Privacy Policy

BYRIVOPL OÜ (“Byrivopl”, “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website (https://byrivopl.com) or otherwise interact with us (for example, by contacting us or using our Services). We process personal data in accordance with applicable data protection laws, including the European Union’s General Data Protection Regulation (GDPR), and we strive to uphold the highest standards of privacy.

By using our website or providing personal information to us, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the site or submit personal data.

1. Information We Collect

We may collect and process personal data about you when you visit our site or use our Services. This includes:

A. Information You Provide to Us

You may choose to provide us with certain information directly, such as:

• Contact Information: When you fill out a contact or inquiry form on our site, request a demo, subscribe to a newsletter, or otherwise get in touch, we may ask for information like your name, email address, phone number, company/organization name, job title, or other relevant details. We will also collect any messages or content you include in your submission (for example, the text of your inquiry or feedback).

• Account or Registration Information: (If applicable) If our website offers account creation or registration for specific services, we might collect login credentials (such as username and password) and any profile information you provide. (Note: If our Services require separate login credentials, those Services may be governed by additional terms/privacy notices.)

• Communication Information: If you email us, call us, or otherwise communicate with us (outside of a form), we will collect and retain the content of your communication along with your contact details (email address, phone number, etc.) as necessary to respond to you or keep records.

• Other Information: Any other information you voluntarily provide to us. For example, if you participate in a survey, provide a testimonial, or comment on a blog post (if our site allows), we will collect whatever information you choose to provide.

We will only ask for information that is relevant for the interaction or service you are requesting. You may choose not to provide certain optional information; however, doing so might limit our ability to respond to your request or provide certain services.

B. Information Collected Automatically (Cookies & Usage Data)

When you visit our website, we (or our third-party partners) may automatically collect certain technical data about your device and browsing actions through the use of cookies and similar tracking technologies. The information collected may include:

• Usage Details: Information about your visits to our site, such as the pages or content you view, the dates and times of access, the amount of time spent on pages, clickstream data (e.g., what links you click), and referring/exit pages.

• Device and Connection Information: Details about your device, browser type, browser language, and operating system; your IP address; your device identifiers or mobile advertising ID (if on a mobile device); and your internet service provider or mobile carrier.

• Cookies and Similar Technologies: Cookies are small text files that websites place on your device to store data that can be recalled by the web server in the domain that placed the cookie. We use cookies and similar technologies for several purposes: to make our site function properly; to remember your preferences (e.g., language or region); to collect analytics data about user interactions; and to support security features. For example, we may use Google Analytics or other analytics providers to understand how users engage with our website, which helps us improve content and user experience. These analytics services may set their own cookies to collect information such as your IP address, browser type, pages visited, and time spent on pages. (We use such analytics information in aggregate form and, wherever feasible, IP anonymization features to protect individual privacy.)

We also may use tools like Google reCAPTCHA on our contact forms to prevent spam and abuse. This tool may collect hardware and software information, such as device and application data, and transmit it to Google for analysis. By using our contact forms protected by reCAPTCHA, you agree to Google’s Privacy Policy and Terms for that service.

Cookie Choices: You have control over cookies. When you first visit our site, you may be presented with a cookie notice or preferences tool that allows you to accept or reject non-essential cookies. Even after consenting, you can typically adjust your browser settings to refuse or delete cookies. However, please note that if you disable cookies, some parts of our site may not function properly. For example, certain features or preferences might not be remembered. For more information on how to manage cookies, you can consult your browser’s help documentation. We honor any applicable legal requirements regarding cookie consent (for instance, not setting certain cookies until you have consented, where required by law).

C. Information from Third Parties

In general, we collect personal data directly from you or through your use of our site. We do not typically purchase or obtain personal data from data brokers or unrelated third parties. However, we may receive information from third-party sources in the following limited situations:

• Service Providers: We might receive supplemental information from service providers we work with (for example, if we use a customer relationship management system or an email marketing platform, those systems might enrich our contacts with publicly available business contact info, etc.). This would generally be business-related information (like an updated business email or title) rather than sensitive personal details.

