Privacy Policy Website & Webshop
This privacy policy informs you about the types of personal data processed, the purposes for which such data is processed on this website by us as the controller within the meaning of Article 4 No. 7 of the EU General Data Protection Regulation (GDPR), and the extent to which this data is made available to third parties.
1. Controller
The entity responsible for processing your personal data on this website is:
Company: ALSO Eesti OÜ
Postal address: Liivalao tn 18, 11216 Tallinn
Tel: +372 6504900
E-mail: ee-info@also.com
2. Data Protection Officer
You can contact our Data Protection Officer via mail at the address above or via email at gdpr.ee@also.com .
3. Provision of the website and hosting
Data processed in the context of providing the website may include all information generated during use and communication. This regularly includes the IP address, which is necessary to deliver online content to browsers, and all information entered on our online offering or websites.
We process data for every access to servers (so-called server log files). Server log files may include address and name of accessed websites and files, the date and time of access, the amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, the previously visited page, IP addresses, and the requesting provider. For once, server log files may be used for security purposes e.g. to prevent server overload (particularly in cases of misuse like DDoS attacks), for another, and to ensure server stability and performance.
This data is generally not assigned to specific individuals and is therefore not used for profiling or behavioural analysis. The data is not combined with other data sources. After statistical evaluation and for purposes of detecting possible misuse, the data is deleted within 90 days. Data required for evidentiary purposes is excluded from deletion until the respective incident is resolved.
For the web shop, we use hosting services provided by ALSO International Services GmbH (AIS), Lange Wende 43, 59494 Soest, Germany. We have concluded a Data Processing Agreement with AIS. The services provided by AIS include infrastructure and platform services, computing capacity, storage space, database services, security and technical maintenance services to maintain the operability of this online offering.
The legal basis for processing personal data is Article 6 (1) (f) GDPR, as we have a legitimate interest in preventing attacks and ensuring the secure availability of the website.
4. Disclosure of personal data
Your data is generally only shared with third parties with your explicit consent. Exceptions include transfers to our cooperation partners and service providers required to fulfil our agreements with you and which we have commissioned accordingly. Accordingly, your data will be transferred to such service providers and cooperation partners for the purpose of fulfilling the contract in accordance with Article 6 (1) (b) GDPR or to protect our legitimate interests in accordance with Article 6 (1) (f) GDPR, provided that this is explicitly stated in this privacy policy.
Personal data is otherwise only disclosed to service providers with whom we have previously concluded a Data Processing Agreement according to Article 28 GDPR.
Transfers to authorized state institutions and authorities occur solely within the scope of statutory information obligations or when required by a judicial or official decision. In this case, the transfer of your data is necessary to fulfil a legal obligation under Article 6 (1) (c) GDPR.
5. Contact
When you contact us via email, your details are processed by us to respond to your inquiries. Your details are processed for the purpose of fulfilling the intent behind your submission, such as processing your inquiry, handling any follow-up questions, or contacting you upon your request. The legal basis for processing these personal data is Article 6 (1) (b) GDPR if you provide this data to initiate or already have a contractual relationship with us. Otherwise, the processing is based on Article 6 (1) (f) GDPR, where our legitimate interest is the careful handling of your request.
6. Cookies
This website uses cookies. Cookies are small text files stored on your computer that provide specific information to the party that sets the cookie. They are used to make the internet offering more user-friendly and efficient or to facilitate navigation on our website.
Detailed information about individual cookies can be found in the cookie banner on our website. These details can also be accessed via the “Cookies and Third Parties” link in the footer of the website.
Unless otherwise specified in the cookie banner, the lifespan of cookies is 24 months.
You can manage the use of cookies at any time via our cookie banner. There, you have the option to change your decisions and grant or revoke consent retrospectively. The banner can be accessed in the footer of our website via the “Cookies and Third Parties” link or through this link:
7. Regstration
Our website offers a registration option. During registration, the user's IP address, as well as the date and time of registration, are stored. This is to prevent misuse of the services. The registration of data is required for the provision of content or services. Registered users can modify or delete their stored data at any time.
When you register on our website, a contract regarding the respective user account is established between you and us. The legal basis for processing your personal data is therefore Article 6 (1) (b) GDPR.
