1. Controller and contact details

Controller: Designwild OÜ

Registry code: 14738206

Address: Tartu maakond, Tartu vald, Lähte alevik, Poe tn 8, 60502

Website: https://www.dwild.eu 

Email for privacy matters: info@dwild.ee 

No Data Protection Officer has been appointed. All privacy queries should be sent to the address above.

Lead supervisory authority: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate), www.aki.ee.

2. Scope of this policy

This Policy applies to personal data we process in connection with:

• our public website (including cookies/analytics/advertising pixels and embedded content);
• enquiries and pre-contract communication (quotes, design briefs, site photos you choose to share, meeting scheduling);
• supplier and B2B partner relationships;
• marketing communications (newsletters, campaigns), where applicable and lawful;
• events and publications (testimonials, photos/videos) where a lawful basis exists;
• recruitment (applications, interviews, references).

This Policy does not cover third-party services we link or embed (e.g., social networks, video platforms). Those are governed by the providers’ own privacy terms.

3. Definitions

• Personal data: information relating to an identified or identifiable natural person.
• Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).
• Controller: the entity determining the purposes and means of processing.
• Processor: a service provider processing data on our behalf under contract.

4. Principles we follow

We process personal data lawfully, fairly, and transparently; for specified purposes; in a data-minimised, accurate, and secure manner; with storage limitation and accountability. We apply data protection by design and by default where feasible.

5. Categories of Personal Data and Sources

5.1 Data you provide to us

• Identification and contact data: name, email, phone, company, role, preferred language.
• Enquiry and project data: project brief, site address (if disclosed for pre-contract scoping), files and drawings you upload or email, correspondence, meeting notes.
• Marketing preferences: newsletter opt-in/opt-out, topics of interest you share with us.
• Recruitment data: CV, cover letter, portfolio, interview records, references you nominate; information from public professional sources where lawful and relevant.

5.2 Data we collect automatically (website and communications)

• Technical/usage data: IP address, device and browser information, general location (country/city), pages viewed, time and sequence of visits, referral source, cookie identifiers, consent status, email open/click events (if you consent to marketing emails).
• Cookies and similar technologies: see Section 9 and the Cookie Notice.

5.3 Data from third parties

• Our processors (hosting, analytics, email, CRM, calendar tools) may generate or provide usage/interaction data.
• Social media platforms provide aggregated insights for our pages; see Section 12.

We do not intentionally collect children’s data. If you believe a child has provided data to us, please contact us so we can delete it.

6. Purposes and legal bases

We process personal data only where a GDPR legal basis applies:

1. Pre-contract steps and contract performance (Art. 6(1)(b))
   • Responding to enquiries, preparing and discussing proposals, scheduling consultations and site visits, managing correspondence relevant to potential orders or services.
   • Managing supplier/installer coordination at your request.
2. Legal obligations (Art. 6(1)(c))
   • Compliance with accounting and tax rules; responding to lawful requests from authorities; recordkeeping required by law.
3. Legitimate interests (Art. 6(1)(f))
   • Running and improving our website, IT systems, and services; maintaining information security and backups; preventing abuse or fraud; handling and defending legal claims.
   • B2B relationship management with partners, architects, designers, and suppliers.
   • Direct marketing to existing customers/contacts about similar services (“soft opt-in”), with a simple opt-out in each message. You may object at any time.
4. Consent (Art. 6(1)(a))
   • Non-essential cookies/analytics/advertising pixels (e.g., Google Analytics 4, Meta Pixel, LinkedIn Insight Tag) and similar technologies.
   • Publishing identifiable testimonials, case studies, photos or videos where a separate release or consent is appropriate.
   • Newsletters where soft opt-in does not apply.
   • You can withdraw consent at any time; this does not affect prior lawful processing.

7. Disclosures and categories of recipients

We disclose personal data only as necessary and with appropriate safeguards:

• Intragroup and internal recipients: DWILD staff on a need-to-know basis.
• Processors (acting on our instructions): hosting and cloud providers; website maintenance; security and backup services; analytics and measurement tools; email/newsletter and CRM tools; form/submission tools; IT support; professional advisors (e.g., legal, audit) where engaged as processors.
• Independent controllers (in specific contexts): installers or logistics partners you ask us to involve; financing/insurance providers you select; social media platforms you use to interact with our pages; professional advisors acting as separate controllers.
• Legal recipients: public authorities and courts where required by law or to establish, exercise, or defend legal claims.
• Corporate transactions: if we reorganise, merge, or sell assets, data may be disclosed under confidentiality and data-protection safeguards.