• Social Media or Single Sign-On: If our site allows you to interact with us via a social media login or share content via social media (for example, an option to log in using LinkedIn or to share an article to Twitter), and you choose to do so, the third-party platform might send us certain information about you as per their policies. This could include your profile name, email, or other information you’ve made available. We will handle any such data in line with this Privacy Policy.

• Publicly Available Sources: We may also obtain business contact information from public sources (such as a company website or public LinkedIn profile) for potential client outreach or marketing. If we contact you and you’re not interested, please let us know and we will refrain from further outreach.

2. How We Use Your Information

We use personal data for the following purposes, in each case where we have a valid legal basis under applicable law (such as your consent, performance of a contract, our legitimate interests, or compliance with a legal obligation):

• To Provide and Operate Our Services: We use information you provide to respond to your inquiries, process your requests, and deliver the services or information you have asked for. For example, if you fill out a contact form requesting a demo or information about our services, we will use your contact details and message to respond to you and provide the requested demo or details.

• To Communicate with You: We may use your contact information to send you administrative communications such as confirmations, updates, technical notices, and security alerts. If you contact us by email or phone, we will use your information to respond. We may also send you newsletters or marketing communications about our services that we believe may be of interest to you – but only if you have consented to such communications, or if you are an existing customer and the communications are about similar products or services (as allowed by law). You always have the option to opt-out of marketing emails as described below.

• For Analytics and Improvements: We use data (especially usage data collected via cookies and similar technologies) to understand how our website is used and to make improvements. This helps us troubleshoot technical issues, optimize content layout, gauge the effectiveness of our marketing or informational materials, and generally enhance user experience. For instance, knowing which pages are most visited or how users navigate our site can inform site redesigns or content development.

• To Personalize Your Experience: If our site uses cookies for personalization, we might use information about your visits to tailor the content you see. (For example, remembering your language preference or showing content relevant to your region.)

• For Security and Fraud Prevention: We may process personal data as needed to maintain the security of our website, systems, and users. This includes using certain data to detect and prevent fraud, abuse, or malicious activities. For example, IP addresses and cookies may be used to monitor for unusual or suspicious activities on our site.

• To Comply with Legal Obligations: Sometimes we are legally required to process certain personal data. For example, if you exercise your data protection rights (such as requesting deletion), we will use your information to fulfill those requests. We might also process and retain data to comply with laws such as tax reporting requirements, or to respond to lawful requests by public authorities.

• In Connection with Business Transactions: If we ever consider a business transaction such as a merger, acquisition, reorganization, or asset sale, we might need to disclose user information to potential buyers or partners (under appropriate confidentiality protections) as part of the evaluation process. If a change in ownership occurs, the acquiring entity will continue to handle personal data in line with this Privacy Policy.

• With Your Consent: If we intend to use your personal data for a purpose that requires consent (for example, if we wanted to feature your testimonial on our site), we will ask for your consent. Where consent is the basis for processing, you have the right to withdraw it at any time, which will not affect the lawfulness of processing before withdrawal.

We will not use your personal data for completely new, unrelated purposes without updating this Privacy Policy and/or obtaining your consent when required. We do not engage in selling or renting your personal data to third-party marketers.

3. How We Share Your Information

We value your privacy, and we only share personal data with third parties in the following circumstances:

• Service Providers (Processors): We may share personal data with trusted third-party service providers who perform functions and services on our behalf. For example, these may include: website hosting providers, cloud infrastructure providers, email delivery services, analytics providers (like Google Analytics), customer relationship management (CRM) software, or other IT service management tools. These service providers are contractually bound to only process your data as necessary to provide the services to us and not for their own purposes. We require that they protect your information and handle it securely, consistent with this Privacy Policy and applicable law.

