Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Apex Digital Lab OÜ ("Apex", "we", "us") collects, uses, and protects personal data. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

1. Data controller

Apex Digital Lab OÜ, a private limited company registered in Estonia (registry code [ registrikood — to be added ]), registered address [ address — to be added ], Estonia. Contact: .

2. What data we collect

  • Information you provide — when you contact us (e.g. by email), such as your name, email address, company, and the content of your message.
  • Client and project data — information needed to deliver our services under an agreement, which may include data you ask us to process on your behalf.
  • Technical data — limited information generated automatically when you visit this site, such as IP address and browser data in server logs, and essential cookies needed for the site to function.
  • Analytics data — only if you consent, aggregated information about how the site is used.

3. Why we process it, and our legal basis

  • To respond to your enquiries and take steps at your request before entering a contract (Art. 6(1)(b) GDPR) and our legitimate interest in communicating with prospective clients (Art. 6(1)(f)).
  • To provide our services under a contract with you (Art. 6(1)(b)). Where we process personal data on your behalf, we act as a processor under a separate data processing agreement.
  • To operate and secure this website, based on our legitimate interest in a functioning, secure site (Art. 6(1)(f)).
  • To comply with legal obligations, such as accounting and tax law (Art. 6(1)(c)).
  • Analytics, only with your consent (Art. 6(1)(a)), which you may withdraw at any time.

4. Sharing your data

We do not sell your personal data. We may share it with service providers who process data on our behalf (for example hosting, email, and analytics providers), bound by appropriate agreements. We may also disclose data where required by law or to protect our rights.

5. International transfers

We are based in Estonia and prefer to keep data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses.

6. How long we keep it

We keep personal data only as long as necessary for the purposes above, or as required by law (for example, accounting records). Enquiry correspondence is kept for as long as needed to handle your request and for a reasonable period afterwards.

7. Your rights

Under the GDPR you have the right to access your data; to rectification; to erasure; to restriction of processing; to data portability; to object to processing; and to withdraw consent at any time. To exercise these rights, contact us at .

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), www.aki.ee/en.

8. Cookies

This site uses essential cookies and, with your consent, analytics cookies. For details see our Cookie Policy.

9. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

10. Changes

We may update this policy from time to time. The latest version will always be available on this page with its revision date.

11. Contact

For any privacy question or request, contact us at .