Privacy Policy

Last updated: 21.09.2020

At Spyse OÜ ("we", "our" or "us"), we value your privacy, and remain committed to transparency about our personal data processing practices on https://spyse.com ("Website").

This Privacy Policy applies to all of the products, software and services offered through the Website ("Services") and describes the personal data we collect and what we do with this data.

By using the Services and providing personal data to us, you acknowledge you have read this Privacy Policy and, to the extent your consent is necessary and valid under applicable law, you consent to the processing of your personal data in accordance with this Privacy Policy.

This Privacy Policy does not apply to third-party services that you opt to access through this Website. While accessing third-party services, please make sure that you carefully review the terms and conditions and privacy policies governing the use thereof.

Data controller

Spyse OÜ, a company registered under the laws of Estonia, registration number 14655957, is a data controller in respect of the personal data processed in accordance with this Privacy Policy, unless stated otherwise. This means that we determine the purposes and means of the processing of personal data.

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Sakala tn 7-2, 10141

Email: dataprotection@spyse.com

What personal data do we collect?

We treat any information relating to an identified or identifiable natural person as "personal data". This includes name, identification number, location data as well as online identifiers (e.g. IP address, cookie identifiers).

In order to provide our Services, we need to process your personal data. The categories of personal data we process depend on your use of the Services, including whether you opt to become a Registered User or not.

In all cases, we collect only the minimum personal data necessary to achieve our purposes. Also, we do not knowingly collect or otherwise process sensitive data (e.g. personal data concerning your health, religious or political views etc.) and personal data about individuals under the age of 16 (sixteen). If we learn that we have collected such personal data, we will delete it as soon as practically possible. If you believe that any of such personal data was provided to us, please contact us at dataprotection@spyse.com.

Subject to that, the following personal data can be processed, including through cookies and other web technologies:

Personal data you provide

We collect the content, communications and other information you provide to us while using the Website and Services. For example, some pages on the Website allow you to send us emails, and such messages sent to us will contain your email address and any other additional information you wish to include.

If you choose to become a Registered User and sign up for an account on the Website, you will be asked to provide certain information through a registration form, including your email address and password. Once registered on the Website, you may also add the additional personal data to your account: your first and last name, phone number, job title, and organization.

For as long as you are a Registered User, you are responsible for providing us with accurate personal data and for keeping such data up to date. You may update your personal data by editing your user profile in your account.

Information we collect about you

When you use the Website, we collect information about the Services you use and how you use them, namely:

  • Usage information. We collect information about your interactions with the Website, such as the pages or other content you view, your searches, applications you have sent, and other actions on the Website;
  • Location information. When you use certain features of the Website, we may collect different types of information about your IP address (such as your location);
  • Log data. We automatically collect log information when you use the Website, even if you have not logged in as the Registered User. That information includes, among other things: details about how you’ve used the Website (including links to third party applications), IP address, access times, hardware and software information, device information, device event information (e.g., crashes, browser type), and the page you’ve viewed or engaged with before or after using the Website;
  • Transaction information. We may collect limited information related to your transactions on the Website, including the date and time and the amounts charged;
  • Cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our Website which helps us to provide you with a better experience when you browse our Website and also allows us to improve our Website. We use cookies and other similar technologies, such as tags and pixels. We may also allow third parties to use these tracking technologies on the Website, or engage others to track your conduct on our behalf. For detailed information about the use of cookies, please refer to our Cookie Policy.

How do we process your personal data?

We process the personal data collected from you for the purposes specified hereinafter or as stated at the point of collection (or as obvious from the context of collection). In particular, we process your personal data for any of the following purposes:

  • To administer and manage the Website. We process your personal data to confirm and authenticate your identity, prevent unauthorized access to the restricted areas of the Website (e.g. access to the Subscription Plan limited to the Registered Users only). We also process your personal data to maintain the integrity of our Services by detecting and combating harmful and any other conduct that violates our Terms of Use .
  • To communicate with you. We process your personal data to provide you with the information that you have requested, or that we think may be relevant to a subject in which you have demonstrated an interest as well as to reply to any other requests received from you;
  • To provide, personalize and improve our Services. We process your personal data to provide and/or enable our subcontractors to provide the Services requested by you. We can also process your personal data to customize the contents and features of our Website, remember your settings, display personalized advertising and improve our service offerings. Your personal data can be additionally processed for internal administrative purposes and for accounting;
  • To manage our relationship with you. We may add your personal data to our customer management systems and provide you with regular updates related to our Services as well as changes that we introduce to our Terms of Use, Subscription Plan, Privacy Policy, Cookie Policy and any other documents from time to time;
  • To understand how you interact with our Website and Services and improve your experience. We can process your personal data to understand how you use the features and functions on our Website, which content you access, and tailor our Website and Services to your needs and interests;
  • To send marketing communications. To the extent permitted by the applicable law, we may process your personal data to send you the information about our Services which may be of interest to you and similar marketing information. We may also use the technologies that allow us to understand whether you opened a marketing email or clicked on a link contained therein.