• Business Partners and Affiliates: If Byrivopl is part of a group of companies, we might share data with our corporate affiliates (e.g., a parent or subsidiary company) for purposes consistent with this Policy. (As of the latest update of this Policy, Byrivopl may not have affiliated entities; this is simply to cover any future corporate structure changes.) Any such sharing would still be only for the purposes described (e.g., internal administration, combined services, etc.) and subject to the same safeguards.

• Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court, regulatory agency, or law enforcement official). We will also disclose information if we believe in good faith that such action is necessary to (i) comply with a legal obligation or subpoena, (ii) protect and defend the rights or property of Byrivopl, (iii) prevent or investigate possible wrongdoing in connection with the Services, (iv) protect the personal safety of users of the Services or the public, or (v) protect against legal liability.

• Business Transfers: As mentioned, if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your data may be transferred as part of that transaction. In such cases, we will ensure the new owner continues to respect your personal data in accordance with this Privacy Policy (or provides notice of changes).

• With Your Consent: We may share your personal data with other third parties if you have given us your explicit consent to do so. For example, if we wanted to post your customer testimonial or case study on our website with your name, we would seek your permission. Or if you ask us to connect you with a partner or third-party product, we might share contact information with them only with your knowledge or request.

No Unauthorized Third-Party Marketing: We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We might share aggregated or de-identified information (which cannot reasonably be used to identify you) with third parties for research, marketing, or other business purposes – for example, publishing trends or usage statistics – but this data will not include any personally identifiable information.

4. International Data Transfers

Byrivopl is based in Estonia, and our website is operated from the European Union. However, the personal data that we collect from you may be transferred to, and stored at, servers or service providers located in other countries. This can happen, for example, if we use a cloud service or email provider that operates in another country, or if you are accessing the site from outside Estonia.

Whenever we transfer your personal data outside of the European Economic Area (EEA) or your country of residence, we will take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws. Such measures may include:

• EU Standard Contractual Clauses: If we transfer data from the EEA to a country not deemed by the European Commission to have adequate data protection, we will often rely on the Standard Contractual Clauses (SCCs) or equivalent contractual safeguards to ensure a similar level of data protection as in the EU.

• Adequacy Decisions: In some cases, we may transfer data to countries that have been officially recognized as providing an adequate level of data protection according to the EU (for example, transfers to companies in countries under an adequacy decision).

• Privacy Shield (Historical): While the EU-U.S. Privacy Shield framework was invalidated by the EU in 2020, some U.S. service providers may now participate in the new EU-U.S. Data Privacy Framework (if applicable at the time of reading). We will utilize any updated approved mechanisms for EU-U.S. data transfer as appropriate.

You can contact us (see Contact Us section) for more information about the safeguards we have put in place for international data transfers. By using our site or submitting information to us, you acknowledge this transfer, processing, and storage of your personal data in countries outside of your own.

5. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.

• Contact and Inquiry Data: If you contact us with a question or demo request, we will retain your information for as long as it takes to respond to you and potentially keep a record of our correspondence. If you become a client, we will retain your data for the duration of our business relationship and thereafter as required for contractual or legal obligations. If you do not become a client, we may still retain your contact information and inquiry for a reasonable period in case you reach out again or to improve our services, but we will not use it for ongoing marketing unless you have opted in.

• Marketing Data: If you have subscribed to our newsletter or agreed to receive marketing communications, we will retain your contact information until you unsubscribe or ask us to delete your information. Each marketing email will typically include an unsubscribe link. Once you unsubscribe, we will remove you from our marketing list, though we may keep a record of your request to ensure we don’t contact you again.

• Analytics Data: We typically retain analytics data (collected via cookies and similar tracking) in aggregate form. If any usage data is linked to an identifier (like an IP address), we will either delete or anonymize that data after a set period (commonly 14 to 26 months for many analytics services), unless we need to retain it longer to investigate site performance issues or security incidents.

• Legal and Contractual Retention: We may need to retain certain information for longer periods if required by law. For example, business records, invoices, and communications might be kept for several years to comply with tax, audit, or other regulatory requirements. Additionally, if we are handling a dispute or legal claim, we will retain relevant information throughout the duration of that matter.

