1. Data processed by Ophir Studio OÜ

The types of data that may be processed by Ophir Studio OÜ while the data subject navigates or interacts with the Website, or uses the contact forms available on the Website, include:

• personal identification data
• other personal information provided in the applicant's curriculum vitae
• email addresses and phone numbers
• data related to the services offered and necessary to identify the appropriate service to be performed
• cookies and similar technologies (see Cookie Policy)

We strongly advise users not to provide personal data that is not strictly necessary for the purposes listed below, such as information on political, religious or racial affiliation, or sexual orientation.

2. Purposes and legal bases for data processing

Your personal data is required to:

• allow you to access and navigate the Website
• enable you to use the services offered on the Website (e.g., newsletter, contact forms, etc.)

Your personal data is processed for the following purposes:

• to comply with legal obligations
• to manage the technical aspects of the Website
• to enable the use of services provided via the Website (e.g., job applications, newsletter, contact requests, etc.) as requested by you
• to send commercial communications regarding products and services offered by the Controller or third parties, including via automated means, where you have provided explicit consent, which can be revoked at any time
• to share or transfer your data to third parties for direct marketing purposes, with your explicit and revocable consent
• to analyze user behavior and consumption habits (with consent), in order to improve the quality of services and tailor commercial offerings of potential interest to users; aggregated tracking data regarding opens and clicks may be shared with third parties via cookie systems

Specific information notices will be progressively made available on this page for particular services, such as:

• contact requests (see specific notice below)
• newsletter subscriptions (see specific notice below)

Data submitted during registration procedures may be processed by Ophir Studio OÜ using automated tools. Additionally, Ophir Studio OÜ may process said data in aggregated form, in compliance with regulatory guidance from the Data Protection Authority and without requiring consent, for electronic analysis purposes (e.g., customer segmentation by service level, spending, etc.) to periodically monitor economic trends, guide industrial and commercial strategies, and improve services and marketing campaigns.

3. Mandatory or optional nature of data provision

Unless otherwise stated in the relevant information notices, providing your personal data for the purposes listed in Article 2 is mandatory, except for marketing, profiling, and newsletter services. Without your data, it may be impossible to navigate or access the services requested. The legal basis for such processing is compliance with legal obligations and execution of requested services (Art. 6(1)(b) and (c) GDPR).

Provision of data for marketing, profiling, and newsletter purposes is optional and based on your freely given consent (Art. 6(1)(a) GDPR). Refusal to provide consent will not affect your access to core Website services.

4. Data recipients

Your data may be communicated, within the EU, to:

• third-party entities and service providers (including consultants) used by the Controller to manage the Website and related services
• tax authorities and/or other public entities, when required by law

Further details are available in the relevant service-specific notices on the Website.

5. Data subject rights

You may exercise your rights under Articles 15 and following of the GDPR at any time: access; rectification; erasure; restriction of processing; data portability; objection.

If you do not receive a timely or adequate response, you may lodge a complaint with the Data Protection Authority.

6. Data retention

Except where otherwise required by law, data will be stored only for the time strictly necessary to achieve the purposes for which it was collected. Additional details may be provided in service-specific notices.

7. Data security

Data will be processed in accordance with Articles 5 and 32 of the GDPR, using appropriate technical and organizational measures to prevent unauthorized access, theft, loss, or unlawful modification.

8. Updates to this notice

The Controller reserves the right to amend this notice. Any changes will be communicated during your next visit to the Website.

Personal Data Protection Notice

Pursuant to Legislative Decree no. 196 of 30 June 2003, as amended (“Privacy Code”) and Regulation (EU) 2016/679 (“GDPR”), Ophir Studio OÜ, with registered office at Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 7-652, 10117, Estonia, ID: 17155824 (hereinafter, the “Controller” or the “Company”), informs you that your personal data will be processed to manage your request for information submitted via the “Contact Us” section.

You are free to describe your inquiry or request, but please refrain from including special categories of data as defined by the GDPR (e.g., data concerning your health, religious beliefs, etc.).

The legal basis for processing is the performance of a service pursuant to Article 6(1)(b) GDPR. Therefore, no explicit consent is required for handling your request.

Your data will be processed primarily with paper and/or electronic tools, under the authority of the Controller, by individuals who have been specifically authorized and trained (pursuant to Art. 2-quaterdecies of the Privacy Code and Articles 28 and 29 of the GDPR). Appropriate security measures will be adopted pursuant to Articles 5 and 32 of the GDPR to prevent data loss, unlawful use, or unauthorized access.

Your data may be communicated, within the EU and in compliance with the GDPR, to:

• tax authorities and/or other public entities if required by law
• entities and external companies used by the Controller to manage the “Contact Us” service and provide related technical or administrative support
• external consultants (e.g., for tax compliance), if not already designated as data processors in writing

Unless otherwise required by law, your data will be retained only for the time strictly necessary to respond to your inquiry.

The data controller is Ophir Studio OÜ, registered at Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 7-652, 10117, Estonia, ID: 17155824.

The updated list of designated data processors is available upon request.

The Data Protection Officer (as defined in Articles 37 et seq. of the GDPR) is the legal representative of Ophir Studio OÜ.

You may exercise your rights under Articles 15 and following of the GDPR at any time, including: access; rectification; erasure; restriction of processing; objection; data portability.

If you are not satisfied with the way in which we handle a complaint about the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.