8. Web shop
To use our web shop, it is necessary to create an account. For this, we process the following data: company name, address (street, house number, postal code, city, and country), company registration number, VAT ID, payment method (SEPA), bank details, IBAN, email address, and contact person (mandatory fields: salutation, first name, last name, position, email, phone number; optional: mobile phone number).
The above data is processed to fulfil orders and deliveries of products, process payments, communicate with customers regarding orders and inquiries. The legal basis for this data processing is Article 6 (1) (b) (performance of a contract) and (c) (fulfilment of a legal obligation, e.g. tax or commercial law) GDPR.
t c (juriidilise kohustuse täitmine, nt maksu- või äriõigus).
9. Advertising
On our website, you are given the option to subscribe to newsletters on various topics and products via email. For this purpose, we process your email address.
The newsletters are sent using “Adobe Marketo Engage” provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. We have concluded a Data Processing Agreement with Adobe for this service.
As part of the double opt-in procedure we use, we will send you a confirmation e-mail to the address that you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm within 24 hours, your data related to newsletter delivery will be automatically deleted. If you confirm your wish to receive the newsletter, your email address will be stored until you unsubscribe. We send newsletters only with your consent according to Article 6 (1) (a) GDPR. You can withdraw your consent at any time. A link to unsubscribe is included at the end of each newsletter. If users have only signed up for the newsletter and later unsubscribe, their personal data will be deleted.
The legal basis for this is our legitimate interest (Article 6 (1) (f) GDPR), which lies in customer care and providing information about our products and services.
10. Events
When you register for or participate in events, conferences or similar activities organised by ALSO, your personal data will be collected for the purposes of planning, implementing and billing related to them. ALSO processes the personal data provided by you (e.g. company name, job title, first name, surname and e-mail address) for these purposes. You will be contacted by e-mail to provide you with the necessary information about your participation and the content of the event.
The legal basis for the processing of your data is Article 6(1)(b) of the GDPR, as the processing is necessary for the performance of a contract or pre-contractual measures at the request of the person concerned.
We may link to landing pages or invitations of external domains, such as event venues. The content of these websites and their compliance with applicable data protection legislation is the responsibility of the operators of these websites, not ALSO.
We reserve the right to take photos and film during events for marketing purposes. In this case, we will inform you of this no later than at the beginning of the event. As a rule, people who take on a special role (e.g. speakers, moderators, etc.) are photographed and filmed, or photos are taken to show attending groups of people, as well as the atmosphere of the event. We publish these photos and footage on the ALSO Eesti website, on our social media channels such as Facebook, and use them to create a photo or video recap of the highlights of the event. If you do not wish to be in these photos or videos, please let the photographer know.
The legal basis for the processing of the data of photo and film footage is our legitimate interest in accordance with Article 6(1)(f) of the GDPR. This includes documenting the event with photos and film footage for marketing purposes and using them for information and representation purposes. The legal basis for taking photos and videos of individuals is your consent under Article 6(1)(a) of the GDPR, which you can withdraw at any time. If necessary, please contact the organiser, ALSO Eesti OÜ, either by post to the above address or by e-mail to the address of the Data Protection Specialist indicated there.
11. Our social media presence
You can find us online on social networks and platforms. We use these sites to communicate with our active customers, prospective customers and users and to inform them about our services and our company.
If you visit one of our social media sites, we, together with the social media platform provider, are responsible for the data processing that takes place during this visit. You can generally assert your rights (see Section 16 below) both against us and the provider of the respective platform. We would like to point out that, despite our shared responsibility, we do not have full influence over the data processing activities of the social platform and may forward the rights request to the respective provider for better processing of the data subject's request. Our options are generally based on the corporate policy of the respective provider.
In general, user data is processed by the platforms for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can in turn be used to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Data may also be stored in the user profiles independently of the devices used by the users. This occurs in particular if the users are members of the respective platforms and are logged in to them.
You can find information about how we store your data below. We have no influence over the storage period of your data, which is stored by the social media platform provider for its own purposes. For details, please contact the social media network provider directly (e.g. see their privacy policy below).
For a detailed description of the respective processing and the options to withdraw consent, please refer to the following linked information provided by the providers.
