[email protected]
Mon - Fri. 8:00 am - 5:00 pm
left-img

Crowdy OÜ is committed to protecting the privacy and personal data of its users. We process your personal data solely in accordance with the applicable data protection legislation Estonia . This privacy policy is intended to inform you about the categories of personal data that we process and the methods and purposes of their use in connection with your interaction with our website and services. As part of the General Data Protection Regulation, Crowdy OÜ collects and processes your personal data. We provide details of the types of data, the extent to which it is collected, and the purposes for which said data is used.

1 Purposes and bases for our processing of customer personal data

The processing of personal data by Crowdy OÜ users is carried out for the following purposes:

  • Conclusion and execution of an agreement for the provision of services electronically, including ensuring access to the services according to the terms and conditions defined on www.crowdy.ai. This action is necessary for the purchase of services, the basis under GDPR – Article 6(1)(b).
  • Fulfilment of the legal obligations to which the Controller is subject, including bookkeeping, issuing and keeping invoices and other accounting documents, basis under GDPR – Article 6(1)(c) in conjunction with national accounting legislation.
  • Realisation of the company’s legitimate interests aimed at quality service provision. These interests include:
    • Setting up and maintaining user account activity.
    • Improving, adjusting, customising and personalising the service to meet the needs of the user.
    • Ensuring the safety and security of data.
    • Defence against and pursuit of claims, including third party claims, grounds under GDPR – Article 6(1).

If you initiate contact with us via contact form, chat or email and enter into a contract, the processing of your personal data will be carried out in the following ways:

  • Exercising the company’s legitimate interests in response to your enquiry or request to resolve a problem, the legal basis is Article 6(1)(f) GDPR.
  • Taking the necessary steps to enter into a contract with you, including preparing and providing a proposal that will be customised according to the context of your enquiry. The legal basis for this data processing is Article 6(1)(b) GDPR.
  • In case you have subscribed to receive information about the latest news, special events, offers and other benefits via our newsletter, your personal data is processed on the basis of our legitimate interests as provided for in Article 6(1)(f) GDPR. You can unsubscribe at any time by unsubscribing via the link provided in the newsletter or by emailing us at [email protected]. If necessary, in accordance with applicable Estonian law, we may also request your consent to send marketing materials.

If you interact with our social media profiles, the processing of your personal data will be based on the company’s legitimate interests (Article 6(1)(f) GDPR) and may include the following activities:

  • Responses to private messages sent by us;
  • Participate in discussions by commenting on posts;
  • Distributing publications to subscribers;
  • Informing subscribers about our services and events through publications;
  • Analysing publication interaction statistics provided by social media, including views, reach and follower demographics.

If you are applying for a job, your personal data will be processed for the following purposes:

  • Carrying out the recruitment procedure with your involvement, in accordance with the legal obligations imposed on the Controller (legal basis of GDPR – Articles 6(1)(b) and 6(1)(c) GDPR);
  • Processing any other data that you provide to us voluntarily, or for the purposes of possible future recruitment if you have consented to this (GDPR legal basis – Article 6(1)(a) GDPR).

Providing your personal data is voluntary, but may be necessary to fulfil the purposes stated. As part of the current social media rules, when you write you a message or comment on our post, we will see your name (or pseudonym) and possibly a photograph.

  2 Types of data we process

Crowdy OÜ processes a variety of categories of users’ personal data, which depend on the way and purpose of using our services. Below is a list of the types of data that may be collected and processed as part of the provision of services:

  • Identification data, including but not limited to: user name, email address and other contact details provided during registration or while using the services.
  • Financial data required to process transactions, including invoicing and payment processing data.
  • Other data that users may provide in the process of entering into and fulfilling contracts, including but not limited to: information relating to orders and services.

Automatically collected user information may include:

  • Usage data and logs that include information about your activities within the services, as well as diagnostic, failure and performance logs.
  • Transaction information related to the use of services.
  • Device and connection information such as hardware type and model, operating system version, browser data, IP addresses, mobile network information, and device IDs.
  • Status information, which includes your online status and status message changes as part of your use of the services.
  • Data related to your business and financial transactions, including, but not limited to, order information, payment information and customer information.

