Last updated: 22 September, 2025 18:21
Privacy Policy
1. Preamble and Scope
1.1. Commitment to Privacy: fraqmented OÜ (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal data entrusted to us by individuals (“Data Subjects,” “you,” or “users”). This Privacy Policy (“Policy”) outlines our practices regarding the collection, use, processing, storage, and disclosure of personal data, in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection laws.
1.2. Scope: This Policy applies to all personal data collected and processed by the Company in connection with the operation of our coworking space at Pikk 7, Tallinn, Estonia, and related services, including but not limited to membership management, event organization, and website usage.
2. Data Collection and Processing
2.1. Categories of Personal Data: We collect and process the following categories of personal data: * Identification Data: Name, company name, and related organizational details. * Contact Data: Email address, telephone number, and postal address. * Payment Data: Payment details, transaction history, and billing information (processed through Stripe and Revolut). * Technical Data: IP address, browser type, operating system, and website usage data (collected via Google Analytics, Google Tag Manager, and Google Search Console). * Marketing Data: Preferences for receiving marketing communications and engagement with marketing activities (collected via Facebook Ads, Google Ads, and LinkedIn Ads). * CCTV Data: Video footage captured by our CCTV surveillance system. 2.2. Methods of Collection: We collect personal data through: * Direct Interactions: Membership applications, registration forms, event sign-ups via Luma, and direct communication. * Automated Technologies: Cookies, tracking pixels, and server logs on our website and through third-party platforms. * Third-Party Sources: Payment processors (Stripe, Revolut), social media platforms (LinkedIn), and advertising networks (Facebook Ads, Google Ads). 2.3. Legal Basis for Processing: We process personal data based on one or more of the following legal bases: * Consent: When you provide explicit consent for1 specific processing activities (e.g., marketing communications). * Contractual Necessity: When processing is necessary for the performance of a contract to which you are a party (e.g., membership agreement). * Legal Obligation: When processing is necessary to comply with legal obligations (e.g., tax reporting). * Legitimate Interests: When processing is necessary for our legitimate interests or the legitimate interests of a third party,2 provided that your rights and freedoms do not override those interests (e.g., security, service improvement).
3. Data Storage, Security, and Retention
3.1. Data Storage: Personal data is stored on secure servers hosted by Render and within the systems of our third-party service providers, which adhere to industry-standard security measures.
3.2. Data Security: We implement appropriate technical and organizational measures to protect personal data from unauthorized access,3 disclosure, alteration, and destruction,4 including: * Encryption: Data in transit and at rest is encrypted using industry-standard protocols. * Access Controls: Access to personal data is restricted to authorized personnel. * Regular Security Assessments: We conduct regular security assessments to identify and address vulnerabilities. 3.3. Data Retention: We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, or as required by applicable laws and regulations.5 Retention periods are determined based on factors such as: * Membership Duration: Membership data is retained for the duration of the membership and for a reasonable period thereafter. * Legal Obligations: Data required for tax or accounting purposes is retained for the legally mandated period. * CCTV Footage: CCTV footage is retained for a limited period, as necessary for security purposes.
4. Data Sharing and Disclosure
4.1. Third-Party Service Providers: We may share personal data with third-party service providers who assist us in providing6 our services, including: * Payment Processors: Stripe and Revolut for processing payments. * Event Management Platforms: Luma for event registration and management. * Analytics and Marketing Platforms: Google Analytics, Google Tag Manager, Google Search Console, Facebook Ads, Google Ads, and LinkedIn Ads for analytics and marketing purposes.
4.2. International Transfers: We aim to minimize data transfers outside the European Economic Area (EEA). If transfers are necessary, we implement appropriate safeguards, such as Standard Contractual Clauses, to ensure adequate data protection.
4.3. Legal Requirements: We may disclose personal data to comply with legal obligations, respond to lawful requests from public authorities, or protect our rights and interests.7
5. Data Subject Rights
5.1. Rights Under GDPR: Data Subjects have the following rights: * Right to Access: To request access to their personal data. * Right to Rectification: To request correction of inaccurate or incomplete data. * Right to Erasure (“Right to be Forgotten”): To request deletion of their data, subject to legal limitations. * Right to Restriction of Processing: To request restriction of processing in certain circumstances. * Right to Data Portability: To receive their data in a structured, commonly used, and machine-readable format. * Right to Object: To object to processing based on legitimate interests or direct marketing. * Right to Withdraw Consent: To withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
5.2.8 Exercising Rights: To exercise any of these rights, Data Subjects can contact us through our support channels. We will respond to requests in accordance with GDPR requirements.
6. Cookies and Tracking Technologies
6.1. Use of Cookies: We use cookies and similar tracking technologies to enhance user experience, analyze website traffic, and deliver targeted advertisements.
6.2. Cookie Management: Users can manage cookie preferences through their browser settings or by using cookie consent management tools.
7. CCTV Surveillance
7.1. Purpose: Our CCTV system is used for security purposes, including the protection of our kiosk items and the belongings of our users.
7.2. Storage and Access: CCTV footage is stored for a limited period and is accessible only to authorized personnel.
7.3. Notification: This Policy serves as notification that CCTV surveillance is in operation.
8. Amendments to this Policy
We reserve the right to amend this Policy at any time. We will notify Data Subjects of any material changes through appropriate channels.
9. Contact Information
For any questions or concerns regarding this Policy or our data processing practices, please contact us through our support channels.
10. Governing Law and Dispute Resolution
This Policy shall be governed by and construed in accordance with the laws of Estonia. Any disputes arising from this Policy shall be resolved through amicable negotiation. If negotiation fails, disputes shall be submitted to the competent courts of Tallinn, Estonia.
