Privacy Policy

1. Introduction

Tehnolabs Systems OÜ ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our services or visit our website.

2. Data Controller

3. Information We Collect

3.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, company name
• Business Information: Job title, company size, industry, project requirements
• Technical Information: IP address, browser type, device information, cookies
• Project Data: Information provided during consultations and project development
• Communication Records: Emails, chat logs, meeting notes
• Payment Information: Billing address, payment method (processed by third-party payment processors)

3.2 Automatically Collected Information

We automatically collect certain information when you visit our website, including:

• Browser and device characteristics
• Operating system information
• Referring URLs and pages visited
• Time and date of access
• Usage patterns and interactions

4. How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: To provide AI solutions, software development, and consulting services
• Communication: To respond to inquiries, provide support, and send project updates
• Contract Performance: To fulfill our contractual obligations
• Business Operations: For invoicing, payment processing, and account management
• Improvement: To analyze and improve our services and website
• Legal Compliance: To comply with legal obligations and regulations
• Marketing: With your consent, to send newsletters and promotional materials
• Security: To protect against fraud, unauthorized access, and security threats

5. Legal Basis for Processing

Under GDPR, we process your data based on:

• Contract: Processing necessary to perform our contract with you
• Consent: You have given explicit consent for specific purposes
• Legitimate Interest: Our legitimate business interests (e.g., service improvement)
• Legal Obligation: Compliance with laws and regulations

6. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party vendors who assist in operations (hosting, analytics, payment processing)
• Subcontractors: Specialized developers or consultants working on your project (under NDA)
• Legal Authorities: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or asset sale

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. International Data Transfers

As we are based in Estonia (EU), your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards recognized under GDPR

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Active Projects: Duration of the project plus 3 years for warranty and support
• Financial Records: 7 years (as required by Estonian law)
• Marketing Consent: Until consent is withdrawn
• Website Analytics: 26 months

9. Your Rights

Under GDPR and other data protection laws, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Complain: Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@tehnolabs.com

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Employee training on data protection
• Secure development practices
• Incident response procedures

11. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Essential cookies for website functionality
• Analytics cookies to understand usage patterns
• Preference cookies to remember your settings

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such information, please contact us immediately.

14. Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

15. Regional Compliance

We comply with regional data protection regulations:

• EU/EEA: General Data Protection Regulation (GDPR) - See our GDPR Compliance page
• Saudi Arabia: Personal Data Protection Law (PDPL) - See our PDPL Compliance page

16. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be notified via email or website notice. The "Last updated" date at the top indicates when changes were last made.

17. Contact Us