While processing your personal data for any of the purposes specified herein, we ensure that we have a lawful basis that allows us to proceed with personal data processing. In every case, the lawful basis will be one of the following:

  • Our legitimate interests. We rely on our legitimate interests where it is necessary to ensure the effective and lawful operation of our business (provided that our interests are not overridden by your interests and or fundamental rights and freedoms). For example, we rely on our legitimate interests when we provide our Services, understand how our Services and/or Website are used and which Services are of interest to you;
  • Performance of a contact with you or taking steps, at your request, prior to entering into the contract. For example, where you opt to become a Registered User and/or purchase the Subscription Plan offered on the Website, we may need to process your personal data in order to provide you with the requested Services;
  • Consent. Where required to obtain your consent, we will rely on your freely given, specific, informed, and unambiguous consent to the processing of your personal data. For example, we can process your personal data for marketing purposes subject to your consent. You can withdraw your consent at any time and, in the case of marketing emails, you can withdraw your consent by clicking the unsubscribe link added thereto;
  • Compliance with a legal obligation to which we are subject. As per the legal requirements applicable to us, we may be obliged to collect and further store certain personal data about you. For example, we may be subject to the accounting requirements that would require us to store the information about our customers for a certain period of time.

How do we provide access and disclose your personal data?

We may need to engage third parties and, under certain circumstances, provide your personal data thereto for the purposes specified in this Privacy Policy:

  • Service providers. We may need to share your personal data with the service providers (sub-contractors) that are engaged to provide the Services on our behalf, including the customer and service support, analytics and research, marketing and advertising, security and fraud prevention. Such third parties are authorised to process your personal only to the extent permitted by us, and they are prohibited from using your personal data for other purposes;
  • Payment services. We may access limited financial data related to your payments made according to the Subscription Plan. Most financial data, including your payment card details, is processed by one of the payment service providers, namely Skrill or Blockonomics used to manage and process your payments. Your financial data is provided directly to the payment service providers, and the use and storage thereof is governed by the privacy policies of such third parties. For more details, please refer to one of the following privacy policies depending on your payment method:
    Skrill: https://www.skrill.com/en/footer/privacypolicy/
    Blockonomics: https://www.blockonomics.co/views/privacy.html
  • Analytics services. We use the third-party services in order to help us understand and measure your engagement with our Website and Services. In particular, we may use the following services:
    • Intercom. In order to store and track usage statistics and maintain the support live chat on the Website, we may use the services provided by Intercom Inc. Intercom may process the contact and social media information related to you, such as your email address, organization, job title in order to enhance your user experience. For more information on the privacy practices of Intercom, please refer to its privacy policy available at: https://www.intercom.com/legal/privacy;
    • Hotjar. Hotjar is a technology service that helps us better understand your experience on the Website. Hotjar uses the web technologies to collect data about your conduct on the Website and the devices used to browse the Website. Hotjar stores such data in a pseudonymized user profile. Neither Hotjar nor we will use this data to identify individual users of the Website or to match it with further data related thereto. For further details, please refer to the Privacy Policy of Hotjar available at: https://www.hotjar.com/legal/policies/privacy

      You can deactivate the use of your personal data by Hotjar by following this link: https://www.hotjar.com/privacy/do-not-track/

    • Google Analytics. Google Analytics is a web analytics service offered by Google that allows us to track the website traffic. Google uses the collected data to track and monitor the use of our Website and Services. For more information on the privacy practices of Google, please refer to its privacy policy available at: https://policies.google.com/privacy?hl=en

      You can deactivate the use of your data by Google Analytics by following this link: https://tools.google.com/dlpage/gaoptout

  • Marketing services. In order to provide the information about our Services and any other information which may be of interest to you, we may use MailChimp, a third-party service that provides the tools to create, send, and manage emails. For more information, please refer to Section 3 of MailChimp Privacy Policy available at: https://mailchimp.com/legal/privacy/
  • Customer relationship management services. We may use HubSpot CRM, a user database management service provided by HubSpot, Inc. Therein, we may process your personal data provided to us in accordance with this Privacy Policy. For more details, please refer to HubSpot Privacy Policy available at: https://legal.hubspot.com/privacy-policy

Under certain circumstances, we are legally obliged to share your personal data. For example, we may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organization if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else. In such cases, we will satisfy ourselves that we have a lawful basis on which we share the personal data with such authorities and other organizations.

How do we transfer your personal data?

While we act as a data controller in respect of your personal data, we may also transfer your personal data to and store it outside the country where you are located. This may be necessary to provide the Services set forth in our Terms of Use or for other purposes specified herein.

