance with legal requirements (e.g., tax, accounting)

Data Breach Procedures

In accordance with Article 33 and 34:

  • We will notify the Estonian Data Protection Inspectorate within 72 hours of becoming aware of a breach
  • You will be notified without undue delay if the breach poses a high risk to your rights and freedoms
  • Our incident response team follows established protocols for breach containment and mitigation
  • We maintain detailed documentation of all data breaches

Data Protection Officer

Our Data Protection Officer (DPO) oversees GDPR compliance and can be contacted at:

Data Protection Officer
Tehnolabs Systems OÜ
Email: dpo@tehnolabs.com

Supervisory Authority

Our lead supervisory authority is:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: www.aki.ee/en
Email: info@aki.ee
Phone: +372 627 4135

You have the right to lodge a complaint with the supervisory authority if you believe we have not complied with GDPR.

International Data Transfers

When transferring data outside the EEA, we ensure appropriate safeguards (Chapter V):

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules where applicable
  • Additional security measures and assessments as required

Privacy by Design and Default

We implement privacy by design and by default (Article 25) in all our systems and processes:

  • Privacy considerations integrated into product development from the outset
  • Default settings favor privacy and data protection
  • Data protection impact assessments (DPIAs) for high-risk processing
  • Regular privacy and security audits

Contact Information

For any questions about our GDPR compliance or to exercise your rights:

Tehnolabs Systems OÜ
Data Protection Officer: dpo@tehnolabs.com
General Privacy Inquiries: privacy@tehnolabs.com

Privacy PolicyTerms and ConditionsPDPL Compliance