Reiterate Privacy Policy

Last updated on January 17, 2025

This Privacy Policy describes how Iter8 OÜ (“Reiterate”, “we”, “us” or “our”) collects, uses, discloses and otherwise processes the personal data of data subjects who visit our website at www.reiterate.com, use our offered services or are representatives of our customers and business partners. The Privacy Policy also describes the privacy rights available to data subjects.

Please note that this Privacy Policy only describes the processing of personal data by Reiterate as a data controller. This Privacy Policy does not apply to the extent where we collect and process personal data in the role of a data processor on behalf and in accordance with the instructions of our customers. In these situations, each customer is responsible for providing data subjects with their own privacy policy or notice where the relevant processing activities should be described.

If you have any questions, concerns or complaints relating to the processing of your personal data by Reiterate, please contact us at the e-mail address provided below.

1. CONTROLLER OF PERSONAL DATA

The contact details of the Reiterate as the controller of your personal data are the following:

Iter8 OÜ
Estonian registry code: 16317354
Address: Laeva 1, 10111 Tallinn, Estonia
E-mail: [email protected]

2. PERSONAL DATA THAT WE PROCESS

2.1. Personal Data we process about our customers, business partners and their representatives and end-users of our services

If you are (a) our current or prospective business partner as a natural person, (b) a representative of our current or prospective business partner or customer, or (c) a user authorised on behalf of our customer to use our services, we primarily collect your personal data directly from you or from the legal entity you represent. We may also receive your personal data through the use of cookies and similar technologies as described in this Privacy Policy. To the extent permitted by law, we may also collect your data from third parties, like online databases.

The categories of personal data that we process are the following:

  1. Your name and contact details such as your e-mail address and phone number;
  2. If you are a representative of a legal person, data about your employer and your position, as well as information on your right of representation (i.e., your authorisation);
  3. Your account details used to access our services, including your e-mail, password or Google account data used to access our services;
  4. Information related to our contractual relationship or our contractual relationship with the entity you represent, such as data on inquiries and responses, your feedback to us, invoicing and accounting information, details of the contract concluded between our business partner and us;
  5. Data about your use of our services and your engagement with our content, such as analytics and log data associated with the user. Such data may include, for example, tags associated with you, hardware and software attributes, date and time of your activity, your activity in our services, your e-mail or IP-address and general geographic location (e.g., city, state or country);
  6. Data about our marketing activities towards you, such as information received and transmitted via e-mail, meetings and calls;
  7. Evidence and records of your consent in cases where we are required to obtain your consent for processing.

2.2. Data we process about the visitors of our website

If you are a visitor of our website, we collect your personal data (a) through the use of cookies and similar technologies in accordance with section 4 of the Privacy Policy, and (b) directly from you when you schedule a demo with us or subscribe to our newsletter through our website.

Through the use of cookies and similar technologies, we collect about your use of our services and your engagement with our content, such as analytics and log data associated with the user. Such data may include, for example, a tag associated with you, hardware and software attributes, date and time of your activity, your activity in our services, your e-mail or IP-address and general geographic location (e.g., city, state or country).

When you schedule a demo of our services through our website, we will collect and process your name, email and information about your company. When you subscribe to our newsletter through our website, we will collect and process your email address you provide to us.

3. PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING

We may process your personal data for the following purposes and on the following legal bases:

