Privacy Policy

1. Introduction

This Privacy Policy explains how Mitra Consult OÜ and Sunrise Studio OÜ (collectively referred to as “we”, “us”, or “our”) collect, use, and protect the personal information of users who visit and use our website and related online services (the “Platform”).

We are committed to protecting your privacy and ensuring that your personal data is handled securely and transparently. This policy describes what information we collect, how we use it, and what rights you have regarding your data.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable local data protection laws in Estonia.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as described herein.

2. Information We Collect

We collect only the information necessary to provide and improve our services and to ensure a safe and functional user experience on the Platform. The types of data we may collect include:

a. Account Information

When you register an account, we collect information such as your name, email address, username, and password.

b. User-Generated Content

If you post or share content on the Platform (for example, events, comments, or photos), we collect the information you choose to publish. This may include text, images, and other data you upload.

c. Communication Data

We may collect information you send to us when you contact support, submit feedback, or communicate with other users through the Platform.

d. Automatically Collected Information

When you browse the Platform, we automatically collect certain technical data such as your IP address, browser type, device information, and interaction data through cookies or similar technologies.

e. Optional Profile Details

You may choose to add additional information to your profile, such as a profile photo or location, which will be visible to other users.

3. How We Use Personal Data

We use personal data only for purposes that are legitimate, transparent, and directly connected to the operation of the Platform. The main purposes include:

a. Account Management

To create and maintain user accounts, verify user identity, and manage access to the Platform’s features.

b. Service Delivery

To enable users to post and manage content such as events or listings, and to facilitate interactions between users.

c. Communication

To respond to user enquiries, provide updates, and send notifications related to your account or Platform activity.

d. Platform Improvement

To analyse usage trends, fix technical issues, and improve the quality, safety, and performance of our services.

e. Legal Compliance

To meet legal obligations, respond to lawful requests from authorities, and prevent fraud or misuse of the Platform.

f. Marketing and Updates (Optional)

If you have provided consent, we may use your contact details to send occasional updates or news related to our services. You can withdraw your consent at any time.

4. Legal Basis for Processing

We process personal data only when there is a clear legal basis under the General Data Protection Regulation (GDPR). Depending on the specific situation, one or more of the following grounds may apply:

a. Consent

When you voluntarily provide information or agree to certain processing, such as subscribing to updates or allowing cookies. You can withdraw your consent at any time.

b. Contractual Necessity

When processing is required to fulfil our obligations under a contract with you, for example, to maintain your account or display your posted content.

c. Legitimate Interest

When processing is necessary for our legitimate interests, provided these do not override your rights and freedoms. This may include activities such as securing the Platform, analysing performance, and improving services.

d. Legal Obligation

When we are required by law to process or retain specific data, for example, for record-keeping, taxation, or to comply with court orders or public authority requests.

5. Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to provide a reliable and user-friendly experience, to analyse site traffic, and to understand how users interact with our content.

a. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences, keep you signed in, and gather statistical information about website performance.

b. Types of Cookies We Use

Essential cookies: Required for the website to function properly (for example, login sessions).
Performance and analytics cookies: Help us understand how visitors use the Platform so we can improve usability and features.
Preference cookies: Remember your settings and preferences to enhance your browsing experience.
Third-party cookies: May be set by external services, such as analytics providers, embedded videos, or social media tools.

c. Managing Cookies

You can adjust your browser settings to refuse or delete cookies at any time. Please note that disabling cookies may affect certain functions or features of the Platform.

We respect your privacy and do not sell or rent personal data to any third parties. However, in certain cases we may share information when necessary to operate the Platform or comply with legal requirements.

a. Service Providers

We may share data with trusted service providers who help us operate and maintain the Platform, such as hosting providers, analytics services, and email delivery systems. These providers process data only according to our instructions and under strict confidentiality.

b. Other Users

Some of the information you choose to publish on your profile or within event listings will be visible to other users of the Platform. You should avoid posting any personal information that you do not wish to make public.

c. Legal and Regulatory Requirements

We may disclose personal data when required to do so by law, court order, or public authorities, or when necessary to protect our rights or those of others.

d. Business Transfers

In the event of a merger, acquisition, or restructuring involving Mitra Consult OÜ or Sunrise Studio OÜ, personal data may be transferred as part of that process, but it will remain protected under this Privacy Policy.