8. Cookies and similar technologies

Our website uses cookies, SDKs, pixels, and comparable technologies to:

• provide core site functionality and security (essential cookies);
• remember preferences (e.g., language, consent choices);
• measure and improve performance (analytics);
• measure and tailor marketing (advertising pixels and campaign measurement).

Indicative technologies we may use:

• Google Analytics 4 (aggregated usage statistics; IP masking enabled where applicable);
• Meta Pixel (campaign measurement and, if consented, remarketing);
• LinkedIn Insight Tag (campaign measurement);
• Embedded content (e.g., YouTube/Vimeo) that may set third-party cookies;
• Other related technologies.

9. Retention

We retain personal data only for as long as necessary for the purposes set out above, then delete or anonymise it.

Typical periods (unless a longer period is required for legal obligations or claims):

• Enquiries and pre-contract correspondence: up to 12 months from last meaningful contact if no further engagement follows.
• Contracts and related business records: for the duration of the relationship and for the statutory limitation period (generally up to 3 years after the end of the year when a claim could arise), unless proceedings are ongoing.
• Marketing subscriptions: until you unsubscribe or withdraw consent; a minimal suppression record is kept to honour your opt-out.
• Recruitment: usually 6 months after the decision, unless you consent to a longer talent-pool retention or retention is needed to establish, exercise, or defend legal claims.
• Cookie/analytics data: as disclosed in the Cookie Notice or consent tool.

10. Security

We apply organisational and technical measures appropriate to the risk, including: role-based access, authentication and least-privilege principles, encryption in transit where applicable, secure configuration and monitoring, backups and recovery testing, staff confidentiality commitments, processor due diligence and contractual safeguards. If a personal data breach creates a risk to individuals, we will notify the supervisory authority and, where required, affected individuals.

11. Social media pages and joint controllership

When you visit or interact with our pages on platforms such as Facebook, Instagram, LinkedIn, or YouTube, the platform provider processes personal data under its own terms. For features like Facebook Page Insights, we and Meta may be joint controllers for aggregated audience statistics. For exercising your rights regarding platform processing, you may contact the platform provider or us; we will coordinate as required by the platform’s joint-controller terms.

12. Your rights

Subject to GDPR and local law, you have the right to:

• Access your personal data and obtain a copy;
• Rectify inaccurate or incomplete data;
  Erase data in specified cases (“right to be forgotten”);
• Restrict processing in specified cases;
  Object to processing based on legitimate interests, including direct marketing (you may object at any time, and we will stop);
• Data portability for data you provided to us under consent or contract, where technically feasible;
• Withdraw consent at any time where processing relies on consent (without affecting prior processing);
• Lodge a complaint with the Estonian Data Protection Inspectorate.

We will respond without undue delay and within one month of receipt (extendable by up to two months for complex or numerous requests). We may ask for information to verify your identity.

13. Special situations

• Photos, videos, testimonials: We obtain consent or rely on another lawful basis before publishing identifiable content. You may withdraw consent at any time.
• Do-not-contact records: If you ask us not to contact you, we keep a minimal record to respect your choice.
• Third-party links/embeds: Interactions with third-party content are subject to those providers’ privacy policies.

14. Changes to this policy

We may update this Policy from time to time. Material changes will be announced on our website. The “Effective date” above shows the latest version.

15. How to contact us

Designwild OÜ

Tartu maakond, Tartu vald, Lähte alevik, Poe tn 8, 60502

Email: info@dwild.ee

Cookie notice (summary)

• Essential cookies (always active): enable core site features, security, and load balancing.
• Preference cookies (consent-based): remember settings such as language and cookie choices.
• Analytics cookies (consent-based): help us understand site usage (e.g., GA4).
• Marketing/advertising cookies (consent-based): measure campaign performance and, where applicable, build audiences (e.g., Meta Pixel, LinkedIn Insight Tag).

Effective date: 12.9.25

Last updated: 12.9.25