Privacy Policy

This privacy policy explains how Creative Team OÜ (osav.ee) collects, processes and protects your personal data in accordance with GDPR and Estonian data protection law.

1. Data Controller Contact Details

Data Controller: Creative Team OÜ

Registry Code: 12261622

Address: E. Vilde tee 108-43, 12915 Tallinn, Eesti

Email: info@osav.ee

Data Protection Contact: info@osav.ee

Website: osav.ee

2. Age Restrictions

Minor user requirements:

  • • The service may be used by persons aged 16+
  • • Under 16s require written consent from a parent or guardian
  • • Parents have the right to request management and deletion of their child's data

3. What Personal Data We Collect

Required data (GDPR art 6(1)(b) - contract performance):

  • Identifying data: first and last name
  • Contact data: email address, phone number
  • User account data: username, password (encrypted)
  • Technical information: IP address, browser data, session information

Voluntary data (GDPR art 6(1)(a) - consent):

  • Profile information: photo, introduction, skills, education, experience
  • Location data: city, exact address (if needed for service provision)
  • Social media links: LinkedIn, Facebook etc. profiles
  • Portfolio material: work samples, images, documents

Automatically collected data:

  • Website usage data: pages visited, time on page, clicks
  • Device data: operating system, browser, screen resolution
  • Communication data: messages, comments, feedback

4. Legal Basis and Purposes of Data Processing

Contract performance (GDPR art 6(1)(b))

  • • Creating and managing user accounts
  • • Providing services through the platform
  • • User communication with each other

Legitimate interests (GDPR art 6(1)(f))

  • • Ensuring platform security
  • • Preventing and detecting fraud
  • • Improving service quality
  • • Providing technical support
  • • Analytics and statistics

Consent (GDPR art 6(1)(a))

  • • Email marketing and newsletters
  • • Use of cookies (non-technical)
  • • Display of additional profile information
  • • Product development surveys

Legal obligation (GDPR art 6(1)(c))

  • • Retention of accounting data
  • • Tax reporting
  • • Fulfilling law enforcement requests
  • • Data protection supervision

5. Who We Share Your Data With

Data transfer to third parties:

  • Technical services: hosting
  • Analytics: Google Analytics (with anonymized data)
  • Map service: Google Maps (for location display)
  • OpenAI: used for client data translations
  • User support: providing technical assistance

Public disclosure of data to users:

  • Public profile: name, photo, location, skills, portfolio, social media links (according to your settings)
  • To registered users: contact information
  • To authorized partners: we do not transfer data without your consent

6. Data Retention and Deletion

Retention periods:

  • Active accounts: until account deletion
  • Financial information: 7 years (accounting law)
  • Technical logs: 12 months
  • Marketing data: until consent withdrawal

7. Your Rights Regarding Personal Data

You have the right to access, rectification, deletion and other actions regarding your personal data in accordance with data protection laws.

To submit data-related requests, write to: info@osav.ee

We respond within 1 month.

8. Cookies and Tracking Technologies

Types of cookies:

Technically necessary cookies

Login, security - do not require consent

Functional cookies

Language selection, settings, user preferences, Google Maps

Analytics cookies

Google Analytics and Google Ads, user behavior analysis and advertising measurement

Marketing cookies

Advertisement display, social media integration

You can disable cookies in your browser settings or our cookie management panel.

9. Data Security

Technical security measures:

  • Encryption: SSL/TLS certificates
  • Data backups: regular automatic backups

Organizational measures:

  • Employee data protection training
  • Access restriction on "need to know" principle

10. International Data Transfer

OpenAI (USA) processes some data for translation purposes.

11. Data Incident Handling

Our obligations in case of data incident:

  • Within 72 hours: notify the Data Protection Inspectorate
  • Without delay: inform affected individuals (if high risk)
  • Immediately: implement damage limitation measures
  • Documentation: retain incident description and measures

12. Supervisory Authority

Estonian Data Protection Inspectorate

Website: https://aki.ee

This privacy policy has been prepared in accordance with GDPR and Estonian data protection law.

By using our platform, you agree to this privacy policy.