Privacy Policy

Last updated: 10/04/2026

Dumont OÜ respects your privacy and processes personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Estonian legislation. This privacy policy explains what data we collect, how we use it, how long we retain it, and what your rights are. Data protection terms must be presented in a clear and understandable manner and must include, among other things, the purposes of processing, the legal basis, the retention period, possible recipients, and the rights of the data subject.

1. Controller

Dumont OÜ
Address: Ülejõe tee 2b, Keila, Harju County
Email: info@dumont.ee

If you have any questions regarding the processing of personal data or wish to exercise your data protection rights, please contact us by email.

2. What personal data do we collect

We may collect the following data:

  • First and last name;
  • email address;
  • Telephone number;
  • Company name and other details that you provide to us during your query or communication;
  • information conveyed about an object, service or project;
  • correspondence and the content of inquiries;
  • Technical data on website usage, such as IP address, browser type, device technical information, and time of visit.

When using the website, technical data such as IP address, browser and operating system version, and time of visit may be collected to ensure the functioning, security, and development of the website.

3. How do we obtain data

We obtain personal data primarily directly from you, for example, when:

  • Send us an email;
  • you fill in the contact form on the website;
  • contact us or get in touch with us in any other way;
  • You are using our website.

When data is collected directly from an individual, they must be provided with clear information regarding, but not limited to, the purpose of data use, the legal basis, the retention period, and their rights.

4. Purposes and legal bases for processing personal data

We process personal data to achieve the following purposes:

Responding to queries and communicating with the customer
We process data to respond to enquires, generate quotes, arrange meetings and communicate with prospective or existing clients.

Provision of services and fulfilment of contract
If you order a service from us, we will process data for the preparation, conclusion, execution and aftercare of the contract.

Fulfilling statutory obligations
In certain cases, we need to process data to fulfil accounting, tax or other statutory obligations.

Website operation, security and development
We can process technical data to ensure website reliability, reduce security risks, resolve errors, and develop the website.

Legitimate interest
Where necessary, we process data on the basis of our legitimate interest, for example, to improve the quality of services, manage enquiries, protect claims or ensure IT security.

Consent
If we use non-essential cookies or send marketing messages, we will only do so with your consent, unless otherwise provided by law. The processing of personal data must always have a legal basis, such as the performance of a contract, compliance with a legal obligation, legitimate interest, or consent. Consent must be informed, voluntary, and it must be possible to withdraw it as easily as it was given.

5. Biscuits

Our website may use cookies and similar technologies.

Essential cookies may be used to ensure the main functions, security and technical operation of the website.

Analytical, preference or other non-essential cookies We can only install them if you have given your consent. If such cookies are used, the website visitor must be able to obtain information about the duration of the cookies, possible access by third parties, and the withdrawal of consent. Withdrawing consent must be as easy as giving it.

If you wish, you can manage cookie usage through your browser settings or via the cookie consent displayed on the website.

6. To whom can we transfer data

We may transfer personal data only to the extent necessary for the provision of the service or for the fulfilment of obligations arising from legislation. Data recipients may include, for example:

  • Web hosting and IT service providers;
  • email service providers;
  • Providers of accounting or legal advisory services;
  • partners or subcontractors, as may be necessary for the performance of a specific task;
  • public authorities or supervisory authorities if the disclosure of data is required by law.

We do not sell your personal data to third parties. The data protection terms must clearly state who may receive a person's data, and whether data will be transferred outside the European Union.

If any of our service providers are located outside the European Economic Area, we use appropriate safeguards when transferring data or avoid such transfers if there is no adequate basis for doing so.

7. How long do we store data

Personal data will only be retained for as long as necessary to fulfil the purpose of collection or to comply with legal obligations.

As a general rule, we proceed from the following principles:

  • We retain data from queries and contact forms for as long as necessary to respond to the query and continue communication, generally for up to 24 months from the last contact.;
  • We retain data relating to contracts, invoices and other accounting documents for the period required by law.;
  • We retain technical logs and security-related data for as long as is reasonably necessary for system protection, troubleshooting, or the safeguarding of legitimate interests.;
  • We retain data collected on the basis of consent until consent is withdrawn or the purpose ceases to be relevant.

Under GDPR, individuals must also be informed about how long their data will be stored or on what criteria the storage period will be determined.

8. Your rights

You have the following rights concerning the processing of personal data:

  • Get information about the processing of your data;
  • request access to your personal data;
  • to demand the correction of inaccurate or incomplete data;
  • request data deletion where there is a legal basis;
  • to request the restriction of processing of personal data;
  • object to data processing;
  • provide your data in a structured format, where applicable;
  • withdraw consent where processing is based on consent;
  • a complaint lodged with the Data Protection Inspectorate.

Among other things, GDPR gives people the right to be informed, to access their data, to rectify inaccurate data, to request erasure, to restrict processing, to data portability, and to object. Individuals also have the right to lodge a complaint with a supervisory authority for data protection.

If you wish to exercise any of your rights, please write to us at info@dumont.ee. We will respond to your request within a reasonable time and, if necessary, ask for additional information to identify you.

9. Data security

We implement reasonable technical and organisational security measures to protect personal data from unauthorised access, disclosure, alteration or destruction. Access to data is limited to those individuals who require it to perform their job duties.

10. Automated decision-making and profiling

We do not make automated decisions based on your personal data alone, nor do we use profiling in a way that would have significant legal or similarly significant consequences for you.

11. Changes to the Privacy Policy

We may update this privacy policy from time to time to comply with legislation, our website's functionality or the development of our services. The updated version will be published on our website along with the date of last update.

12. Contact

If you have questions about this privacy policy or wish to exercise your rights, please contact us:

Dumont OÜ
Email: info@dumont.ee