This translation is provided for informational purposes only. The legally binding version of these terms is the Estonian-language original, and Estonian law applies. In the event of any discrepancy, the Estonian version prevails.
1. General Provisions
1.1. Virtuaal.com processes personal data in accordance with the European Union General Data Protection Regulation (GDPR) and the laws of the Republic of Estonia.
1.2. The Service Provider acts as the data controller for customer data (billing, contacts) and as the data processor for the personal data that the Customer stores on the server (web content, databases).
2. Data Retention
2.1. We do not retain personal data for longer than is necessary to achieve the purposes of the processing or to comply with legal obligations.
- Active service data: Until the expiration of the agreement + 30 days (buffer period).
- Backups: Up to 30 days (depending on the backup cycle).
- Accounting documents: 7 years (pursuant to the Accounting Act).
- Logs: Up to 1 year (to ensure security and analyze attacks).
- Removed illegal content: Content removed pursuant to the TCO Regulation or other legislation, along with related data, is retained for administrative or judicial proceedings for 6 months, ensuring it is not publicly accessible.
3. Data Processors
3.1. To provide the service, we may transfer personal data to the following partners (data processors):
- Domain registries (e.g., Eesti Interneti SA, ICANN-accredited registrars) – personal data necessary for domain registration.
- Certification authorities – for the issuance of SSL certificates.
- Payment intermediaries and banks – for processing payments.
- Software partners (e.g., cPanel L.L.C) – for validating licenses (only technical data is transmitted, not customer content).
3.2. Third-party services on the website
Our website (www.virtuaal.com) uses the following third-party services, which process the visitor’s technical data (including IP address) when visiting the site:
- Rybbit – for collecting visitor statistics. The service is cookie-free and does not identify the visitor personally.
- Endorsal – for displaying customer reviews on service pages.
- Google Maps – for displaying a location map on the contact page.
Some service providers (Endorsal, Google) are located outside the European Economic Area (EEA), for example in the United States. Data transfer to these countries takes place on the basis of appropriate data protection safeguards, which are the European Commission’s Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework decision.
4. Customer Rights and Supervision
4.1. The Customer has the right to access their personal data and to request its rectification or erasure (the “right to be forgotten”), provided this does not conflict with statutory retention obligations (e.g., regarding invoices).
4.2. Complaints: If the Customer believes that their rights have been violated, they have the right to lodge a complaint with the Data Protection Inspectorate (www.aki.ee) or the relevant supervisory authority.