Privacy Policy

Last updated: 24 March 2026 — Version 1.0

Data Controller

Delvaris OÜ (reg. no. 17464650, VAT: EE102967232), Tiskrevälja tn 59, 13516 Tallinn, Estonia ("we," "us," "our") is the data controller responsible for your personal data. We operate the website flexireo.com and the Flexireo application. We have not appointed a Data Protection Officer as our core activities do not require one under GDPR Art. 37. For data protection inquiries, please contact Marek Stark at privacy@flexireo.com.

This privacy policy explains how we collect, use, store, and share your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We are committed to protecting your privacy and being transparent about our data practices.

What Data Do We Collect?

We do not collect sensitive personal data (special category data). We collect the following personal data:

  • Name
  • Email address
  • Company name
  • Message content (via contact form)
  • IP address

How Do We Collect the Data?

We collect your data in the following ways:

  • Through the contact form on our website (flexireo.com), where you provide your name, email, company, and message.
  • Through cookies placed on your device. Non-essential cookies (analytics, marketing, and preference cookies) are only placed after you have given explicit consent through our cookie banner. You can manage or withdraw your cookie preferences at any time through the "Cookie Settings" link in the website footer or via your browser settings.

Legal Basis for Processing

We process your personal data only when we have a valid legal basis under GDPR Art. 6:

  • Responding to your inquiries via the contact form — Art. 6(1)(b) (pre-contractual measures at your request).
  • Sending marketing communications — Art. 6(1)(a) (your consent). You may withdraw consent at any time.
  • Website analytics via Google Analytics — Art. 6(1)(a) (your consent via the cookie banner).
  • Necessary cookies for website functionality — Art. 6(1)(f) (our legitimate interest in providing a functioning website).

Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, modification, distribution, or destruction. Contact form submissions are stored with hashed IP addresses for privacy. Only authorized personnel have access to your data.

How Do We Use the Data?

  • Respond to your inquiries submitted via the contact form.
  • Provide relevant information about our services.
  • Improve website functionality and analyze traffic patterns through Google Analytics.
  • Send marketing communications (only with your explicit consent).

Sharing of Personal Data

We share personal data with Google Analytics for analytical purposes. We have a data processing agreement (DPA) with Google to ensure data protection. We do not share your data with other third parties beyond what is necessary to fulfill the purposes described in this policy. A current list of our data processors is available upon request at privacy@flexireo.com.

ProcessorPurposeCountryData ProcessedTransfer MechanismDPA
Google LLCWebsite analytics and traffic measurementUnited StatesIP address (anonymized), Usage data, Device informationEU-US Data Privacy Framework✓ Signed
Vercel Inc.Website hosting and content deliveryUnited StatesIP address, Request logsSCCs✓ Signed
Supabase Inc.Database hosting and backend servicesUnited StatesName, Email address, Form submissionsSCCs✓ Signed
Cloudflare Inc.DNS, CDN, and security servicesUnited StatesIP address, Request metadataEU-US Data Privacy Framework✓ Signed
SMTP2GOTransactional email deliveryNew ZealandEmail address, Name, Email contentNZ adequacy decision✓ Signed
Google LLC (Workspace)Business email and communicationUnited StatesEmail address, Name, Email contentEU-US Data Privacy Framework✓ Signed

International Data Transfers

Google Analytics data may be transferred to the United States. Google LLC participates in the EU-US Data Privacy Framework, which has been granted an adequacy decision by the European Commission (July 2023). Where the Data Privacy Framework does not apply, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary measures where necessary. You may request a copy of the safeguards in place by contacting us at privacy@flexireo.com.

How Long Do We Store Your Data?

We retain your personal data for up to 24 months from the date of collection, or until you request its deletion, whichever comes first. Contact form submissions are retained for the same period to enable us to follow up on inquiries.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — You may request a copy of the personal data we hold about you (Art. 15).
  • Right to rectification — You may request correction of inaccurate or incomplete data (Art. 16).
  • Right to erasure — You may request deletion of your personal data (Art. 17).
  • Right to restriction of processing — You may request that we restrict how we process your data (Art. 18).
  • Right to data portability — You may request your data in a structured, commonly used, and machine-readable format (Art. 20).
  • Right to object — You may object to processing based on our legitimate interests (Art. 21).
  • Right to withdraw consent — You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).

To exercise any of these rights, please contact us at privacy@flexireo.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Delvaris OÜ is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee). You may also lodge a complaint with the supervisory authority in your country of habitual residence or place of work.

Cookies

Our website uses cookies. Non-essential cookies are only placed after you have given explicit consent through our cookie banner. You can manage your preferences at any time via the "Cookie Settings" link in the footer. We use the following categories of cookies:

  • Necessary cookies — Essential for the website to function. Always active, no consent required.
  • Analytics cookies — Help us understand how visitors interact with the website (e.g., Google Analytics). Placed only with your consent.
  • Marketing cookies — Used to show relevant advertisements and measure campaign effectiveness. Placed only with your consent.
  • Preference cookies — Remember your settings and preferences for future visits. Placed only with your consent.

Necessary cookies

CookieProviderPurposeDurationType
cookie_consentSelfStores your cookie consent preferences.Persistent1st party
cf_clearanceCloudflareVerifies that a visitor has passed a Cloudflare security challenge.30 minutes3rd party
__cf_bmCloudflareBot management cookie used to distinguish humans from bots.30 minutes3rd party

Analytics cookies

CookieProviderPurposeDurationType
_gaGoogle AnalyticsDistinguishes unique users by assigning a randomly generated number as a client identifier.2 years3rd party
_ga_<MEASUREMENT_ID>Google AnalyticsUsed by Google Analytics to persist session state.2 years3rd party
_gidGoogle AnalyticsDistinguishes users for analytics within a 24-hour period.24 hours3rd party
_gatGoogle AnalyticsThrottles request rate to limit data collection on high traffic sites.1 minute3rd party

Automated Decision-Making

We do not engage in automated decision-making or profiling as defined under GDPR Art. 22.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate within 72 hours (Art. 33). Where the breach poses a high risk, we will also notify you without undue delay (Art. 34).

Contact Information

If you have any questions regarding this privacy policy, please contact Marek Stark at privacy@flexireo.com.

Updates to This Privacy Policy

We may update this privacy policy from time to time. If we make material changes, we will inform you via email or a prominent notification on our website before the changes take effect.