The processing of said data is carried out in strict compliance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

The following categories of your personal data may be processed in the course of your interaction with our company:

  1. When you contact us via contact form, chat or email, we process identifying information such as your name, email address and any other information you provide in order to respond to your enquiry or provide the support you require.
  2. If you subscribe to our newsletter or agree to receive marketing information, we process your email address and other agreed data to send you information and promotional materials.
  3. As part of your activity on our social media profiles, we may process the data you post on your profile and use social media functionality to analyse interactions with our publications.
  4. When applying for a job, we process personal data in accordance with the Estonian Labour Code and other specific laws that regulate employment and data processing of candidates.

Data processing in all the above cases shall be carried out in compliance with the principles and requirements established by the General Data Protection Regulation (GDPR) as well as other relevant Estonian legislation.

The right to object to the processing of personal data

  1. Each data subject shall have the right to object at any time to processing of his or her personal data carried out on the basis of legitimate interests of the company. In the event of an objection, the company shall cease processing the data for the purposes indicated, except in situations where there are legitimate grounds for continuing such processing which override the interests, rights and freedoms of the data subject, or where the processing is necessary for the establishment, exercise or defence of legal claims.
  2. The data subject also has the right to object at any time to the processing of his or her personal data for direct marketing purposes. Upon receipt of such objection, the company is obliged to immediately stop processing the data for marketing purposes.

These rights are guaranteed under the General Data Protection Regulation (GDPR) and other relevant legislation aimed at protecting the personal data of data subjects.

 

3 Retention period of personal data

The personal data of users is processed by Crowdy OÜ for the time periods determined depending on the purposes, grounds and conditions established by the Estonian legislation and internal policies of the company:

  1. Account maintenance: Your data is processed until your account is deleted. However, in case of violation of the terms of use of the services, the data may be stored longer, the necessary time for the examination and resolution of claims, but not longer than the limitation period stipulated by Estonian law.
  2. Provision of services: Your personal data is processed for the duration of the contract. If the need for data processing arises from legal obligations, such as tax and accounting requirements, the data retention period is determined by the relevant laws.
  3. Problem resolution: Your data may be processed for as long as necessary to improve service performance and to confirm the adequacy of the resolution of your issue, within the limitation period for claims.
  4. Marketing activities: The processing of data for marketing purposes, including the sending of newsletters, continues until you object to such processing or withdraw your consent. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
  5. Social media interactions: Data related to your social media activity is processed until you decide to delete your comments, unsubscribe from our publications or delete your account.
  6. Recruitment: If you have consented to the processing of your data for future recruitment purposes, the processing will continue for a period of 48 months, but no longer than until your consent is withdrawn.

These provisions are harmonised with the requirements of the General Data Protection Regulation (GDPR) and the applicable Estonian law.

4 Scope of data protection

The protection of personal data under the General Data Protection Regulation (GDPR) covers all information relating to an identified or identifiable natural person. Such a person can be identified directly or indirectly, in particular by using the following data:

  • Identifiers: These can be a name, identification number, location data or online identifiers that identify an individual.
  • Special Characteristics: These are characteristics that uniquely describe a person’s physical, physiological, genetic, mental, economic, cultural or social situation.

Usage data refers to information that records the user’s interaction with the website. These data include:

    • Timestamps: The date and time of the start and end of the user’s session on the website.
  • Usage Rate: The amount and nature of user activity on the website, including pages viewed, time spent on each page, and other actions performed during the session.

The approach to data protection should be comprehensive and include adequate technical and organisational measures to ensure the security and confidentiality of personal data, preventing its unauthorised use, information leakage or other types of misuse.

5 Automatic data collection through website access

When you visit www.crowdy.ai, the system automatically captures technical data sent by your device. This data includes:

  • Date and time of access: Fixing the moment you log in to the site.
  • Browser type and version: Information about the web browsing software you are using.
  • Operating System: Information about the system installed on your device.
  • URL of the previous website: The URL of the website from which you came to www.crowdy.ai.
  • The amount of data sent: The amount of data transmitted in the course of using the website.
  • Requested Domain: The domain being accessed.
  • Notification of successful data retrieval: Indicates that the requested information has been successfully downloaded.
  • Search query when using a web browser: Queries made through the search engine of a web browser.
  • Shortened/Anonymised IP address: Using an IP address in a shortened or anonymised form to enhance privacy.
  • Full IP Address: Temporarily store the full IP address, up to a maximum of 14 days, for security and error analysis purposes.

