Privacy Policy

Last updated: October 2025

This Privacy Policy explains how Kontorva OÜ (“we”, “us”, or “our”) collects, uses, and protects personal data when you use Ärikaart, a B2B data and outreach platform owned and operated by Kontorva OÜ.

We are committed to handling personal data responsibly and in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Estonian laws.

1. Controller Information

Kontorva OÜ
Registry Code: 16916787
Address: Mäealuse tn 2/4, 12618 Tallinn, Estonia
Email: support [at] kontorva [dot] com

Kontorva OÜ is the data controller responsible for processing personal data within the Ärikaart platform.

2. Data We Collect

We collect and process the following categories of data depending on your relationship with us and your use of the platform:

a) Account and User Information

Name, company name, email address, phone number, job title, and password.
Billing details such as payment method and transaction history.

b) Usage Data

Log data such as IP address, browser type, device information, access dates, and activity logs.
Platform usage metrics (e.g., searches, campaigns, exports) for performance and analytics.

c) B2B Data

Ärikaart aggregates and displays publicly available business-related information about Estonian companies and their representatives.
This includes:

Company registration details, financial data, ownership structure, and management members.
Publicly available contact details (business emails, phone numbers, LinkedIn profiles, etc.).
Data obtained from official Estonian business registries, open data sources, or licensed third-party APIs.

This data is collected solely for legitimate business purposes and in compliance with GDPR Article 6(1)(f) – legitimate interest in facilitating B2B networking and transparency.

3. Purpose of Processing

We process personal data for the following purposes:

To provide access to and maintain the Ärikaart platform and its features.
To process payments, manage subscriptions, and provide customer support.
To personalize user experience and improve our services.
To send service updates, product information, or promotional content (only with user consent).
To ensure security, prevent misuse, and comply with legal obligations.
To display publicly available Estonian company data for lawful B2B purposes.

4. Legal Basis for Processing

We process data under the following legal bases:

Contractual necessity – when providing services under a subscription or trial agreement.
Legitimate interests – in operating a B2B intelligence platform that facilitates lawful commercial contact between businesses.
Consent – when sending marketing communications.
Legal obligation – where processing is required under Estonian or EU law.

5. Data Sources

Data shown on Ärikaart may be obtained from:

Estonian Business Register and other open government databases.
Official company websites and press releases.
Licensed third-party data providers and verification APIs.
User submissions and updates.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes above:

Account information is retained for as long as your subscription or trial remains active.
Business contact data remains published as long as it is publicly available or relevant to legitimate B2B use.
Logs and analytics data are retained for up to 24 months.

When data is no longer needed, it is securely deleted or anonymized.

7. Data Sharing and Transfers

We may share limited data with:

Service providers and partners (e.g., payment processors, email delivery, analytics, cloud hosting).
Public authorities if required by law.
Users of the platform, to the extent data is already public and relevant to B2B purposes.

All third-party processors are bound by confidentiality and data protection agreements.
Data is stored and processed within the European Economic Area (EEA) whenever possible.

8. International Data Transfers

If data is transferred outside the EEA (e.g., when using global cloud services), we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission, or
Equivalent safeguards ensuring GDPR compliance.

9. Your Rights

As a data subject under GDPR, you have the right to:

Access your personal data.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”).
Restrict or object to processing.
Withdraw consent for marketing communications at any time.
Data portability – request your personal data in a structured, machine-readable format.

To exercise these rights, contact: support [at] kontorva [dot] com.
We will respond within 30 days of receipt.

10. Cookies and Tracking

Ärikaart uses cookies and similar technologies for:

Authentication and session management.
Analytics and performance improvement.
Storing user preferences.

Users can manage or disable cookies through their browser settings, though some features may not function correctly.

For details, see our Cookie Policy.

11. Security Measures

We implement industry-standard security measures including:

Encrypted data transmission (TLS/SSL).
Access controls and authentication protocols.
Regular security audits and vulnerability monitoring.
Secure hosting via DigitalOcean data centers in the EU.

Despite these measures, no online platform can guarantee absolute security.

12. Children’s Privacy

Ärikaart is intended for business use only and is not directed to individuals under 18 years old.

We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy periodically.
All changes will be published on this page with an updated “Last updated” date.
Significant changes will be communicated by email or platform notice.