Such cross-border transfers may include the countries outside the European Economic Area ("EEA") and countries that do not have laws that would provide specific protection for personal data. Where we collect your personal data within the EEA, transfer outside the EEA will be only:

  • to a recipient located in a country which provides an adequate level of protection for your personal data; and/or
  • under an agreement which satisfies the European Union requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

How and how long do we store your personal data?

We use the services provided by Hetzner, a company registered under the laws of Germany, in order to host our servers and store the data collected via the Website. In providing its services, Hetzner may collect certain data related and limited thereto. For more information, please refer to: https://www.hetzner.com/rechtliches/datenschutz/

We will retain your personal data only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. Should you opt to become our Registered User or otherwise use the Services provided by us, we retain personal data about you for as long as you have an active account on the Website or as otherwise necessary to provide the Services. In some cases, we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or as otherwise permitted or required by applicable law, rule, or regulation. For example, when you purchase a Subscription Plan on our Website, we will need to keep your personal data for accounting purposes for the period required by the applicable law. We keep mailing list information until you unsubscribe from our mailing lists as described herein and/or in the email that you receive. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request and do not send you any marketing emails in future.

In some cases, we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or as otherwise permitted or required by applicable law, rule, or regulation. For example, when you purchase a Subscription Plan on our Website, we will need to keep your personal data for accounting purposes for the period required by the applicable law.

We keep mailing list information until you unsubscribe from our mailing lists as described herein and/or in the email that you receive. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request and do not send you any marketing emails in future.

How do we protect your personal data?

We have implemented the reasonable and generally accepted technical and organizational measures to protect your personal data against unauthorized access, destruction or alteration. This includes, but is not limited to the following:

  • We use SSL encryption (https) everywhere where we deal with personal data;
  • Your account passwords are hashed when stored in our database;
  • The authenticity of request methods is verified to prevent CSRF (cross-site request forgery) attacks;
  • Our employees use passwords and enable screen locking;
  • We restrict access to personal data. Access to IT accounts that process personal data is limited on a need-to-know basis and requires Two-Factor Authentication (2FA);
  • Access to production data is on a need-to-know basis;
  • We work with and engage only such service providers that take the proper technical and organizational measures in order to safeguard the security of personal data transferred thereto.

While we endeavour to protect our systems and services, we cannot guarantee the security of the personal data transmitted to or by us and we do not guarantee or warrant that the measures taken by us will prevent unauthorised access to personal data that we process.

What are your rights in relation to personal data?

Where we act as a data controller in respect of your personal data, you have certain rights in relation to your personal data processed by us, including those set forth below:

  • Right of access. You have the right to obtain confirmation as to whether we process your personal data, receive a copy of your personal data and obtain information about the scope and purposes of personal data processing. We will generally deal with your request within the period of 1 (one) month upon receipt thereof, unless we need more time to process it (e.g. if your request is complicated or we have received a large number of requests);
  • Right to rectification. Should you believe that your personal data we process is inaccurate or incomplete, you have the right to ask us to amend and/or complete your personal data;
  • Right to erasure. You have the right to ask us to delete your personal data in a number of cases (e.g. when the personal data are no longer necessary in relation to the purposes for which such data is processed);
  • Right to restriction of processing. You have the right to ask us to restrict the processing of your personal data (e.g. for a period enabling us to verify the accuracy of personal data as per your request);
  • Right to object. You have the right to object to processing of your personal data when we rely on our legitimate interests as a lawful basis for processing or our processing is for direct marketing purposes;
  • Right to data portability. You have the right to receive your personal data in a machine-readable format. You also have the right to ask us to transmit your personal data to another organization where technically feasible and given that our lawful basis for processing is your consent or necessity for performance of our contract with you and the processing is carried out by automated means;
  • Right to withdraw consent. If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time;
  • Right to file complaint. You have the right to lodge a complaint about our practices with respect to your personal data with the Estonian Data Protection Inspectorate at https://www.aki.ee/en or supervisory authority of your country.

Please note that under certain circumstances and when permitted by the applicable law, we may not be able to fully comply with your request (e.g. when your request is excessive or manifestly unfounded). In some cases, we may also need the additional information from, which may include your personal data, in order to verify your identity and the nature of your request.

Data Protection Authority

This Privacy Policy shall be governed by the laws of the Republic of Estonia. The competent supervisory authority shall be the Estonian Data Protection Inspectorate.

Address: 19 Väike-Ameerika Str, 10129 Tallinn, Estonia

Email: info@aki.ee

A list of data protection authorities in other European Union jurisdictions, and the contact details thereof are available at the following link: https://edpb.europa.eu/about-edpb/board/members_en.

Changes to our Privacy Policy

We change this Privacy Policy from time to time. Herewith, we will not limit your rights under this Privacy Policy without your explicit consent. We always indicate the date the last changes were published. If significant changes are introduced, we will provide a more prominent notice, including but not limited to the email notification sent at your address provided to us.

Contact Us

If you have any questions regarding our Privacy Policy or how we use your personal data, please contact us by email at dataprotection@spyse.com .