Privacy Policy

Updated: 20.05.2025

Your privacy is important to us. This Privacy Policy explains how BF Eesti OÜ (hereinafter “Xfiner”, registry code 14877888, website xfiner.com) collects, uses, stores, and protects your personal data. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the laws of the Republic of Estonia.

1. Data Controller

BF Eesti OÜ
Email: wow@xfiner.com
Website: https://xfiner.com

2. Personal Data We Collect

We may process the following personal data:

• First and last name
• Email address
• Phone number (if needed)
• Company name and position (in B2B context)
• IP address, device information, and visit logs
• Messages or information you submit via contact forms or email

3. How We Collect Data

Your personal data reaches us when:

• You contact us via contact form, email, or other channels
• You subscribe to our newsletter
• You use our website
• You register to participate in a work process, project, or collaboration

4. Purpose and Legal Basis of Processing

We process personal data for the following purposes:

• Responding to your inquiries
• Sending newsletters and information with your consent
• Providing services and managing client relationships
• Complying with legal obligations (e.g., accounting)
• Marketing analysis and website usage statistics

Legal bases include:

• Consent (e.g., newsletter subscription)
• Contractual necessity (e.g., project cooperation)
• Legitimate interest (e.g., communication, analysis)
• Legal obligation (e.g., tax accounting)

5. Cookies

We use cookies to provide a better user experience. Cookies help us analyze traffic and save user preferences.

Types of cookies we use:

• Session cookies (temporary)
• Analytics cookies (_ga, _gid, _gat – Google Analytics)
• Preference cookies (e.g., language selection)

A cookie notice is displayed on your first visit to our site. You can disable cookies in your browser settings if you prefer.

6. Data Retention

We retain data:

• As long as necessary to fulfill the purpose of collection
• Up to 3 years after the end of client relationships
• 7 years for accounting documents, as required by law

Unnecessary, outdated, or inaccurate data is deleted without delay. We regularly review stored data.

7. Data Sharing and Processors

We do not sell or share your personal data with third parties except when:

• Necessary for service provision (e.g., hosting, email service, IT partners)
• Required by law (e.g., tax authority, supervisory bodies)

We work only with trusted partners under data processing agreements. Personal data is not transferred outside the European Economic Area unless adequate safeguards are in place.

8. Your Rights

You have the right to:

• Know what data we process about you
• Request correction or deletion of data
• Withdraw consent at any time
• Object to or restrict processing
• Request data portability
• File a complaint with the Estonian Data Protection Inspectorate (www.aki.ee)

All requests should be sent to wow@xfiner.com.

9. Data Security

We use technical and organizational security measures, including:

• Password-protected access
• Firewalls and encryption
• Restricted access to authorized staff only
• Regular backups and security management

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be announced on our website and, if necessary, via email.