Data Protection policy


  1. Introduction
  1. While using (hereinafter – website), belongs to company ZESTYLAWYER S.à.r.l-S (hereinafter – Company), and sending data via website, you (hereinafter – User) confirm that you have read this Data Protection Policy (hereinafter – Policy) and agree for your personal data processing in accordance with Policy.
  2. Policy sets methods of work with personal data which were collected by the Company while using Website´s. While using the Website User agrees for his personal data processing in accordance with Policy and affirms that. In case when the User does not agree with the Policy partially or fully, he must stop using the Website. All data collected before above-mentioned refusal will be processed in accordance with Policy until the direct User prohibition is received.


  • Definitions


      1. Company – legal entity, which has following data:
        1. company name: ZESTYLAWYER S.à.r.l-S;
        2. registration country: Luxembourg;
        3. registration number: B243718;
        4. address: 6A Avenue des Hauts-Fourneaux L- 4632 Esch-sur-Alzette Luxembourg;
        5. email: [email protected]



      1. Personal data – means any information relating to an identified or identifiable natural person;
        1. an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
      2. User – natural or legal entity using the Website.
      3. Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;


  • Personal data and processing methods


      1. Company collects personal data in next cases:
        1. when filling out and submitting forms on the Company’s website;
        2. when the User uses the functionality of the Company’s website.
      2. Company processes inter alia next personal data: 
        1. identification data (name, surname, personal code, sex, birth date, photo etc.);
        2. contact details (phone number, e-mail, address and delivery address);
        3. IP address and cookies;
        4. other data required to use the functionality of the website.


  • Targets and legal basis for personal data processing


      1. Company processes data in accordance with next targets and legal grounds:
        1. to enable the use of the functionality of the Company’s website;
        2. to provide the User with information related to the services used;
        3. to provide the User access to the functionality of the Company’s website.
        4. to send and display advertisements to the User that are relevant (in the Company’s opinion);
        5. to send commercial offers from the Company;
        6. for the justified interest of the Company, for the purpose of fulfilling a contract, including for establishing violations of the contract or legislation, as well as to confirm such violations. In such case, the Company has a legitimate interest in protecting its rights;
        7. to collect statistical or technical non-personalized data about the use of the Company’s website;
        8. in order to comply with legal requirements.
      2. Company can also process data in certain case of necessity to protect interests of the Company and Third Parties only if above-mentioned interests do not outweigh User interests in protecting his/her fundamental rights and freedoms.
      3. If personal data processing is carrying out in accordance with justified Company interests, User has a right to submit objections to such processes.


  • Personal data transfer to data Processor


      1. Company has a right to use data processors for data processing without User permission. Company is convinced of Processor’s reliability and responsible to the User for their activities.
      2. Company use next data Processors:
        1. server rental and cloud services providers;
        2. agents, translators, lawyers and other persons through whom the Company provides services.
      3. User has a right to receive information about data processors responsible for his/her personal data processing.


  • Personal data transfer to the third parties


      1. Company transfers User’s personal data to the third parties only in certain cases like:
        1. its necessity follows from the Law;
        2. it is necessary to execute the agreements between Company and User;
        3. Company has a justified interest;
        4. User gave a permission for data transfer.
      2. Company transfers User’s personal data to the next persons/parties:
        1. to public authorities on the grounds provided by Law;
        2. to auditors, lawyers and other similar persons.


  • Personal data transfer to the third Country


      1. Company transfers personal data to the third countries (countries not included in EEC) only in cases when it is provided on the grounds of Law. In case when recipient country can’t provide required personal data protection measures, Company provide personal data on the condition that required personal data protection measures will be applied for data in accordance with Estonian and EU legal acts.


  • Personal data storage


      1. Company stores User’s personal data while it is necessary to process data, to protect Company interests or on the grounds provided by legal acts requirements;
      2. Depending on the type of personal data, the Company store data for the following time:
        1. for accounting documents: 7 years from the end of the fiscal year in accordance with the Law;
        2. within the period set by law;
        3. in other cases: 10 years after agreements termination (including User Agreement) between User and Company.


  • Security


      1. Company takes organizing, physical and measures IT solutions to provide personal data security.
      2. Company is not responsible for the User personal data protection measures violations if such violations caused by actions performed by User or third persons.


  • User’s rights and obligations


      1. In accordance with relevant legal acts (primarily – GDPR) user has a right to perform next rights for personal data processing:
        1. request an access to his/her own personal data;
        2. request changes in his/her own personal data;
        3. request removing his/her own personal data;
        4. request portability of his/her own personal data
        5. submit objections to his/her own personal data processing on any grounds.
      2. To perform his/her rights User must contact Company using contact details specified in c. 2.1 of the Policy.
      3. Company has a right to request additional information for User’s identification.
      4. Company reply on User’s requests and requirements in 1 month period and notify about measures took to perform provided requests and requirements. If User’s request or requirement is too complicated or has a large volume Company has a right to prolong the period for reply up to 2 months. If Company did not take any measures to perform User’s request or requirement User is notified about this and he still has a right to ask Data Protection Inspectorate or court to protect his/her rights.
      5. If the requests or requirements of the User are obviously not justified or excessive, primarily due to their repetitive nature, the Company has the right:
        1. require a reasonable fee for performing requests or requirements;
        2. refuse performing requests or requirements.
      6. User has a right to request personal data removal only if one of the following reasons is present:
        1. personal data is not useful anymore for the purpose for which it was collected or was processed using another method;
        2. User revokes his/her agreement for personal data processing and there are no other legal grounds for User’s personal data processing;
        3. User submit objection to personal data processing and this objection has adequate basis to stop personal data processing;
        4. User’s personal data was processed illegally;
        5. personal data must be removed to perform Company obligations on the grounds provided by Law; 
        6. in case when personal data of person under the age of 13 the agreement for which processing was obtained previously.
      7. In case when User require removal of his/her personal data he/she must describe on which condition, specified in clause 9.6. of the Policy he/she requires personal data removal. Company is not obligated to remove personal data if there are no grounds for it or if personal data is required for the following reasons:
        1. exercise of freedom of speech and information;
        2. performing obligations on the grounds provided by Law;
        3. personal data is required for Company rights protection;
        4. Company has other following from the Law grounds for personal data processing.
      8. In case when personal data is processing by User’s agreement he/she always has a right to revoke his agreement. If User revoke his/her agreement for personal data processing all the data processing performed before revoke considers to be legitimate and lawful.
      9. User must notify Company about changes in his/her contact details to keep them up to date.
      10. In case of User rights violation User has a right to ask Personal Data Protection Inspectorate or court to protect his/her rights.


  • Policy changing


    1. Policy can be changed to comply with changes in Law, personal processing or under instructions of supervisory authorities. In this case Company notifies User about by notification on Company´s website.