// legal.privacy_policy

Privacy Policy

Last updated: 1 April 2026Qann Commerce OÜVersion 1.0

Plain language summaryWe collect minimal data. We use it to operate this website and respond to enquiries. We don't sell your data. We use Google Analytics for traffic insights (anonymised). You have the right to access, correct, or delete any data we hold about you.

1. Who We Are

Qann Commerce OÜ (“Qann”, “we”, “us”, “our”) is the data controller responsible for your personal data.

Registered entity: Qann Commerce OÜ
Registry code: 17263654
Registered address: Ahtri tn 12, Kesklinna linnaosa, 15551 Tallinn, Harju maakond, Estonia
Email: info@qann.co
Data protection contact: privacy@qann.co

2. What Data We Collect

2.1 Data you provide directly

Name and email address when you contact us via the contact form or email
Business name and role, if provided in correspondence
Any information you voluntarily include in messages to us

2.2 Data collected automatically

IP address (anonymised before storage)
Browser type and version
Pages visited and time spent on site (via Google Analytics 4)
Referral source (how you found our website)
Device type (desktop, mobile, tablet)

2.3 Data we do NOT collect

Payment card details (we do not process payments directly on this site)
Sensitive personal data (health, religion, political views, etc.)
Data from children under 16 years of age

3. Legal Basis for Processing

Purpose	Legal Basis	Retention
Responding to contact form enquiries	Legitimate interest (pre-contractual communication)	3 years from last contact
Website analytics	Consent (cookie consent banner)	26 months (Google Analytics default)
Service delivery to clients	Contract performance	Duration of contract + 7 years
Legal and tax compliance	Legal obligation	7 years (Estonian accounting law)
Security and fraud prevention	Legitimate interest	90 days (server logs)

4. How We Use Your Data

To respond to your enquiries and communicate about potential or ongoing services
To deliver services as agreed in our service contracts
To improve our website based on aggregated, anonymised analytics
To comply with legal obligations under Estonian and EU law
To prevent fraud and ensure the security of our systems

5. Third Parties We Share Data With

Third Party	Purpose	Location	Safeguard
Google Analytics 4	Website analytics	USA (EU servers)	Standard Contractual Clauses, IP anonymisation
Vercel Inc.	Website hosting	USA / EU edge	Standard Contractual Clauses, DPA in place
Brevo (Sendinblue)	Transactional email	EU (France)	EU-based processor, GDPR compliant

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

6. Your Rights Under GDPR

As a data subject under the EU General Data Protection Regulation (GDPR), you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate or incomplete data
Right to erasure — request deletion of your data (“right to be forgotten”)
Right to restriction — request that we limit how we use your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interest
Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@qann.co. We will respond within 30 days. See our GDPR Rights page for full details on how to make a request.

7. Cookies

We use cookies for website functionality and analytics. See our Cookie Policy for a full breakdown of cookies used, their purpose, and how to manage them.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

HTTPS encryption for all data transmitted to and from our website
Access controls limiting who within Qann can access personal data
Regular security reviews of our systems and third-party processors

In the event of a personal data breach, we will notify affected individuals and the relevant supervisory authority within 72 hours, as required by GDPR Article 33.

9. International Data Transfers

Some of our third-party processors are located outside the European Economic Area (EEA), primarily in the United States. In these cases, we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Verification that the recipient maintains appropriate security standards

10. Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe your data has been processed unlawfully.

Estonian Data Protection Inspectorate
Tatari 39, 10134 Tallinn, Estonia
Website: aki.ee
Email: info@aki.ee

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated version on this page with a new “Last updated” date. For significant changes, we will notify active clients by email.

12. Contact

For any questions about this Privacy Policy or how we handle your data:
Email: privacy@qann.co
Post: Qann Commerce OÜ, Ahtri tn 12, Kesklinna linnaosa, 15551 Tallinn, Harju maakond, Estonia