Privacy Policy

1. Introduction

This privacy policy describes how Otso OÜ (hereinafter “we”, “us”, or “Otso”) collects, uses, stores, and protects your personal data when you visit our website otso.ee or use our services.

We respect your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian data protection laws.

2. Data controller

Otso OÜ
Reg. code: 17387302
Address: Harju County, Saku Parish, Männiku village, Männiku tee 112, 75511
Email: info@otso.ee
Phone: +372 5803 1626

3. What data we collect

We may collect the following personal data:

3.1. Data you provide

• Contact details: name, email address, phone number
• Address details: home or business address (for preparing quotes)
• Communication data: the content of inquiries, email or phone communications
• Technical information: energy consumption data, roof measurements, building type (for preparing quotes)

3.2. Data collected automatically

• Website usage data: IP address, browser type and version, pages visited
• Cookies: we use cookies to ensure website functionality (see section 7)
• Device data: device type, operating system, screen resolution

4. How we use your data

We use your personal data for the following purposes:

4.1. Service delivery

• Preparing and sending quotes
• Providing consultations and delivering projects
• Customer advice and technical support
• Performing contracts and fulfilling warranty obligations

4.2. Communication

• Responding to inquiries and questions
• Keeping you informed about project status and updates
• Sending newsletters (with your consent)

4.3. Website improvement

• Improving website functionality and user experience
• Statistics and analytics (in anonymized form)
• Detecting and resolving technical issues

4.4. Legal obligations

• Accounting and tax compliance
• Meeting legal requirements
• Handling potential legal disputes

5. Legal basis for processing

We process your personal data on the following legal grounds:

• Contract: processing is necessary for performance of a contract or to take steps prior to entering into a contract
• Consent: you have given clear consent for processing for a specific purpose (e.g., newsletters)
• Legal obligation: processing is necessary to comply with a legal obligation
• Legitimate interest: processing is necessary for our legitimate interests or those of a third party

6. Sharing of data

We do not sell or rent your personal data to third parties. We may share your data only in the following cases:

6.1. Service providers

We may use trusted third-party service providers who help us deliver services:

• Hosting services: website hosting and technical support providers
• Email services: sending and managing emails
• Analytics: website usage statistics (Google Analytics or similar)
• CRM systems: customer relationship management

All service providers must comply with strict data protection standards and may use data only for the specified purposes.

6.2. Legal requirements

We may disclose your data if necessary:

• To comply with legal requirements (e.g., a court order or request from a public authority)
• To protect our rights, property, or safety
• To prevent fraud or other unlawful activity

6.3. Business transactions

If Otso OÜ is merged, acquired, or sold, your personal data may be transferred as part of the business transaction. We will notify you of such changes.

7. Cookies

Our website uses cookies to improve user experience and analyze website usage.

7.1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and actions.

7.3. Cookies we use

• Essential cookies: required for basic website functionality (e.g., theme selection, language)
• Analytics cookies: help us understand how visitors use the site (Google Analytics)
• Functional cookies: remember your preferences and selections

7.4. Managing cookies

You can manage and delete cookies in your browser settings. Please note that disabling cookies may affect website functionality.

8. Data security

We take the protection of your personal data seriously and implement appropriate technical and organizational measures:

• Encryption: we use SSL/TLS encryption when transmitting data
• Secure hosting: data is stored on secure servers within the EU
• Access control: only authorized staff have access to personal data
• Regular backups: to prevent data loss
• Monitoring: we monitor and log access attempts

While we do our best, no internet transmission can be 100% secure. We cannot guarantee absolute security.

9. Data retention

We keep your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Quote-related data: up to 2 years after a quote is issued
• Customer data (with contract): for the term of the contract + 7 years after termination (accounting requirements)
• Warranty data: for the warranty period + 2 years
• Newsletter subscriptions: until you unsubscribe
• Website logs: up to 12 months

After the retention period ends, we securely delete or anonymize your data.

10. Your rights

Under GDPR, you have the following rights regarding your personal data:

10.1. Right of access

You have the right to obtain confirmation whether we process your personal data and, if so, to access that data.

10.2. Right to rectification

You have the right to request correction or completion of inaccurate or incomplete personal data.

10.3. Right to erasure (“right to be forgotten”)

Under certain conditions, you have the right to request deletion of your personal data.

10.4. Right to restriction of processing

You have the right to request restriction of processing of your personal data in certain situations.

10.5. Right to data portability

You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format.

10.6. Right to object

You have the right to object to processing of your personal data where processing is based on legitimate interests.

10.7. Right to withdraw consent

If processing is based on your consent, you have the right to withdraw your consent at any time.

10.8. Right to lodge a complaint

You have the right to lodge a complaint with the Data Protection Inspectorate if you believe your rights have been violated:

Data Protection Inspectorate
Website: www.aki.ee
Email: info@aki.ee
Phone: +372 627 4135

10.9. Exercising your rights

To exercise your rights, contact us at info@otso.ee. We will respond within 30 days.

11. Children’s privacy

Our services are not intended for persons under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected a child’s personal data, we will delete it without delay.

12. International data transfers

Your personal data is stored and processed primarily within the European Economic Area (EEA). If data needs to be transferred outside the EEA, we ensure that:

• The receiving country is recognized by the European Commission as providing an adequate level of data protection, or
• Appropriate safeguards are implemented (e.g., standard contractual clauses)

13. Changes to this privacy policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the website. We recommend reviewing this policy regularly.

The latest update date is shown at the top of this page.

14. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy policies or content of those websites. We recommend reviewing the privacy policy of each website you visit.

15. Contact

If you have questions about this privacy policy or the processing of your personal data, please contact us:

We will respond as quickly as possible, but no later than within 30 days.