Introduction
GDPR Register OÜ provides software as a service (SaaS) that enables the management of privacy compliance documentation and processes.
This Privacy Policy explains how GDPR Register OÜ, registry code 14432795, address Rotermanni 8, Tallinn, Estonia, 10111, and email support@gdprregister.eu (“GDPR Register”, “we”, “our”, or “us”) collects and processes your personal data:
- when you visit our website gdprregister.eu (“Website”),
- connect with us via social media,
- or in relation to invoicing and billing procedures;
- and as a processor, when you subscribe to and use our privacy compliance platform app.gdprregister.eu (“Platform”) and related services (“Services”).
Capitalised terms used in this Privacy Policy have the meanings given to them in the Terms of Service, unless otherwise stated.
The information we collect and how we use it
We collect and process certain personal data to:
- provide our Services,
- fulfil our contractual obligations, and
- respond to your inquiries.
Personal data we process
| Purpose of Processing | Category of Personal Data | Data We Collect and Process |
|---|---|---|
| Enable secure access to the Platform and resolve customer support issues | Personal Identification | Name, email address, phone number, password, 2FA code, IP address, language preference |
| Handle invoices and process payments | Financial | Name on card, last four digits of card, email address, payment date, amount, company details |
| Enable user activity monitoring and issue resolution | Activity | Pages visited, features used, audit logs (login times, changes, deletions) |
| Respond to inquiries and provide customer support | Identification & Comms | Contents of messages, date/time of meetings, notes, and limited data from social media interactions |
Legitimate Interests
| Purpose of Processing | Category of Personal Data | Data We Collect and Process |
|---|---|---|
| Diagnose and repair technical issues, ensure security, prevent fraud | Technical | IP address, session key, browser details, operating system, referring URL, diagnostics data |
| Provide updates about previously used services | Identification & Purchased Services | Name, email, location (city level), preferred language, usage statistics, purchased services |
Processing Based on Consent
| Purpose of Processing | Category of Personal Data | Data We Collect and Process |
|---|---|---|
| Improve Website and Platform quality; social media marketing | Cookie Data | Data collected via cookies — see Chapter 6 |
| Send newsletters and promotional materials | Personal Identification | Name and email address (if subscribed) |
Data Sources
Your personal data may come from:
- information you provide directly to us;
- social media platforms (if you contact or register via them);
- payment service providers (for billing);
- or technical data collected automatically from your browser or device.
We may also process personal data for other compatible purposes, provided you are informed in advance and, where required, give consent.
Sharing Your Personal Data
We do not publicly share or display any personal data.
Access is limited to GDPR Register employees and service providers who require it to perform their duties.
We work with trusted third-party processors and data controllers, bound by confidentiality and data protection obligations.
Service Providers
ProcessorsOperating infrastructure, system protection, marketing assistance.
Payment Processors
Processors / ControllersProcessing subscription payments.
Advertising Partners
ProcessorsDelivering relevant and personalised ads.
Professional Advisors
ProcessorsLegal, accounting, or similar consulting services.
Potential Business Acquirers
Separate ControllersFor potential business transfers, mergers, or reorganizations.
Law Enforcement & DPAs
Separate ControllersLegal compliance and fraud prevention.
| Recipient Category | Reason for Sharing | Type of Recipient / Location |
|---|---|---|
| Service Providers | Operating infrastructure, system protection, marketing assistance | Data processors — Mostly EU/EEA; some in the US with Standard Contractual Clauses (SCCs) |
| Payment Processors | Processing subscription payments | Data processors or separate controllers — Located in the US; SCCs or equivalent safeguards applied |
| Advertising Partners | Delivering relevant and personalised ads | Data processors — Located in the US; SCCs or equivalent safeguards applied |
| Professional Advisors | Legal, accounting, or similar consulting services | Data processors — Bound by confidentiality |
| Potential Business Acquirers | For potential business transfers, mergers, or reorganisations | Separate data controllers — Legitimate interest |
| Law Enforcement and Data Protection Authorities | Legal compliance and fraud prevention | Separate data controllers — As required by law |
In addition to the information provided in the table above, in some cases, we may transfer your personal data outside the European Union or European Economic Area if the recipient is located outside the European Union or European Economic Area. We shall opt to use special personal data protection safeguards, in order to ensure the safety of your personal data. For obtaining further information on the processors and recipients engaged by us or if you wish to get acquainted with or obtain information on the transferring of your personal data outside the European Union or European Economic Area and the safeguards implied thereof by contacting us using the contact information specified in this privacy policy.