7. Data Retention

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected or to comply with legal, accounting, or reporting obligations.

a. Account Data

Information linked to your account is kept for as long as your account remains active. If you delete your account, your data will be removed or anonymised within a reasonable period, unless retention is required by law.

b. User-Generated Content

Content you publish (for example, events or comments) may remain visible on the Platform even after your account is deleted, unless you request removal.

c. Communication Records

Messages or correspondence with our support team may be stored for a limited time to assist with follow-up requests and improve service quality.

d. Legal and Regulatory Retention

Certain records, such as invoices or tax-related documents, may be retained for the period required under Estonian law.

When data is no longer needed, it is securely deleted or anonymised so it can no longer be associated with you.

8. User Rights

We respect your rights regarding your personal data and aim to make it easy for you to exercise them in accordance with the General Data Protection Regulation (GDPR). You have the following rights:

a. Right to Access

You may request a copy of the personal data we hold about you and information about how it is processed.

b. Right to Rectification

You have the right to request corrections to any inaccurate or incomplete personal information.

c. Right to Erasure (Right to be Forgotten)

You may request that your personal data be deleted from our systems. To do so, please contact us at hello@activado.fit. We will handle your request promptly unless the data must be retained to comply with legal obligations or resolve disputes.

d. Right to Restrict Processing

You may ask us to limit the processing of your personal data under certain circumstances, such as when its accuracy is disputed.

e. Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format.

f. Right to Object

You have the right to object to the processing of your personal data when it is based on legitimate interests, or to withdraw consent for processing activities you previously agreed to.

To exercise any of these rights, please contact us using the email address provided above. We may need to verify your identity before processing your request.

9. Data Security

We take data protection seriously and apply appropriate technical and organisational measures to safeguard personal information against unauthorised access, alteration, disclosure, or destruction.

a. Technical Measures

We use secure servers, encrypted connections (HTTPS), and regular security updates to protect stored data and communications between users and the Platform.

b. Organisational Measures

Access to personal data is limited to authorised personnel and service providers who require it to perform their duties. All such parties are bound by confidentiality obligations.

c. User Responsibility

While we do our best to protect your information, no online system can guarantee complete security. You are responsible for keeping your account credentials confidential and for ensuring that your device is protected from unauthorised access.

If you believe that your data or account may have been compromised, please notify us immediately at hello@activado.fit.

10. International Data Transfers

Our Platform is primarily operated within the European Union, and we aim to store and process all personal data within the EU or the European Economic Area (EEA).

However, in certain cases, some of our service providers may process data outside the EEA. In such situations, we ensure that appropriate safeguards are in place to protect your information. These safeguards may include:

The use of service providers located in countries recognised by the European Commission as providing adequate levels of data protection.
The implementation of Standard Contractual Clauses (SCCs) approved by the European Commission, which provide legal guarantees for international data transfers.

By using the Platform, you acknowledge that your personal data may be transferred and processed outside your country of residence under these safeguards.

11. Children’s Privacy

Our Platform is intended for use by individuals aged 16 and above. We do not knowingly collect personal information from children under this age.

If we become aware that personal data has been collected from a child without parental consent, we will take immediate steps to delete that information.

Parents or guardians who believe that their child may have provided personal data to us are encouraged to contact us at hello@activado.fit. We will review the request and remove the information as required.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of the Platform.

When significant updates are made, we will notify users by posting the revised version on the Platform and updating the effective date at the bottom of this page. In some cases, we may also send a direct notification or request renewed consent if required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

13. Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or the way your personal data is handled, please contact us at:

Email: hello@activado.fit

Enquiries regarding data protection, access requests, or deletion of personal data will be reviewed and responded to as promptly as possible, in accordance with applicable data protection laws.