Privacy Policy

Last updated: February 2026

1. Data Controller

The controller responsible for the processing of your personal data is:

If you have any questions about how we handle your personal data or wish to exercise your data protection rights, please contact us at the email address above.

2. Data We Collect

We collect and process the following categories of personal data:

  • Personal information you provide voluntarily — name, email address, company name, and project details submitted through our contact or get-started forms.
  • Technical data collected automatically — IP address, browser type, operating system, and device information.
  • Usage data gathered through analytics — pages visited, time spent on site, navigation paths, and referral sources.
  • Cookies — small text files stored on your device to support site functionality and anonymous analytics. See Section 9 for details.

3. How We Use Data

We use the personal data we collect for the following purposes:

  • Respond to inquiries and project requests submitted through our website.
  • Deliver services under active client engagements and manage ongoing projects.
  • Improve website performance, usability, and overall user experience.
  • Send project updates and service-related communications to active clients only.
  • Comply with applicable legal obligations, including tax and accounting requirements.

We do not use your personal data for unsolicited marketing. Only active clients receive project-related communications from us.

4. Legal Basis (GDPR Art. 6)

We process your personal data on the following legal grounds under Article 6 of the General Data Protection Regulation:

  • Consent (Art. 6(1)(a)) — when you voluntarily submit your information through our contact or get-started forms.
  • Contractual necessity (Art. 6(1)(b)) — when processing is required to deliver services to you under an active engagement or contract.
  • Legitimate interest (Art. 6(1)(f)) — for website improvement, analytics, and ensuring the security of our services, where such interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)) — when we are required to retain certain records for tax, accounting, or other regulatory purposes.

5. Data Sharing

We do not sell, rent, or trade your personal data to any third party. We may share data with the following categories of GDPR-compliant third-party processors, solely to the extent necessary to operate our services:

  • Hosting: Vercel — for website hosting and deployment infrastructure.
  • Analytics: privacy-focused analytics provider — for anonymous, aggregated website usage statistics.
  • Email: transactional email provider — for delivering form confirmations and client communications.
  • Payment processing: payment provider — for securely handling payments related to our services.

All third-party processors we work with are contractually bound to handle your data in accordance with GDPR requirements and our data protection standards.

6. International Transfers

Digital Nest OÜ is established in Estonia, a member state of the European Union. Your personal data is primarily processed within the EU/EEA.

In the event that personal data is transferred outside the European Economic Area, we ensure an adequate level of protection through one of the following mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions issued by the European Commission for the recipient country.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are as follows:

  • Contact form data: 24 months after the last interaction.
  • Client project data: duration of the engagement plus 36 months.
  • Analytics data: 26 months.
  • Financial records: as required by Estonian and EU law, typically 7 years.

Once the applicable retention period expires, personal data is securely deleted or anonymised.

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restriction of processing — request that we limit the processing of your data under certain circumstances.
  • Right to data portability — receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object — object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please email us at hello@digitalnest.solutions. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe your data protection rights have been violated.

9. Cookies

Our website uses a limited number of cookies to ensure proper functionality and to understand how visitors interact with our site:

  • Essential cookies — required for core site functionality such as navigation and security. These cannot be disabled.
  • Analytics cookies — used to collect anonymous, aggregated usage data to help us improve the website.

We do not use advertising or third-party tracking cookies. You can manage or delete cookies at any time through your browser settings. Please note that disabling essential cookies may affect your experience on our site.

10. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Encryption in transit — all data transmitted between your browser and our servers is protected using TLS/HTTPS.
  • Access controls and authentication — access to personal data is restricted to authorised personnel only.
  • Regular security reviews — we periodically assess our systems and practices to identify and address potential vulnerabilities.
  • Secure hosting infrastructure — our website is hosted on industry-leading platforms with built-in security protections.

11. Children's Privacy

Our services are directed at businesses and professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take prompt steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any changes will become effective immediately upon posting the revised policy on this page, with an updated “Last updated” date.

For material changes that significantly affect how we process your personal data, we will notify existing clients via email prior to the changes taking effect.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us: