Privacy Policy

How we collect, use, and protect your personal information

Last updated: September 18, 2025

Introduction

Lawato OÜ ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We comply with the European Union General Data Protection Regulation (GDPR) and Estonian data protection laws.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Fill out contact forms on our website
  • Subscribe to our newsletter
  • Request quotes or consultations
  • Communicate with us via email or other channels

This information may include:

  • Name and contact information (email address, phone number)
  • Company name and position
  • Project requirements and preferences
  • Communication history with our team

Technical Information

We automatically collect certain technical information when you visit our website:

  • IP address and geolocation data
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referring website
  • Cookie data (with your consent)

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide and improve our software publishing services
  • Communication: To respond to your inquiries and provide customer support
  • Marketing: To send promotional emails and newsletters (with your consent)
  • Analytics: To analyze website usage and improve user experience
  • Legal Compliance: To comply with applicable laws and regulations

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you have given explicit consent for specific purposes
  • Contractual Necessity: To fulfill contractual obligations or take pre-contractual steps
  • Legitimate Interests: For our legitimate business interests, provided they don't override your rights
  • Legal Obligation: To comply with legal requirements

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our website and conducting business
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

Data Security

We implement appropriate technical and organizational measures to protect your personal data against:

  • Unauthorized access or disclosure
  • Accidental loss or destruction
  • Malicious attacks
  • Unlawful processing

Our security measures include encryption, secure servers, regular security audits, and employee training on data protection.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law:

  • Contact Information: Retained for up to 3 years after last contact
  • Project Data: Retained for the duration of the project plus 7 years
  • Marketing Data: Until you unsubscribe or withdraw consent
  • Website Analytics: Anonymized after 26 months

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]

Cookies

We use cookies to enhance your browsing experience. For detailed information about our cookie usage, please see our Cookie Policy.

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Other appropriate safeguards as approved by data protection authorities

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top of this page
  • Sending an email notification for significant changes

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Lawato OÜ
Registration Number: 16324851

Email: [email protected]

Address:
Harju maakond, Tallinn
Mustamäe linnaosa
Mäealuse tn 2/1, 12618
Estonia

Data Protection Authority

You have the right to lodge a complaint with a supervisory authority. In Estonia, the competent authority is:

Estonian Data Protection Inspectorate
Website: www.aki.ee
Email: [email protected]