Privacy Policy

Introduction

At TeamRoom, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website or use our services. We respect the principle of data minimisation – we do not collect or process personal data that is not necessary for providing our services or communicating with you. We process your data in accordance with the applicable laws of the European Union and the Republic of Estonia.

Information We Collect

Purposes and Legal Bases for Processing Personal Data

We use the collected data for the following purposes and on the following legal bases:

• Providing and managing training services: To process course registrations and payments and to fulfil our contract with you. Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
• Communicating with clients: To communicate with you about courses, schedules, and updates, and to respond to inquiries and customer service requests. Legal basis: Performance of a contract or our legitimate interest in providing high-quality service (GDPR Art. 6(1)(b) or 6(1)(f)).
• Marketing: To send newsletters and marketing materials. Legal basis: Your consent (GDPR Art. 6(1)(a)).
• Ensuring safety: To ensure safety and security during training sessions. Legal basis: Our legitimate interest and legal obligation to ensure the safety of participants (GDPR Art. 6(1)(f) and 6(1)(c)).
• Fulfilling legal obligations: For example, to comply with accounting requirements. Legal basis: Compliance with a legal obligation (GDPR Art. 6(1)(c)).

Sharing and Transfer of Data to Third Parties

We do not sell, trade, or rent your personal data to third parties. We may share your data only in the following cases:

• Legal Obligation: We will disclose data when necessary to comply with legal obligations or in response to lawful requests from public authorities (e.g., the police).
• Consent: We will share your data with third parties with your explicit consent.
• Emergency: In the event of an incident during training, we will contact the emergency contact person you have provided.

Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include data encryption, regular security audits, and access controls.

Data Retention

We retain your personal data only for as long as necessary to achieve the purposes described in this policy or as required by law.

• Course registration and payment data: 7 years, in accordance with the Estonian Accounting Act.
• Contact form inquiries: Up to 3 years for customer relationship management.
• Newsletter subscribers: Until consent is withdrawn (you unsubscribe).
• Health data: Only for the duration of the training, after which it is securely deleted, unless there is a legal basis to retain it longer.

Your Rights Regarding Personal Data

You have the following rights in relation to your personal data:

• Right of access: You have the right to know whether we are processing your personal data and what data we are processing.
• Right to rectification: You have the right to request the correction of inaccurate personal data.
• Right to erasure (right to be forgotten): You have the right to request the deletion of your data under certain conditions (e.g., if the data is no longer needed or you withdraw your consent)
• Right to restriction of processing: You have the right to request the restriction of the processing of your data in certain cases.
• Right to object: You have the right to object to the processing of your data that is based on our legitimate interest.
• Right to withdraw consent: If the processing of your data is based on your consent, you have the right to withdraw it at any time.
• Right to lodge a complaint: If you believe your rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (address: Tatari 39, 10134 Tallinn; email: info@aki.ee).

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve user experience, ensure website functionality, and gather statistics. We use:

• Essential cookies: Necessary for the basic functions of the website to work.
• Analytical cookies: Help us understand how visitors use the site.
• Preference cookies: Remember your choices and settings.

Third-Party Services

Our website may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these external services. We recommend reviewing their privacy policies.

International Data Transfers

As a rule, we do not transfer your personal data outside the European Union (EU) and the European Economic Area (EEA). Should this become necessary, we will ensure that the transfer complies with GDPR requirements and that adequate safeguards are in place.

Children's Privacy

Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal data from minors without parental or guardian consent. If you become aware that a child has provided us with personal data, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last updated" date.

Data Controller Details

The controller of your personal data is: