Privacy Policy
Last updated: March 2025 · Baltum Buroo OÜ
Baltum Buroo OÜ (“we”, “our”, “us”) is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU legislation. This Privacy Policy explains what information we collect, how we use it, and what rights you have.
1. Data Controller
The data controller responsible for your personal data is:
2. What Data We Collect
We may collect and process the following categories of personal data:
- Contact details: name, email address, phone number
- Usage data: pages visited, time spent, browser type, IP address
- Communication records: messages submitted via our contact form
- Technical data: cookies and similar tracking technologies (see Cookie section)
3. Legal Basis for Processing
We process your personal data on the following legal grounds:
- Contract performance – when processing is necessary to fulfil a service you have requested
- Legitimate interests – to improve our services, ensure security, and prevent fraud
- Consent – where you have given explicit consent (e.g., marketing communications)
- Legal obligation – where we are required by EU or Estonian law
4. Data Storage & Security
All personal data is stored exclusively on servers located within the European Union. We implement technical and organisational security measures aligned with ISO/IEC 27001 — the international standard for information security management — to protect your data against unauthorised access, alteration, disclosure, or destruction.
Our information security practices include access controls, encryption in transit and at rest, regular risk assessments, and incident response procedures consistent with ISO 27001 requirements and GDPR Article 32.
We do not transfer, sell, or disclose your personal data to third parties, except where strictly required by law or with your explicit consent.
5. Cookies
We use essential cookies necessary for the operation of our website. Analytics or marketing cookies are only placed with your prior consent. You may withdraw consent at any time by adjusting your browser settings.
6. Your Rights Under GDPR
As a data subject, you have the right to:
- Access the personal data we hold about you
- Request rectification of inaccurate data
- Request erasure (“right to be forgotten”)
- Object to or restrict processing
- Data portability
- Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Once no longer needed, data is securely deleted or anonymised.
8. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page indicates when the policy was last revised. Continued use of our services after any changes constitutes acceptance of the updated policy.
9. Contact the Data Controller
To exercise your GDPR rights or raise a data protection concern, contact us at:
Terms of Service
Last updated: March 2025 · Baltum Buroo OÜ
These Terms of Service (“Terms”) govern your access to and use of services provided by Baltum Buroo OÜ. By using our services, you agree to be bound by these Terms. If you do not agree, please discontinue use immediately.
1. About Us
2. Services
Baltum Buroo OÜ provides professional services as described on our website and in individual service agreements. The exact scope, deliverables, timelines, and fees are specified in the relevant agreement or order confirmation.
3. Eligibility
By using our services, you confirm that you are at least 18 years of age and have the legal capacity to enter into binding agreements under applicable law.
4. User Obligations
You agree to:
- Provide accurate and complete information when requested
- Use our services only for lawful purposes
- Not attempt to interfere with the security or integrity of our systems
- Not reproduce, resell, or redistribute our services without prior written consent
5. Payments & Fees
Fees for our services are specified in individual agreements. Unless otherwise agreed, invoices are due within 14 calendar days of issuance. Late payments may incur interest as permitted by Estonian law.
6. Intellectual Property
All intellectual property rights in materials produced by Baltum Buroo OÜ remain our property until full payment is received, after which rights are transferred as specified in the relevant agreement. You may not use our brand, logo, or content without prior written permission.
7. Limitation of Liability
To the fullest extent permitted by law, Baltum Buroo OÜ shall not be liable for indirect, incidental, or consequential damages arising from your use of our services. Our total liability shall not exceed the amounts paid by you for the relevant service in the three months preceding the claim.
8. Data & Privacy
Your use of our services is also governed by our Privacy Policy. All data is stored on EU-based servers and is never shared with third parties except as required by law. Our information security management is aligned with ISO/IEC 27001, ensuring robust protection of all data we process on your behalf.
9. Governing Law & Disputes
These Terms are governed by the laws of the Republic of Estonia and applicable EU regulations. Any disputes shall be resolved in the courts of Estonia. You also have the right to seek resolution through the EU Online Dispute Resolution platform (ec.europa.eu/odr).
10. Amendments
We reserve the right to modify these Terms at any time. Updated Terms will be posted on our website with a revised date. Continued use of our services after publication of changes constitutes your acceptance.
11. Contact
For any questions regarding these Terms, please contact us.
Contact Us
We're happy to help with any questions about SM Auditor
For support requests, general enquiries, or any questions about SM Auditor — reach out to us directly. We typically respond within one business day.