  1. Establishing relationships with potential business partners and customers, including by contacting leads or target customers via phone, e-mail or otherwise, scheduling demos, and marketing our products and services. For these purposes, the legal basis for the processing of your personal data is our legitimate interest in business development (Article 6(1)(f) of the GDPR).
  2. Management of business relationships and offering services to our customers. For these purposes, the legal basis for the processing of your personal data is usually our legitimate interest in maintaining business relationships and providing our services to our customers (Article 6(1)(f) of the GDPR). Where we have a business relationship directly with you as a natural person, the legal basis for processing your personal data for this purpose is the necessity to perform our obligations under the contract entered into with you (Article 6(1)(b) of the GDPR).
  3. Managing and responding to customer inquiries and support requests. For this purpose, the legal basis for the processing of your personal data is our legitimate interest in maintaining a high level of customer service (Article 6(1)(f) of the GDPR) or taking steps at your request prior to entering into a contract with you (Article 6(1)(b) of the GDPR).
  4. Improving and developing our service, including for security purposes. For these purposes, the legal basis for the processing of your personal data is our legitimate interest in enhancing the functioning of our services, conducting analytics, improving access to content that Reiterate publishes, and ensuring the technical availability and security of our services (Article 6(1)(f) of the GDPR). Where we use cookies for these purposes, we ask for your consent for the placement of optional cookies in accordance with section 4 of this Privacy Policy.
  5. Sending newsletters and updates. When you subscribe to our newsletter through our website, we rely on your consent as the legal basis for sending you newsletters (Article 6(1)(a) of the GDPR. As we are a B2B business, we may from time to time also send marketing materials and e-mails by relying on our legitimate interest in marketing our service to legal persons (Article 6(1)(f) of the GDPR and § 1031(2) of the Estonian Electronic Communications Act). Please note, however, that irrespective of the legal basis we rely upon, you always have the right to unsubscribe from such messages.
  6. Measuring the conversion of our marketing efforts. For this purpose, the legal basis for the processing of your personal data is our legitimate interest in marketing our services and in our business development activities (Article 6(1)(f) of the GDPR. Where we use cookies for these purposes, we ask for your consent for the placement of optional cookies in accordance with section 4 of this Privacy Policy.
  7. Establishing, exercising and defending any potential legal claims. Where the processing of your personal data is necessary for taking action on legal claims or for compliance, regulatory and investigative purposes, the legal basis for the processing of your personal data is our legitimate interest in establishing, exercising and defending legal claims (Article 6(1)(f) of the GDPR).
  8. Complying with our legal obligations deriving from applicable law. For these purposes, the legal basis for the processing of your personal data is the respective legal provision obliging us to process the relevant data (in accordance with Article 6(1)(c) of the GDPR). Such legal obligations may derive, for example, from accounting and tax laws.
  9. Attracting investments. Reiterate is a start-up, which means that we may occasionally disclose certain personal data to potential investors and their advisors when preparing for fundraising rounds. Such disclosures are always limited to the maximum possible extent and subject to confidentiality undertakings by the recipients. For this purpose, the legal basis for disclosing the data is our legitimate interest in growing our business and raising capital (Article 6(1)(f) of the GDPR).

4. COOKIES

We may use web cookies and other similar technologies (hereinafter “Cookies”) on our websites and in our customer application. Cookies are small bits of information that are placed on your device. For instances, Cookies enable us to remember information about your activities and preferences on our website to make the use and navigation more efficient and user-friendly by providing you a more customised experience when you use our website or our application. These Cookies are divided into essential and optional Cookies. 

Essential Cookies are necessary to make our website work and function properly. As these Cookies are strictly necessary for the functioning of our website, and your consent is not required for their use according to applicable law and therefore they cannot be turned off. We use these Cookies based on our legitimate interest to keep our website functional.

Optional Cookies are placed on your device only if you give your consent for this. Optional cookies are not strictly necessary for the functioning of the website, but for instance, they enable us to analyse the performance and design of our website (e.g., they enable us to see which sections of our website are the most popular, how much time is spent by users on each section, etc.) or measure the conversion of our marketing efforts. For such analytics, we may use third party cookies such as (without limitation) Google Analytics, Google Ads solutions, etc. Optional Cookies also enable us to record data about your actions on the browser (tracking Cookies). Such cookies may also be used for targeted marketing. We use such optional Cookies only if you give us your consent to place and use these Cookies.

Please note that the Cookies are divided into two categories with different storage times on your device. Temporary session cookies are set per each use session and stored on your device until you close your device or browser. Persistent cookies are stored on your device after you have finished browsing until they expire or are deleted.

If you want to remove or block optional Cookies described herein, you can update your browser settings. Please be aware that the rejecting of Cookies may affect your user experience on our website.