Once the retention period expires, or if we determine that the information is no longer needed, we will either delete your personal data or anonymize it (so that it can no longer be associated with you). If deletion is not immediately feasible (for example, because the data is stored in backup archives), we will secure the data and isolate it from further use until deletion is possible.

6. Your Rights and Choices

Under applicable data protection laws (such as the GDPR for EU users), you have a number of rights regarding your personal data. We are committed to honoring these rights. Your principal rights include:

• Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the personal data we hold about you. We will provide you with a copy of your data in a structured, commonly used format, although for additional copies we may charge a reasonable fee if permitted by law.

• Right of Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. We encourage you to let us know if any of your information (such as your contact details) changes, so we can keep our records up to date.

• Right to Erasure: You have the right to request the deletion of your personal data (“right to be forgotten”). This is not an absolute right – for example, if we have an ongoing legitimate need or legal obligation to keep your data (such as a legal requirement to retain transaction records, or if the data is needed for the establishment, exercise, or defense of legal claims), we may not be able to delete immediately. But we will honor this request to the fullest extent required by law. If you close any account with us or withdraw your consent (where applicable), we will delete or anonymize your data within a reasonable time, provided we do not need to retain it for the above reasons.

• Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal data in certain scenarios – for instance, if you contest the accuracy of the data (until we can verify its accuracy), or if you object to our processing based on our legitimate interests, or if processing is unlawful but you do not want us to delete the data, or if we no longer need the data but you need it for a legal claim. When processing is restricted, such data will be marked and, aside from storage, will only be processed with your consent or for legal reasons.

• Right to Data Portability: To the extent that we process your information by automated means pursuant to a contract with you or based on your consent, you have the right to request a copy of your data in a structured, commonly used, machine-readable format (and you can ask that we transmit it directly to another data controller where technically feasible). This right facilitates the transfer of your data to another service provider.

• Right to Object: You have the right to object to our processing of your personal data in certain circumstances. In particular, you have the right to object to processing of your data for direct marketing purposes at any time. If you object, we will stop processing your personal data for that purpose immediately. You also have the right to object where we are processing your data based on legitimate interests; in such cases, we will evaluate your objection and cease processing the data unless we have compelling legitimate grounds to continue that override your rights, or if we need to continue processing for legal reasons.

• Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw consent at any time. You can do this by contacting us or, in the case of email newsletters, clicking the “unsubscribe” link. Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your data under other legal bases (for example, processing based on a contract or legal obligation).

• Right not to be Subject to Automated Decisions: We do not typically make decisions about you that are based solely on automated processing (without human involvement) and which produce legal effects or similarly significant effects. However, if we ever did, you would have the right to not be subject to such decisions unless certain conditions apply as per law. In any event, you would have the right to request human intervention and to contest the decision.

To exercise any of your rights, please contact us at the information provided in the Contact Us section below. We may need to verify your identity before fulfilling certain requests (to ensure that we don’t disclose your data to someone who isn’t you). We will respond to your request within a reasonable timeframe, and in any event within the timeframe required by law (generally within one month for GDPR, extendable by another two months if necessary, taking into account the complexity and number of requests).

Please note that these rights are subject to certain exemptions and limitations under applicable law. For example, we might refuse a request for erasure if the personal data is required to comply with a legal obligation, or deny access to information where it would adversely affect the rights and freedoms of others.

Marketing Communications: As noted, if you no longer wish to receive marketing emails or newsletters from us, you can opt out at any time by clicking the unsubscribe link in those emails or by contacting us to request removal. Even after you opt out of marketing, we may still send you transactional or informational messages relating to the Services (such as administrative confirmations, security notices, etc.), as these are not promotional in nature.

Cookies: Regarding your choices for cookies, see the Cookies section above for ways to manage your preferences. You can typically refuse all or certain cookies through your browser settings. You can also use browser extensions or tools to opt out of certain trackers (for example, Google provides a Google Analytics Opt-Out Browser Add-on if you want to prevent Google Analytics from collecting your data on websites). Keep in mind, disabling cookies may impact site functionality.

