Privacy Policy

Last updated: October 10, 2025

This Privacy Policy explains how Haxoris OÜ, Lõõtsa tn 5, 11415 Tallinn, Estonia (“we”, “us”, “our”) processes personal data when you use our website haxoris.com (the “Website”), contact us via our contact form, or interact with our services. It also explains your privacy rights and how the law protects you.

Controller: Haxoris OÜ, Lõõtsa tn 5, 11415 Tallinn, Estonia. Contact: [email protected]

1. What data we collect

When you use our contact form, we collect the following data you provide: first and last name, email address, and the content of your message (including any information you choose to include). We may also collect technical data generated by your use of the Website, such as IP address, browser type/version, pages visited, time and date of visit, time spent on pages, and device identifiers.

2. Purposes and Legal Bases (GDPR)

We process personal data only when we have a valid legal basis under Article 6 GDPR:

• Answering your inquiry / pre-contractual steps (Art. 6(1)(b)): to respond to your request submitted via the contact form, provide information about our services you asked about, or prepare a quote.
• Legitimate interests (Art. 6(1)(f)): to operate, secure and improve our Website, prevent abuse and fraud, maintain records of business communications, and defend our legal rights. We balance our interests against your rights and freedoms.
• Consent (Art. 6(1)(a)): to store your contact details for follow-up communications beyond your original inquiry or to send marketing/newsletters if you opt-in; and to place/use non-essential cookies (analytics/advertising). You can withdraw your consent at any time without affecting prior processing.

3. Cookies and similar technologies

On EEA/UK/Switzerland versions of the Website, we use non-essential cookies and similar technologies (including Microsoft Clarity and, where applicable, Microsoft Advertising) only with your prior consent. These tools capture behavioural metrics (e.g., heatmaps, session replays) to help us improve our services and, where enabled, may support advertising/retargeting.

• Analytics/marketing cookies are optional and load only if you accept them in our cookie banner.
• You can change or withdraw your choices anytime via the Cookie Settings link in the footer.
• For details about categories, lifetime and vendors, see our separate Cookies Policy.
• Learn more about Microsoft’s data practices in the Microsoft Privacy Statement.

4. Retention

We retain personal data only for as long as necessary for the stated purposes:

• Contact form correspondence: up to 12 months after the last interaction (unless longer needed to establish, exercise, or defend legal claims).
• Data processed based on consent (e.g., marketing): until you withdraw consent.
• Technical logs/security data: typically 6–12 months, unless needed longer for security or compliance.

After expiry, we securely delete or anonymise the data.

5. Recipients and processors

We share personal data only with trusted service providers acting on our instructions, such as web hosting, email delivery, analytics and IT maintenance providers, and only to the extent necessary to provide the Website/services. These processors are bound by data processing agreements and confidentiality and security obligations. We do not sell your personal data.

6. International data transfers

If personal data is transferred outside the EEA/UK/Switzerland (for example to service providers in countries that may not provide the same level of data protection), we ensure appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) and, where required, supplementary measures. You can contact us to obtain more information about applicable safeguards or a copy of the SCCs.

7. Your GDPR rights

Subject to conditions and exceptions under GDPR, you have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, and to object to processing based on our legitimate interests. You also have the right to data portability and to withdraw consent at any time where processing is based on consent. To exercise your rights, contact us at [email protected].

8. Security

We apply appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. However, no method of transmission over the Internet or electronic storage is 100% secure.

9. Children’s privacy

Our Website is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you are a parent/guardian and believe your child has provided us personal data, please contact us and we will take appropriate steps. Where consent is required by law and the data subject is under the relevant age threshold, we may require parental consent.

10. Links to other websites

The Website may contain links to third-party websites. We are not responsible for their content or privacy practices. We encourage you to review the privacy policy of every site you visit.

11. Contact and supervisory authority

If you have questions or wish to exercise your rights, contact us at [email protected]. You also have the right to lodge a complaint with a supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (AKI). Under GDPR you may also complain to your local authority.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last updated” date above. Where required by law, we will notify you by email and/or a prominent notice on the Website before changes take effect.