Privacy Policy - Aku Collective OÜ

1. Introduction

Aku Collective OÜ ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website, use our services, or interact with us.

This policy complies with the EU General Data Protection Regulation (GDPR), Estonian Personal Data Protection Act, and other applicable data protection laws.

Data Controller Information:

Company: Aku Collective OÜ
Registration Number: 12224294
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Pagari tn 1-4, 10133, Estonia
Email: [email protected]

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

Contact Information: Name, email address, phone number, company name, job title
Project Information: Project details, requirements, location, budget, timeline
Business Information: Company details, industry, project history
Communication Records: Messages, inquiries, and correspondence with us
Career Information: CV, cover letter, employment history, qualifications

2.2 Information Automatically Collected

When you visit our website, we may automatically collect:

Technical Information: IP address, browser type, device information, operating system
Usage Information: Pages visited, time spent on site, click patterns, referral sources
Cookies and Tracking: As described in our Cookie Policy

3. How We Use Your Information

We use your personal information for the following purposes, based on legitimate interests, contractual necessity, or consent:

3.1 Service Provision

Responding to inquiries and providing project quotes
Delivering specialized project work services
Managing client relationships and project communications
Processing job applications and recruitment

3.2 Business Operations

Improving our services and website functionality
Conducting market research and business analysis
Ensuring compliance with legal and regulatory requirements
Protecting our business interests and preventing fraud

3.3 Communication

Sending service-related notifications and updates
Providing customer support and technical assistance
Sharing industry insights and project opportunities (with consent)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Contractual Necessity: To perform contracts or prepare for potential contracts
Legitimate Interests: For business operations, service improvement, and communication
Consent: For marketing communications and non-essential cookies
Legal Compliance: To meet regulatory and legal obligations
Vital Interests: To protect health, safety, and security

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your data in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

Website hosting and technical infrastructure
Email communication and customer support
Project management and professional services
Legal and compliance advisory services

5.2 Business Partners

For project delivery, we may share relevant information with:

Subcontractors and specialized service providers
Joint venture partners and consortium members
Client organizations and project stakeholders

5.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or to protect our rights and interests.

6. International Data Transfers

Given our operations in Azerbaijan and other international markets, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA).

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Binding Corporate Rules for multinational organizations
Explicit consent for specific transfers when appropriate

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Project Data: 7 years after project completion for legal and professional requirements
Contact Information: 3 years from last contact for business development purposes
Website Analytics: 26 months for Google Analytics data
Career Applications: 2 years from application date
Legal Communications: As required by Estonian and EU law

8. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal information:

8.1 Access and Portability

Right of Access: Request copies of your personal data
Data Portability: Receive your data in a structured, machine-readable format

8.2 Correction and Deletion

Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data (subject to legal requirements)

8.3 Processing Limitations

Right to Restrict Processing: Limit how we use your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for consent-based processing

8.4 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

9.1 Technical Safeguards

SSL/TLS encryption for data transmission
Secure hosting infrastructure with regular security updates
Access controls and authentication systems
Regular security monitoring and vulnerability assessments

9.2 Organizational Measures

Staff training on data protection and privacy
Data processing agreements with third-party providers
Incident response procedures for data breaches
Regular review and update of security policies

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. For detailed information about our cookie practices, please see our Cookie Policy.

You can manage your cookie preferences through our cookie consent banner or your browser settings.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated policy on our website
Updating the "Last Updated" date at the top of this policy
Sending email notifications for significant changes (when we have your email address)

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Information and Complaints

13.1 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Address: Aku Collective OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Pagari tn 1-4, 10133, Estonia
Subject Line: "Privacy Policy Inquiry"

13.2 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights. In Estonia, you can contact:

Estonian Data Protection Inspectorate
Website: www.aki.ee
Email: [email protected]
Address: Väike-Ameerika 19, 10129 Tallinn, Estonia

14. Governing Law

This Privacy Policy is governed by and construed in accordance with Estonian law and EU data protection regulations. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of Estonian courts.