Privacy policy

Last updated: June 2025

1. Data controller

The data controller responsible for the processing of your personal data in connection with this website and our services is:

serbizAI OÜ has not appointed a Data Protection Officer (DPO), as we do not meet the thresholds set out in Art. 37 GDPR (we do not carry out large-scale systematic monitoring or process special category data as a core activity). For all data-related enquiries, please contact us directly at info@serbizai.com.

2. What data we collect

We collect only the personal data that you voluntarily provide to us when you contact us by email. This website does not use tracking cookies, analytics tools, advertising networks, or any other form of automated data collection beyond the technical minimum required to serve web pages.

Data collected when you contact us by email

When you send an email to info@serbizai.com, we receive and process the following data:

• Your email address
• Your name (if provided in the message or email signature)
• The content of your message
• Any additional personal data you choose to include
• Your email provider's server metadata (timestamps, IP addresses recorded by mail transfer agents) — this is standard email infrastructure data and is not collected by us directly

Data collected by the web server

Like all websites, our server may record standard access log entries when you visit this site. These entries may include your IP address, browser type, and the pages requested. Access logs are used solely for operational security purposes (detecting abuse, diagnosing errors) and are not used for profiling or marketing. Logs are retained for a maximum of 30 days.

Third-party fonts (Google Fonts)

This website loads the Inter typeface from Google Fonts (fonts.google.com ↗). When your browser requests the font files, your IP address is transmitted to Google’s servers. Google may process this data in accordance with their own privacy policy. We have no control over Google’s processing of this data. If you prefer to prevent this transmission, you may disable font loading in your browser settings.

3. Legal basis for processing

We process personal data only where we have a valid legal basis under Art. 6 GDPR. The bases we rely on are:

• Art. 6(1)(b) GDPR — Contract performance: Where you contact us to enquire about or engage our services, processing is necessary in order to take steps at your request prior to entering into a contract, or to perform that contract.
• Art. 6(1)(f) GDPR — Legitimate interests: Where a general business enquiry does not relate to a specific contract, we process your contact details on the basis of our legitimate interest in responding to communications directed at our business. We have assessed this interest against your rights and found it does not override them, given the limited nature of the data involved and the reasonable expectation that a business email address will receive replies.

We do not rely on consent (Art. 6(1)(a)) as a legal basis for the processing described in this policy. If we introduce any processing activity that requires consent (for example, sending marketing communications), we will update this policy and obtain your explicit consent separately.

4. How we use your data

We use the personal data we collect only for the purposes for which it was provided. Specifically:

• Responding to your enquiry: We use your email address and message content to provide the information or assistance you requested.
• Service delivery: Where an enquiry leads to a commercial engagement, we use your contact details to manage the business relationship, communicate about the project, and fulfil our contractual obligations.
• Record keeping: We retain records of business communications as required for legal and financial compliance (for example, the Estonian Accounting Act requires retention of accounting records for seven years).
• Operational security: Server access logs may be reviewed to detect and investigate security incidents or service disruptions.

We do not use your data for automated decision-making or profiling as defined by Art. 22 GDPR.

5. Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:

• General business correspondence (email enquiries): Retained for the duration of any resulting business relationship plus three (3) years from the last contact, unless a longer period is required by law.
• Contractual and accounting records: Retained for seven (7) years from the end of the financial year in which the transaction occurred, in accordance with the Estonian Accounting Act (Raamatupidamise seadus).
• Server access logs: Retained for a maximum of thirty (30) days for operational security purposes.

When the applicable retention period expires, personal data is securely deleted or anonymised so that it can no longer be attributed to an identifiable natural person.

6. Your rights

As a data subject under the GDPR, you have the following rights in relation to the personal data we hold about you. To exercise any of these rights, please contact us at info@serbizai.com. We will respond within one month of receiving your request, as required by Art. 12(3) GDPR.

• Right of access (Art. 15 GDPR): You have the right to request a copy of the personal data we hold about you and information about how we use it.
• Right to rectification (Art. 16 GDPR): You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where there is no other lawful basis for retaining it.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of the data is being contested.
• Right to data portability (Art. 20 GDPR): Where processing is based on your consent or on a contract and carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You have the right to object to processing based on our legitimate interests (Art. 6(1)(f)). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

7. Right to lodge a complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

As serbizAI OÜ is established in Estonia, the lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI):

• Website: www.aki.ee/en ↗
• Address: Tatari 39, 10134 Tallinn, Estonia
• Telephone: +372 627 4135
• Email: info@aki.ee

You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us first at info@serbizai.com.

8. Contact for privacy matters

For any questions, requests, or concerns regarding this privacy policy or the processing of your personal data, please contact us at:

serbizAI OÜ
Email: info@serbizai.com
Address: Ahtri tn 12, 10151 Tallinn, Estonia

We will endeavour to respond to all privacy enquiries within five (5) business days, and in any case within the statutory one-month period required by Art. 12(3) GDPR.