Privacy Policy

Last updated: 2026-03-18

This Privacy Policy explains how Kontrastudio OÜ processes personal data in connection with this website, email communications, purchases, inquiries, and related business operations.

1. Data controller

Kontrastudio OÜ
Registry code: 17433973
Registered office: Sepapaja tn 6, 15551 Tallinn, Estonia
Contact email: studio@kontrastudio.eu

For privacy-related questions, requests, or complaints addressed directly to us, please contact: studio@kontrastudio.eu

2. What data we collect

We may collect and process the following categories of personal data:

  • Contact data, such as your name, email address, phone number, or professional affiliation if you provide them
  • Inquiry data, such as the contents of messages, attachments, project briefs, and correspondence
  • Transaction data, such as purchase details, invoice information, payment status, and order history
  • Technical data, such as IP address, browser type, device information, pages visited, and consent preferences
  • Service data, such as files, links, recordings, notes, or other materials you submit in connection with a product or service
  • legal and security data, such as logs necessary to protect the website, enforce rights, or comply with legal obligations

3. How we collect data

We collect data:

  • directly from you, for example when you email us, submit a form, place an order, or send files
  • automatically through the website, for example through server logs, consent tools, and cookies or similar technologies
  • from third-party service providers involved in hosting, payments, analytics, communications, or technical operations
  • from publicly available sources where relevant to a legitimate business inquiry or project context

4. Why we process your data, and legal bases

We process personal data for the following purposes:

  • to respond to inquiries and take steps prior to entering into a contract
  • to provide purchased products or contracted services
  • to manage orders, payments, invoicing, and customer support
  • to maintain website functionality, security, and fraud prevention
  • to improve website performance and understand usage patterns, where consent is required, on the basis of that consent
  • to comply with legal, accounting, and regulatory obligations
  • to establish, exercise, or defend legal claims where necessary

Where required, we rely on one or more legal bases under the GDPR, including contract performance, compliance with legal obligations, legitimate interests, and consent.

5. Recipients and categories of recipients

We may share personal data with the following categories of recipients where necessary:

  • website hosting and infrastructure providers
  • email and communication providers
  • payment processors and checkout providers
  • analytics, consent-management, and security providers
  • accountants, legal advisers, or other professional advisers
  • public authorities or regulators where disclosure is required by law

Where a third-party checkout or merchant-of-record service is used, the relevant checkout environment may provide additional privacy information applicable to that transaction.

6. International transfers

Where personal data is transferred outside the EEA, we will do so only where a lawful transfer mechanism applies, for example an adequacy decision or appropriate safeguards such as standard contractual clauses.

7. Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, and for any longer period required by law, accounting obligations, or the defence of legal claims.

Retention periods may vary depending on whether the data relates to an inquiry, an active customer relationship, a completed transaction, a legal obligation, or a security log.

8. Your rights

Subject to applicable law, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request deletion of data where deletion is legally available
  • request restriction of processing
  • object to certain processing
  • request portability of data where applicable
  • withdraw consent at any time, where processing is based on consent
  • lodge a complaint with the competent supervisory authority

If you are not satisfied with our response, you may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

9. Cookies and similar technologies

This website uses cookies and similar technologies. Some are strictly necessary for the operation of the site. Others are used only with your consent, depending on your choices in the consent banner.

For more detail, please see our Cookie Policy.

10. Third-party websites

This website may contain links to third-party websites or services. We are not responsible for their content, security, or privacy practices.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will always be published on this page with the updated date shown above.

This draft reflects the GDPR transparency baseline, including identity of the controller, purposes, categories of data, legal basis, recipients, retention, transfers, rights, and complaint route, all of which must be communicated clearly and accessibly.

Legal Disclosure

Disclaimer:
Despite careful control of content, we assume no liability for the content of external links.
The operators of linked pages are solely responsible for their content.