Privacy Policy
This Privacy Policy explains how SoluTechIT OÜ ("Solutech", "we", "us") collects and processes personal data when you use our store and purchase our digital Products. We are the data controller for this processing under the EU General Data Protection Regulation (GDPR).
1. Controller and contact
Controller: SoluTechIT OÜ, registry code 17531196, Maakri tn 25, Kesklinna linnaosa, Tallinn, Harju maakond, 10145, Estonia. For any privacy question or to exercise your rights, contact solutechit@inbox.eu.
2. What data we collect, and why
We deliberately collect only what we need to issue a valid invoice and fulfil your order:
- Order & invoice data — the Product you chose, buyer type (individual/business), full name or company name, VAT number (if provided), country, billing address (street, city, postal code), and any notes you add. Purpose: creating and issuing a legally valid invoice and fulfilling the contract.
- Email address — Purpose: sending your invoice and Product delivery, and contacting you about your order.
- Invoice records — the issued invoice (including the above details, invoice number, amounts, and VAT treatment). Purpose: accounting and meeting our statutory bookkeeping obligations.
- Limited technical data — our serverless function may briefly process technical signals (such as a request timestamp and a coarse rate-limiting marker) to prevent abuse and spam submissions. We do not build advertising or tracking profiles.
We do not place personal data in URLs, and we do not sell your personal data.
3. Legal bases (GDPR Art. 6)
- Performance of a contract (Art. 6(1)(b)) — to process your order, deliver the Product, and provide support.
- Legal obligation (Art. 6(1)(c)) — to issue invoices and keep accounting records as required by Estonian and EU law.
- Legitimate interests (Art. 6(1)(f)) — to keep the store secure and prevent fraudulent or abusive submissions (e.g. our honeypot and rate-limiting).
4. Retention
We keep invoice and accounting records for the period required by Estonian law (currently seven years for accounting source documents). Order correspondence is kept only as long as needed to support you and resolve any disputes, after which it is deleted or anonymised.
5. Processors and recipients
We share data only with service providers that help us run the store, under data-processing agreements, and only as needed:
- Hosting — Cloudflare, Inc. (Cloudflare Pages) hosts and delivers the website.
- Email delivery — our email provider (inbox.eu / mail.ee SMTP) delivers your invoice and Product email.
- VAT validation — where applicable, EU VAT numbers may be validated against the European Commission's VIES service.
Where a processor is located outside the EEA, we rely on an adequacy decision or appropriate safeguards (such as Standard Contractual Clauses). We do not otherwise disclose your data, except where required by law.
6. International transfers
Our aim is to keep processing within the EEA. If any processor transfers data outside the EEA, we ensure appropriate safeguards are in place as described above.
7. Your rights
Under the GDPR you have the right to: access your data; rectify inaccurate data; erase data (subject to our legal obligation to retain invoices); restrict or object to certain processing; data portability; and to withdraw consent where processing is based on consent. To exercise any right, email solutechit@inbox.eu. We will respond within the timeframes set by the GDPR.
You also have the right to lodge a complaint with a supervisory authority. In Estonia this is the Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee). You may also contact the authority in your EU country of residence.
8. Cookies and tracking
The store is built to work without advertising or analytics cookies. We use only what is strictly necessary for the site and checkout to function. If we add optional analytics in future, we will update this policy and request consent where required.
9. Security
We apply appropriate technical and organisational measures, including server-side validation, transport encryption (HTTPS), spam/abuse controls, and storing only the data needed for invoicing. No method of transmission or storage is completely secure, but we work to protect your data.
10. Changes to this policy
We may update this Privacy Policy. The current version, with its "Last updated" date, is always available on this page.