Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

We collect personal data only when you voluntarily provide it to us. This includes:

• ✓ Name and email address submitted via our contact form
• ✓ Your message content and the service area you select
• ✓ Basic usage data collected automatically via Cloudflare (IP address, browser type, pages visited)

We do not use cookies for tracking or advertising purposes. We do not use Google Analytics or similar third-party tracking tools.

3. How We Use Your Data

We use the personal data you provide solely to:

• ✓ Respond to your enquiry and communicate with you about potential or ongoing engagements
• ✓ Fulfil our contractual obligations if you become a client
• ✓ Comply with legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• ✓ Consent — when you submit our contact form
• ✓ Legitimate interests — to respond to business enquiries and maintain client relationships
• ✓ Contractual necessity — to fulfil our obligations when you engage our services
• ✓ Legal obligation — where required by applicable law

5. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law. Contact form submissions are retained for up to 24 months. Client engagement data is retained for up to 7 years in accordance with accounting and legal requirements.

6. Third-Party Services

We use a limited number of third-party services to operate our website and handle enquiries:

• ✓ Cloudflare — website hosting, DNS, and security
• ✓ Web3Forms — contact form submission processing
• ✓ Sanity — content management system
• ✓ Google Fonts — web font delivery

Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• ✓ Right of access — to request a copy of the data we hold about you
• ✓ Right to rectification — to request correction of inaccurate data
• ✓ Right to erasure — to request deletion of your data
• ✓ Right to restriction — to request that we limit how we use your data
• ✓ Right to data portability — to receive your data in a structured format
• ✓ Right to object — to object to our processing of your data

To exercise any of these rights, please contact us at info(a)smartcoast.fi. We will respond within 30 days.

8. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the relevant supervisory authority. In Estonia, this is the Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee.

9. Changes to This Policy

We may update this privacy policy from time to time. The date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

10. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us: