Skip to main content
Back to home

Privacy Policy

Last updated: March 27, 2026

1. Data Controller

Poro-IT OÜ

Tallinn, Estonia

Email: info@poro-it.com

2. Data We Collect

Our website collects the following data:

  • Technical data: IP address, browser type, device info (anonymized)
  • Cookies: Essential cookies for website functionality (see Cookie Policy)
  • Contact data: Only when you contact us directly (email, phone, chatbot messages)

3. Legal Basis for Processing

  • Consent (GDPR Art. 6(1)(a)): Analytics cookies, if enabled
  • Legitimate interest (GDPR Art. 6(1)(f)): Website security and functionality
  • Contract (GDPR Art. 6(1)(b)): When you engage our services

4. Third-Party Processors

  • Vercel Inc (web hosting) — USA, Standard Contractual Clauses
  • Google LLC (Google Fonts, Google Maps embed) — USA, EU-US Data Privacy Framework

We do not sell your personal data to third parties.

5. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

Contact: info@poro-it.com. We respond within 30 days.

6. Data Retention

  • Contact data: Until you request deletion
  • Cookie consent: 1 year
  • Technical logs: 90 days

7. Data Security

We protect your data using HTTPS encryption, security headers (CSP, HSTS, X-Frame-Options), and access controls.

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify the Estonian Data Protection Inspectorate within 72 hours (GDPR Art. 33) and affected individuals without undue delay (GDPR Art. 34).

9. Supervisory Authority

You have the right to lodge a complaint with:

Andmekaitse Inspektsioon
Tatari 39, 10134 Tallinn
info@aki.ee

10. Changes

We may update this policy from time to time. Significant changes will be communicated via the website.