1. Introduction

Trilight Security OÜ ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our website and services.

This policy complies with the General Data Protection Regulation (GDPR), Estonian Personal Data Protection Act, and other applicable data protection laws.

2. Data Controller Information

3. Information We Collect

3.1 Information You Provide

• Contact information (name, email address, phone number)
• Company information (company name, job title, industry)
• Project requirements and technical specifications
• Communication preferences
• Any other information you voluntarily provide through our forms or communications

3.2 Information Automatically Collected

• IP address and general location data
• Browser type, version, and settings
• Operating system information
• Pages visited and time spent on our website
• Referring websites and search terms
• Cookies and similar tracking technologies (see our Cookie Policy)

4. How We Use Your Information

4.1 Legal Bases for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract: To fulfill our contractual obligations or take steps prior to entering into a contract
• Legitimate Interest: For our legitimate business interests, provided they don't override your rights
• Legal Obligation: To comply with applicable laws and regulations

4.2 Purposes of Processing

• Providing and improving our services
• Responding to inquiries and quote requests
• Communicating about our services and project updates
• Analyzing website usage and improving user experience
• Ensuring security and preventing fraud
• Complying with legal and regulatory requirements
• Marketing communications (with your consent)

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following circumstances:

5.1 Service Providers

We may share data with trusted third-party service providers who assist us in:

• Website hosting and maintenance
• Email communications
• Analytics and performance monitoring
• Customer support services

5.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations
• Protect our rights and property
• Ensure user safety
• Investigate potential violations of our terms

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and updates
• Employee training on data protection
• Secure data centers and infrastructure

While we strive to protect your data, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Contact inquiries: 3 years from last contact
• Quote requests: 5 years for business record purposes
• Service contracts: Duration of contract plus 7 years for legal compliance
• Marketing communications: Until you unsubscribe or withdraw consent
• Website analytics: 26 months

8. Your Rights

Under GDPR and Estonian law, you have the following rights regarding your personal data:

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Other legally recognized transfer mechanisms

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

11. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending email notifications for material changes (if you have provided consent)

Your continued use of our services after any changes constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority if you believe we have not handled your data appropriately.