Ensuring the Security of Personal Data
We apply appropriate technical and organizational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure and access.
These measures include encryption, restricted access, monitoring, and secure data storage.
Retention and Deletion of Personal Data
We retain personal data only as long as necessary for the purposes outlined in this Policy or as required by law. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the personal data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your personal data and retain this anonymized information indefinitely.
In case you are a Client, as a general rule, we will retain all your data for 30 days after the termination of the Client Agreement in a manner that would allow you to re-activate the Client Account. Otherwise, please see the following non-exhaustive summary on storing your personal data:
- Financial and accounting data: 7 years after the end of the financial year.
- Client account data: retained for the duration of the contract and 3 years after termination (up to 10 years in case of potential disputes/claims).
- Technical data: retained for 1 year.
- Communication data: unless clearly connected to the Client Account, retained for 3 years after the last correspondence.
Data needed for legal claims or disputes may be retained longer.
After expiration, data is deleted or securely anonymized.
Backup data is deleted automatically after the backup cycle ends.
Cookies
Our Website uses cookies to improve performance and user experience.
What are cookies?
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (“session cookie”) or for multiple repeat visits (“persistent cookie”). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (“first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).
Types of Cookies
Necessary cookies
These are necessary cookies, without which the Website won’t work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, but may affect the functionality of the Website.
Preference cookies
Preference cookies are used to recognise repeat visitors to the Website. We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Website.
Analytical cookies
Analytical cookies monitor how users reached the Website, and how they interact with and move around once on the Website. These cookies let us know what features on the Website are working the best and what features on the Website can be improved.
Marketing cookies
Marketing cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you. These cookies allow advertisers and ad servers to gather information about your visits to the Website and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom.
Cookies used on our Website
Cookies used on the site are categorized and below you can read about each category and allow or deny some or all of them. When categories than have been previously allowed are disabled, all cookies assigned to that category will be removed from your browser. Additionally you can see a list of cookies assigned to each category and detailed information in the cookie declaration.
Cookie management
You can manage your cookie preferences through our Cookie Consent Banner or your browser settings.
Disabling cookies may affect certain features of the Website.
Cookies, including those which have already been set, can be deleted from your device. You can also change the preferences in your web browser to control cookies. Some internet browsers have a „Do Not Track“ or „DNT“ setting – this sends a signal to websites asking them not to track your browsing.
For more information on how to control cookies, check your browser or device’s settings for how you can control or reject cookies, or visit the following links:
Your Rights and Preferences
Under applicable data protection law, you have the right to:
- Right to be informed and to access. You may get information regarding your personal data processed by us.
- Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible.
- Right to erasure. You have the right to have personal data we process about you erased from our systems if the personal data are no longer necessary for related purposes.
- Right to object and restrict. You have the right to object to the processing of your personal data and restrict it in certain cases.
- Right to rectification. You have the right to make corrections to your personal data.
- Right to withdraw consent. When you have given us consent to process your personal data, you may withdraw said consent at any time.
- Right to contact the supervisory authority. If you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon) at info@aki.ee (www.aki.ee).
To exercise any of the abovementioned rights, please contact our customer support team via e-mail indicated in Chapter below.
Other important information
Newsletter, notifications and direct marketing
With your explicit consent, you may be subject to direct marketing campaigns or we may send you our newsletter. You may opt out of the direct marketing campaigns and newsletters by clicking on the unsubscribe link located at the bottom of each message. We may also provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information. We may also send you service-related notifications which are directly related to your ordered Subscription for the purpose of providing you with timely information about important changes in our Services, changes in laws related to content you manage on the Platform or information about outages and service disruptions.
Dispute resolution
If you have questions, please feel free to contact us at support@gdprregister.eu. Disputes relating to the processing of personal data are settled through our customer support.
Age limitations
We do not knowingly collect any information from individuals under 18 years of age. If we discover a user of being younger than 18 years old, we will require the user to close their account and we will take steps to delete any collected information as soon as possible.
We may amend or modify this notice from time to time to reflect changes in the way we process personal data. In case of material changes, we will notify you, as required under applicable laws.
Last Updated: 5 January 2026
This Privacy Policy is available on our website and may be amended periodically.