Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data on this website is:

Fabrimo OU

Registered in the Republic of Estonia

Estonian Business Registry Code: [Registry Code]

Address: [Registered Address], Estonia

Email: hello@faprimo.com

Website: faprimo.com

If you have any questions about this Privacy Policy or how we process your personal data, please contact us at the email address above.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal data collected through our website faprimo.com and in the course of providing our services, including software development, web development, mobile application development, AI/automation solutions, consulting, and design services. It explains what data we collect, why we collect it, how we use it, and what rights you have.

3. Legal Basis for Processing (Art. 6 GDPR)

We process personal data only when we have a lawful basis to do so under the General Data Protection Regulation (GDPR). The legal bases we rely on include:

• Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent to process your data for a specific purpose, such as subscribing to a newsletter or accepting optional cookies.
• Performance of a Contract (Art. 6(1)(b) GDPR): Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract, such as responding to project enquiries or delivering our services.
• Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. This includes website analytics, fraud prevention, and improving our services.
• Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary to comply with a legal obligation to which we are subject, such as tax and accounting requirements under Estonian law.

4. Types of Personal Data We Collect

4.1 Data You Provide Directly

When you contact us, request a consultation, or engage our services, we may collect:

• Name and surname
• Email address
• Phone number
• Company name and position
• Project details and requirements you share with us
• Any other information you voluntarily provide in messages or forms

4.2 Data Collected Automatically

When you visit our website, we may automatically collect certain technical data:

• IP address (anonymised where possible)
• Browser type and version
• Operating system
• Referring URL and pages visited
• Date and time of access
• Device type and screen resolution

This data is collected through server log files and, where you have given consent, through analytics tools.

4.3 Cookies and Similar Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us provide and improve our services. We categorise cookies as follows:

• Strictly Necessary Cookies: Essential for the website to function. These do not require consent and cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website. These are only activated with your explicit consent.
• Marketing Cookies: Used to deliver relevant advertisements. These are only activated with your explicit consent.

You can manage your cookie preferences at any time through our cookie consent banner or your browser settings. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Purpose of Data Processing

We process your personal data for the following purposes:

• Responding to enquiries and providing requested information about our services
• Entering into and performing contracts for software development, web development, mobile app development, AI/automation, consulting, and design services
• Communicating with you about project progress and deliverables
• Sending invoices and processing payments
• Improving our website, services, and user experience
• Ensuring the security and integrity of our website and systems
• Complying with legal obligations, including tax and accounting requirements
• Sending marketing communications, only where you have opted in

6. Third-Party Services and Data Sharing

We do not sell your personal data to third parties. We may share your data with the following categories of recipients, only to the extent necessary:

6.1 Hosting and Infrastructure

Our website is hosted on servers provided by our hosting provider. These providers process data on our behalf under a Data Processing Agreement (DPA) in compliance with Art. 28 GDPR.

6.2 Analytics

Where you have given consent, we may use privacy-focused analytics tools to understand website usage. We configure analytics to anonymise IP addresses and minimise data collection.

6.3 Communication Tools

We may use email service providers and project management tools to communicate with you and manage projects. These processors are bound by DPAs and comply with GDPR.

6.4 Accounting and Legal

We share necessary data (invoicing details, contract information) with our accounting service provider and, where required, with legal advisors. This processing is based on our legal obligations or legitimate interests.

6.5 Other Disclosures

We may disclose your personal data where required by law, regulation, legal process, or enforceable governmental request, or where necessary to protect the rights, property, or safety of Fabrimo OU, our clients, or the public.

7. International Data Transfers

Fabrimo OU is established in Estonia, a member state of the European Union. We process and store personal data primarily within the European Economic Area (EEA).

In cases where personal data is transferred to countries outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards may include:

• Transfers to countries with an adequate level of data protection as determined by the European Commission (adequacy decisions)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other legally recognised transfer mechanisms under the GDPR

You may request information about the specific safeguards applied to any international transfer of your data by contacting us.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention periods are:

• Contact enquiries: Data from contact forms and enquiries is retained for up to 12 months after the last communication, unless a contractual relationship is established.
• Contractual data: Data related to contracts and projects is retained for the duration of the contractual relationship and for up to 7 years thereafter, in accordance with Estonian commercial and tax law.
• Invoicing and accounting data: Retained for 7 years as required by Estonian accounting legislation.
• Analytics data: Anonymised analytics data may be retained indefinitely. Identifiable analytics data is deleted or anonymised within 14 months.
• Marketing communications: Data for marketing purposes is retained until you withdraw consent or unsubscribe.

When personal data is no longer needed, we securely delete or anonymise it.

9. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR. You may exercise any of these rights by contacting us at hello@faprimo.com.

• Right of Access (Art. 15 GDPR): You have the right to obtain confirmation of whether we process your personal data and to request a copy of your data.
• Right to Rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal retention obligations.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
• Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

We will respond to your request without undue delay and in any event within one month. This period may be extended by two further months where necessary, taking into account the complexity of the request.

10. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Fabrimo OU is:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

Tatari 39, 10134 Tallinn, Estonia

Email: info@aki.ee

Website: www.aki.ee

You also have the right to lodge a complaint with the supervisory authority of the EU member state of your habitual residence, place of work, or place of the alleged infringement.

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption of data in transit using TLS/SSL
• Secure hosting infrastructure with regular security updates
• Access controls limiting data access to authorised personnel only
• Regular review of security practices and procedures
• Employee and contractor confidentiality obligations

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data.

12. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that data promptly.

13. Links to Third-Party Websites

Our website may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites. We encourage you to review the privacy policy of any website you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

If we make significant changes that affect the way we process your personal data, we will notify you through a prominent notice on our website or, where appropriate, by email.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Fabrimo OU

Email: hello@faprimo.com

Website: faprimo.com

Estonian Business Registry Code: [Registry Code]

Address: [Registered Address], Estonia