For more information about the Cookies we use, their purposes, types, storage duration and providers, please read our Cookie declaration at https://www.reiterate.com/cookie-declaration.

5. RECIPIENTS OF YOUR PERSONAL DATA

We may disclose your personal data to the following categories of third parties:

  • if required by applicable law, we submit your data to tax authorities and other authorities;
  • if our trusted service providers (such as IT-service providers, payroll and accounting service providers, etc) provide services to us in accordance with our instructions, we may disclose your personal data to our service providers. In these cases, we will control and remain responsible for the use of your personal data at all times;
  • statistical and analytical browsing data may be accessible to our partners, who provide us with tools for analytics. We always make sure to engage only such partners who provide adequate privacy enhancing technologies; 
  • in connection with our merger, takeover or sale of all or part of our business as well as raising capital and investments, we may disclose your personal data to our investors, acquirers, legal advisors, tax advisors, auditors, etc;
  • if we, in good faith, believe that disclosure of relevant data is necessary to protect your rights, to ensure safety, to investigate fraud or other offences or if the disclosures are necessary for the establishment, exercise and defence of legal claims. In such cases, the recipients may include law enforcement agencies, other public authorities, legal advisors and courts;
  • banks and other financial service providers;
  • internal and external auditors.

We make every effort to keep your personal data safe and always require a high level of security and confidentiality from our employees and partners.

We may transfer personal data outside of the European Economic Area from time to time. If we do so, we take all measures to ensure that transfers outside the European Economic Area are adequately protected as required by applicable law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to receive more information about data transfers and the safeguards that we apply to them, please contact us at the e-mail address provided in the beginning of this Privacy Policy.

6. RETENTION OF PERSONAL DATA

We process and retain your personal data for as long as necessary to achieve the specific purposes described in this Privacy Policy, including to comply with legal requirements applicable to us.

Most of your personal data will be retained until the end of the relevant contractual relationship. Certain personal data may be retained after the end of the contractual relationship if required or permitted by applicable law. For example, we retain the accounting source documents (e.g., copies of invoices) for 7 years from the end of the relevant financial year when a business transaction was recorded, as required by applicable law.

In some cases, personal data may be retained for a longer period if storage of personal data is required in order to protect our or any third parties’ legitimate interests, e.g. in case of a legal dispute.

We will delete or anonymise your personal data when processing is no longer necessary for intended purposes.

7. SECURITY MEASURES

We use reasonable security measures (including physical, electronic and administrative) to protect your personal data from loss, destruction, misuse and unauthorised access or disclosure. For example, we only grant access to your personal data to authorised employees and contractors who need it to perform their duties.

Please note that while we take reasonable steps to protect the security of your personal information, no system completely eliminates all potential security risks.

8. RIGHTS OF DATA SUBJECTS

Subject to the restrictions and conditions set out in law, you have the following rights as a data subject:

  • to request access to your personal data;
  • to request rectification, updates or corrections to your personal data;
  • to request erasure of your personal data; 
  • to request the porting of your data from us to another controller where the processing is based on your consent or the contract concluded with you;
  • to request restriction of processing of your personal data;
  • to object to the processing of your personal data, for example, when we process your personal data for marketing purposes, you always have the right to object to such processing;
  • to withdraw your consent where the processing is based on your consent. If you wish to unsubscribe from our marketing e-mails, you can click “unsubscribe” at the bottom of the e-mail.

If you wish to exercise your rights, please contact us at [email protected].

Please note that all of these rights are not absolute. For example, if you request the deletion of your identification data, you may lose the right to access our Services. 

If you think there is a problem with the way we are handling your personal data, you have a right to lodge a complaint to your national data protection authority in the EU/EEA, or seek judicial remedy. In Estonia, the competent supervisory authority is the Estonian Data Protection Inspectorate. You can find contact details of the Estonian Data Protection Inspectorate here: www.aki.ee. However, we encourage you to first contact us with any concerns that you may have, although you have no obligation to do so.

9. UPDATES

From time to time, we may update this Privacy Policy unilaterally. In such a case, we will notify you via the e-mail address that you have provided us. This Privacy Policy was last updated on the date shown above.