Privacy policy
This privacy policy explains what personal data Orline OÜ collects, how it uses and protects it. Data processing is carried out in accordance with the General Data Protection Regulation (EU 2016/679, GDPR) and Estonian law.
1. Data controller
Orline OÜ
VAT no.: EE102383984
Address: Metsakuru tee 13, Salmistu village, 74629 Kuusalu parish, Estonia
Email: info@orline.ee
Phone: +372 50 59 799
2. What data we collect
2.1 Contact form data
When you send us an inquiry via the contact form, we collect the following data:
- name
- email address
- phone number (optional)
- message content
- time and IP address of the request (for security and spam prevention)
2.2 Web analytics
If you consent, we use Google Analytics to understand how visitors use our website. The data is aggregated and does not allow you to be personally identified. IP addresses are anonymised.
See our cookie policy for more details.
2.3 Technical logs
Web server logs (provided by Zone.ee hosting) retain request IP addresses and URLs for a short period. They are used only for security and troubleshooting.
3. Legal basis for processing
- Consent (GDPR art 6(1)(a)): analytics cookies, marketing communications.
- Contract performance (GDPR art 6(1)(b)): when you contact us via inquiry, we process data to respond and to prepare a potential offer.
- Legitimate interest (GDPR art 6(1)(f)): website security, spam prevention.
- Legal obligation (GDPR art 6(1)(c)): accounting requirements (invoices retained for 7 years).
4. Data retention period
- Contact form messages: up to 24 months or until the inquiry is resolved.
- Customer data (in case of established cooperation): up to 7 years after the last transaction (per Accounting Act).
- Analytics data (Google Analytics): up to 14 months.
- Cookie consent: up to 12 months.
5. To whom we transfer data
We do not sell or rent your data to third parties. We share data only with the following authorised processors:
- Zone Media OÜ (Zone.ee) — web hosting and email (Estonia, EU).
- Google LLC — Google Analytics (USA, EU Standard Contractual Clauses). Data is anonymised.
6. Your rights
The GDPR grants you the following rights:
- Right of access — to obtain information about data stored about you.
- Right to rectification — to request correction of inaccurate data.
- Right to erasure ("right to be forgotten") — to request deletion of your data when there is no legal basis to retain it.
- Right to restrict processing — to request restriction of data processing.
- Right to portability — to receive your data in a structured form.
- Right to object — to object to data processing.
- Right to withdraw consent — to withdraw consent previously given.
To exercise these rights, contact us: info@orline.ee. We respond within 30 days.
7. Data protection supervisory authority
If you believe we have violated your rights, you have the right to contact the Estonian Data Protection Inspectorate: www.aki.ee.
8. Data security
We apply reasonable technical and organisational measures to protect data against loss, misuse, access, disclosure or modification:
- SSL encryption (HTTPS) for all data transmission.
- Password hashing (bcrypt) for the admin system.
- Brute-force protection (IP-based throttling of login attempts).
- Regular backups (Zone.ee).
9. Changes to the privacy policy
We reserve the right to update this document from time to time. Material changes will be published on our website. We recommend reviewing this document periodically.