Complaints: If you have any concerns or complaints about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue. However, you also have the right to lodge a complaint with a data protection supervisory authority. If you are in the European Union, you can contact the supervisory authority in the country of your residence, place of work, or where an alleged infringement of data protection law has occurred. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). We would appreciate the opportunity to address your concerns before you approach a regulator, so please consider reaching out to us first.

7. How We Protect Your Information

We take the security of your personal data seriously. We implement appropriate technical and organizational measures to protect the personal data we process against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption & Security Protocols: Our website uses HTTPS encryption (TLS/SSL) to secure data in transit. This means that information submitted through our site (such as contact form details) is encrypted while being transmitted. We also employ firewalls, intrusion detection systems, and secure network configurations to guard against external attacks.

• Access Controls: Personal data is accessible only by authorized personnel who have a legitimate need to know in order to perform their duties. We restrict access to databases and systems storing personal data, and use authentication protocols (such as strong password policies and possibly two-factor authentication for administrative access) to prevent unauthorized logins.

• Data Minimization: We limit the personal data we collect to only what is necessary for the purposes stated. If we don’t need certain information, we won’t ask for it. Likewise, we strive to anonymize or pseudonymize data when full details are not required.

• Training and Policies: Our team members are trained on data protection principles and we have internal policies in place to ensure that privacy and security are built into our operations.

• Third-Party Assessments: When we work with third-party service providers (processors) who handle personal data on our behalf, we vet their security practices and ensure they commit to protecting your data with appropriate safeguards. We also enter into data processing agreements as needed to ensure they meet legal requirements for data protection.

Despite all these efforts, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we do our best to protect your personal data, we cannot guarantee absolute security. You should also take care with how you handle and disclose your personal data. Make sure to use strong passwords and not share them, and be cautious about phishing attempts or suspicious communications asking for your data.

If you have reason to believe that your interaction with us or your data might no longer be secure (for example, if you feel that the security of an account you have with us has been compromised), please notify us immediately using the contact information below so that we can take appropriate action.

8. Children’s Privacy

Our Services are not directed to children and we do not knowingly collect personal data from individuals under the age of 18 (or the applicable age of majority in their jurisdiction). As stated in our Terms of Use, users must be at least 18 years old to use our website and services. We do not intend for anyone under 18 to provide any personal information to us.

If you are under 18, please do not submit any personal data to us. If we learn that we have inadvertently collected personal information from someone under 18, we will take prompt steps to delete such information from our records.

If you are a parent or guardian and you believe that a child under your care has provided us with personal data without your consent, please contact us immediately. We will work to remove the data and terminate the child’s account or usage (if applicable).

We encourage parents and guardians to take an active role in their children’s online activities and to educate minors about privacy and safe Internet use.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we update the policy, we will revise the “Last Updated” date at the top of this page.

If changes are significant, we may provide a more prominent notice of the update, such as by posting a notice on our website’s homepage or by directly notifying you via email (if you have provided your email and we are permitted to contact you for this purpose).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or Services after any update to this Privacy Policy will constitute your acceptance of the changes, to the extent permitted by law. If you do not agree with any changes to the Privacy Policy, you should stop using the site and can request that we delete your personal data (as per your rights described above).

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

• By Email: privacy@byrivopl.com (or contact@byrivopl.com)

• By Phone: +372 5427 6340

• By Mail: BYRIVOPL OÜ, Rehe tn 5, 71015 Viljandi, Viljandi County, Estonia.

When contacting us, please provide sufficient detail about your question or concern, and if you are making a rights request (e.g., asking for a copy of your data or deletion), please provide any information we might need to verify your identity (for example, contact us from the same email address you used with us, etc.). We value your privacy and will do our best to address your inquiry promptly and thoroughly.

Thank you for taking the time to read our Privacy Policy. We appreciate your trust in Byrivopl and are dedicated to safeguarding your personal data.