Privacy & Cookie Policy
Last updated: 2026-04-22
This policy describes how personal data is processed when you visit toolspole.com or interact with us through this website. It applies the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act (IKS), and the ePrivacy rules set out in §103¹ of the Estonian Electronic Communications Act. For the company's registration details see the Legal Information page.
1. Data Controller
The controller for personal data processed through this website is ToolsPole OÜ, a company registered in the Republic of Estonia under registry code 14909004, with registered office at Saani tn 2/2-26, 10149, Tallinn, Estonia.
For any question or request related to this policy, write to info@toolspole.com. We respond within one month as required by Article 12(3) GDPR.
2. What data we process and why
We process personal data only for well-defined purposes and always under a specific legal basis permitted by the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and by the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).
2.1 Contact form
When you submit the contact form, your browser opens your local e-mail client pre-populated with the fields you filled in (name, e-mail address, company, subject, message). The message is then delivered to the ToolsPole mailbox. Once received, we process these fields to respond to your enquiry.
Data: name, e-mail address, company name, subject, free-text message. Retention: up to 24 months from the last interaction, unless a longer period is necessary for a contractual or legal reason.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps) and Art. 6(1)(f) GDPR (legitimate interest in replying to business enquiries).
2.2 Server and CDN logs
Our hosting provider (see section 4) automatically records technical information about each page request in order to deliver the site, protect it against abuse, and diagnose errors.
Data: IP address, user-agent string, URL requested, HTTP status, referer, timestamp. Retention: as set by the hosting provider (typically 7–30 days for raw logs).
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in site security, availability, and fraud prevention.
2.3 Cookies and similar technologies
See section 6 below for the full cookie notice. In short, we set no analytics, marketing, or profiling cookies. The only cookies associated with this site are set by our CDN (Cloudflare) for bot protection, and they qualify as strictly necessary under Article 5(3) of the ePrivacy Directive (implemented in Estonia by §103¹ of the Electronic Communications Act / Elektroonilise side seadus).
3. Automated decisions and profiling
We do not perform any automated decision-making or profiling within the meaning of Article 22 GDPR.
4. Recipients and data processors
We share personal data only with service providers necessary to operate the website and our business correspondence. These providers act as processors under Article 28 GDPR and are bound by appropriate contractual safeguards.
- Cloudflare, Inc. — hosting, CDN, and edge security for toolspole.com.
- E-mail provider — the service hosting the
info@toolspole.commailbox.
We do not sell personal data, and we do not share it with third parties for marketing or profiling purposes.
5. Transfers outside the European Economic Area
Cloudflare, Inc. is headquartered in the United States. Personal data processed in the course of delivering the site may therefore be transferred to servers outside the European Economic Area. Such transfers are safeguarded by:
- Cloudflare's certification under the EU-US Data Privacy Framework, and
- Standard Contractual Clauses adopted by the European Commission under Article 46(2)(c) GDPR.
A copy of the safeguards is available on request at info@toolspole.com.
7. Your rights
As a data subject you can exercise the following rights at any time by writing to info@toolspole.com:
- Access — obtain a copy of the personal data we hold about you (Art. 15).
- Rectification — ask us to correct inaccurate data (Art. 16).
- Erasure — ask us to delete your data when the conditions of Art. 17 apply.
- Restriction — limit how we use your data while an objection or correction request is pending (Art. 18).
- Portability — receive your data in a structured, machine-readable format (Art. 20).
- Objection — object to processing based on legitimate interest (Art. 21).
- Withdraw consent — where processing is based on consent, withdraw it at any time (Art. 7(3)); withdrawal does not affect prior lawful processing.
We respond within one month of receiving your request. The period may be extended by two further months for complex or numerous requests (Art. 12(3) GDPR), in which case we will inform you within the first month.
8. Right to lodge a complaint
If you believe our processing of your personal data infringes the GDPR, you have the right under Article 77 GDPR to lodge a complaint with the Estonian supervisory authority:
- Andmekaitse Inspektsioon (AKI) (Estonian Data Protection Inspectorate)
- Tatari 39, 10134 Tallinn, Estonia
- info@aki.ee
- https://www.aki.ee/en
You may also lodge a complaint with the supervisory authority of your own EU country of residence.
9. Security measures
We apply technical and organisational measures proportionate to the risks, as required by Article 32 GDPR and §28 IKS. These include TLS encryption in transit, access control on company mailboxes, vendor selection favouring providers with audited security programmes, and least-privilege practices for our internal tooling.
10. Changes to this policy
We may update this policy when our processing activities change, when new legal requirements apply, or when we add new technologies to the site. Substantive changes are highlighted on this page and dated at the top. We recommend reviewing this page periodically.