This data is stored separately from any personal information you may provide and is used solely for technical purposes such as improving the functionality of the site, analysing errors and ensuring security. The retention of the full IP address is limited to a short period of time, as a measure to protect the information and respect the privacy of site visitors.

6 Cookies

Our website www.crowdy.ai uses cookies to improve user experience on our website. Cookies are small text files that a website sends to your computer or mobile device when you visit it. They are stored by your browser and returned to the original site or another site that recognises them on each subsequent visit. This allows the site to “remember” your device and settings, improving the quality of your interaction.

How cookies are used on our website:

  • Website functionality: Cookies are necessary to navigate the site and access its main functions.
  • Custom Settings: Allow the site to remember your preferences, such as your chosen language or region, to help personalise your experience.
  • Analytics and Statistics: Collect anonymised data about how you use the site, helping us to improve its structure and content.
  • Marketing: Used to track users and provide adverts that best match your interests.

Data transfer to third parties: We may share information collected through cookies with our social media, advertising and analytics partners to enable us and our partners to deliver relevant ads and analyse the effectiveness of our marketing campaigns.

Control and management of cookies: You can change your browser settings at any time to restrict or block cookies. However, disabling cookies may affect the functionality of the website and reduce usability, as some services may no longer function correctly.

By continuing to use our website, you consent to the use of cookies in accordance with this policy. If you do not agree to the use of cookies, you can adjust your browser settings accordingly or refrain from using the site.

7 Google Analytics

We use Google Analytics, a web analytics service from Google Inc. (“Google”), to analyse how users use our website. This service uses cookies to collect information about your interaction with the website. This includes data about your visits, including abbreviated IP addresses, which is transmitted and stored by Google on servers in the European Union.

Features and purposes of analytics:

  • Google analyses the information to compile reports on website actions that help us improve the services we provide.
  • The data may also be used by Google to provide other services related to internet usage.

Anonymisation function:

  • We have activated the IP anonymisation feature in Google Analytics. This means that Google shortens and anonymises the user’s IP address when accessed from the European Union or the European Economic Area before the data is transmitted to the servers.

Transfer of data to third parties:

  • Google may transfer the collected information to third parties where required to do so by law or where third parties process the information on Google’s behalf.

Data Storage:

  • User event data in Google Analytics is stored for 38 months, after which it is automatically deleted.

We use Google Analytics to better understand how visitors interact with our website and to improve the quality and availability of our services. If you do not wish to have your website activity tracked, you can install a browser add-on from Google to disable Google Analytics.

8 Data security

We attach great importance to the security of your personal data and use modern encryption technologies to protect the information transmitted and stored on our website. The effectiveness of encryption depends on the technology supported by your Internet browser.

How to check the security of the connection:

  • An encrypted connection can be recognised by the key or lock symbol in the status bar of your browser. This symbol indicates that the data transferred between your browser and our website is secure.

Safety Measures:

  • We implement both technical and organisational security measures to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons.
  • Our security measures are regularly updated and improved in line with the latest technological developments.

Continuous Improvement:

  • We are constantly working to improve our security measures to ensure that our data is securely protected in accordance with the latest technology standards and information security practices.

We are committed to providing a high level of security at all stages of your data processing, so that you can use our services with confidence, knowing that your information is safe and secure.

9 Your rights

Under European Union law, in particular the General Data Protection Regulation (GDPR), you have a number of rights relating to the processing of your personal data:

  1. Right to confirmation and information: You have the right to request confirmation of whether your personal data is being processed and, if so, to obtain information about that data and the purposes for which it is being processed.
  2. Right of Correction: If you find that information about you is incorrect or out of date, you may request that it be corrected.
  3. Right to erasure (“right to be forgotten”): You can request the deletion of your data if the processing has no legal basis or is no longer necessary for the purposes for which the data was collected. Data processing will be stopped if it is not supported by other legal grounds.
  4. Right to restriction of processing: You can request restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, the data is no longer necessary for the purposes of the processing, or you have objected to the processing.
  5. Right to withdraw consent: If you have previously consented to the processing of your personal data, you may withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
  6. Right to object: You have the right to object to the processing of your data if it is carried out on the basis of legitimate interests or for direct marketing purposes. In the latter case, your objection will be granted without giving reasons.
  7. Right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint.

To exercise these rights, please contact us at [email protected]. We will make every effort to fulfil your request in accordance with the applicable Estonian law.