- Facebook
(Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) The basis for this is an agreement on the joint processing of personal data:
https://www.facebook.com/legal/terms/page_controller_addendum
Privacy Policy: https://www.facebook.com/about/privacy/
- Google/ YouTube
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy Policy: https://policies.google.com/privacy
- LinkedIn
(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Depending on the platform, data processing may occur outside the EU/EEA. Meta, Google and LinkedIn's US-based entities are certified under the EU-U.S. Data Privacy Framework. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the EU-U.S. Data Privacy Framework. Further information about the Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/.
However, the European Commission has not issued a data protection adequacy decision for a large number of other countries outside the European Union/European Economic Area. The possible processing locations can be found via the following links:
- Meta: https://www.facebook.com/privacy/policy?subpage=9.subpage.2-WhereIsInformationTransferred. In this respect, standard contractual clauses exist between the meta companies ( https://www.facebook.com/privacy/policy?subpage=9.subpage.3-HowDoWeSafeguard).
- Google: https://www.google.com/about/datacenters/locations/. In this respect, standard contractual clauses exist between Google companies ( https://cloud.google.com/terms/sccs and under https://policies.google.com/privacy/frameworks?hl=en).
- LinkedIn: https://de.linkedin.com/legal/privacy-policy#share. In this respect, standard contractual clauses exist between the LinkedIn companies. ( https://www.linkedin.com/help/linkedin/answer/a1343190/?trk=microsites-frontend_legal_privacy-policy&lang=en).
12. Applicant Data
You may also send us your job application by e-mail, for example. The data entered will only be processed and used for the selection of applicants. By submitting your application, you agree to be contacted and informed in writing and/or by telephone as part of the application process. We want to assess all applicants solely on the basis of their qualifications, regardless of race, ethnic origin, gender, religion or beliefs, special needs, age or sexual identity. We therefore ask you to refrain from providing such data in your application if possible. You can have your application amended or deleted, and withdraw your consent at any time. To do this, please contact the ALSO Human Resources Specialist at the above postal address or by e-mail at human-resources-ee@also.com.
The legal basis for the processing of your personal data as a job applicant is Article 6(1)(b) of the GDPR, as the data are necessary for the establishment of an employment relationship.
13. Credit Checks
In the case of new clients, and if a client wishes to receive credit, we will carry out a credit check before creating a customer account or entering into a contract. Within the scope of this check, we transfer information to the service providers Creditreform or Creditinfo, and they process certain personal data requested by the controller. The following data are processed: registration number/sole trader code, name of company/sole trader, address (street, house number, postcode, city and country), details of management board members, owners and beneficial owners.
The results of the credit check will be treated confidentially and they will not be disclosed to third parties, unless applicable data protection legislation justifies the transmission of data or we are legally obliged to do so.
ALSO will also receive updates to the report from Creditreform within 12 months in case of changes. After that, there will be an inspection, i.e. an additional period limited to the duration of the client relationship. This can be cancelled in Creditreform at the end of each month. This means that in both cases, ALSO will retain your data for at least one year. Thereafter, ALSO may stop making updates on the basis of the risk assessment described above at its own discretion.
The processing of these data is necessary to assess business risks and ensure suitable payment options. The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR.
14. Data subject rights
You have the right to request information about the personal data we have stored about you. According to legal provisions, you also have the right to rectification of incorrect data, blocking, data portability, and deletion of your personal data. If you have given consent, you have the right to withdraw it at any time. The lawfulness of processing carried out based on the consent before its withdrawal remains unaffected.
You may object to future processing of your personal data based on legitimate interests under legal provisions at any time. This objection may particularly apply to processing for direct marketing purposes.
To do so, please contact the responsible office at the address of ALSO given above either by post or by e-mail at the address of the Data Protection Specialist indicated there.
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates statutory provisions.
15. Retention period of personal data
Unless specific retention periods have been stated, the following applies: Personal data is stored for the duration of the relevant statutory retention period or as long as the purpose of collection exists. After the retention period expires, the data is routinely deleted unless required for contract initiation or fulfilment. If user data is not deleted because it is necessary for other and legally permissible purposes, processing is restricted as much as possible. This means the data is blocked and not processed for other purposes. For example, this applies to user data retained for commercial or tax law reasons.
16. Security Information
We strive to process your personal data by taking all technical and organizational measures to comply with data protection laws and in order to protect this data. Our website or rather communication via our website is encrypted using HTTPS.
Dated: December 2025