Back to home
Privacy

Privacy policy

At Sumgrey OÜ we handle your data responsibly. This policy explains what information we collect, for what purpose and what your rights are.

Data controller

Sumgrey OÜ

Address: Olevi 30-77, Kohtla-Järve, Estonia

Email: info@sumgrey.com

If you have questions about how we use your data, write to us and we'll respond within a maximum of 30 days.

Data we collect

We may collect the following personal data depending on how you interact with us:

  • Contact data: name, email, phone and company name that you provide when filling out forms.
  • Browsing data: IP address, browser type, pages visited and time spent, collected through cookies and analytics tools.
  • Communication data: the content of the emails or messages you send us.

We do not request or process special category data (health, religious beliefs, trade union membership, etc.).

Purpose and legal basis

We process your data solely for the following purposes:

  • Responding to inquiries (legitimate interest and pre-contractual measures).
  • Managing business relationships (performance of a contract).
  • Improving the website through usage analysis (consent, revocable at any time).
  • Complying with legal obligations (record retention under Estonian and European law).

Data retention

We retain your personal data only for as long as necessary to fulfill the purpose for which it was collected:

  • Contact form data: up to 2 years from the last interaction, unless an active business relationship exists.
  • Browsing data (cookies): up to 13 months from installation.
  • Contract-related data: up to 7 years after the relationship ends, in accordance with the accounting and tax regulations applicable in Estonia.

International transfers

Sumgrey OÜ operates primarily from Estonia. Some of our infrastructure providers (hosting, email, analytics) may have servers outside the European Economic Area (EEA).

In such cases, we ensure that appropriate safeguards are applied in accordance with the GDPR: standard contractual clauses approved by the European Commission, privacy certifications or adequacy decisions.

Your rights

As a user, you have the following rights regarding your personal data:

  • Access: to know what data of yours we process.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure: to request the deletion of your data when it is no longer necessary.
  • Restriction: to request that we stop processing your data in certain circumstances.
  • Portability: to receive your data in a structured format and transfer it to another controller.
  • Objection: to object to processing based on legitimate interest.
  • Complaint: to file a complaint with the competent supervisory authority (in Estonia, the Andmekaitse Inspektsioon).

To exercise any of these rights, write to us at hola@sumgrey.com.

Information security

We apply appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure or destruction. This includes encryption in transit (TLS), restricted access to internal systems and periodic review of our security policies.

Modifications

We may update this privacy policy to reflect changes in our practices or in applicable law. We will publish any modification on this page with the date of the last update.

Last updated: June 2026.