Privacy Policy

Lavii Marketing OÜ’s privacy policy

The controller of personal data is Lavii Marketing OÜ, (address Telliskivi 60a/3, Tallinn, Harju County, reg. code: 11689683) (hereinafter also We, Us, Our).

Privacy notice:

I Our role in ensuring your privacy

We process personal data in accordance with the laws of Estonia and the European Union. We use the data for the purposes for which We collected it and to the extent necessary to fulfil those purposes. If the purpose is fulfilled, We will delete or anonymise the personal data.

This privacy notice provides information and guidance on using the Lavii website. This privacy notice does not cover the processing of data on other companies’ websites or services.

You can always contact Us by writing to

II When and how do We receive or collect your personal data?

Personal data (also referred to as data) is data that is specifically or implicitly associated with you as a private person.The type of personal data We process depends on the specific services you use or, for example, the consents you give Us to process your data. When collecting data, We respect the principle of minimalism, i.e. We only collect data that is necessary to achieve the objective.

The personal data We process is either obtained directly from you or collected automatically, mainly in the following ways:

III. What data do We collect and process about you?

We collect and process the following data about you (the following are primary examples; the list is not exhaustive):

We do not collect sensitive, or special categories of personal data unless you disclose it to Us or give Us your specific and separate consent. Special categories of personal data are racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data, biometric data used to uniquely identify a natural person, health data or data concerning the sexual life and sexual orientation of a private person.

IV On what grounds and for what purposes do We process your personal data?

Any processing of personal data must be justified and lawful. Personal data may be processed on various legal grounds: performance of a legal obligation, performance of a contract, legitimate interest of the company, your consent. Personal data may also be processed for different purposes.

The following are some of the legal grounds and purposes for which We process your data (the following are primary examples; the list is not exhaustive):

Legal basis:  consent given by you   

Legal basis:  legitimate interest

Legal basis:  performance of the contract

Legal basis:  performance of the contract

These legal bases mean:


You have given Us your explicit consent to process your personal data for a specific purpose. You can always change your mind and withdraw your consent at any time. If you have given your consent to the processing of your data and wish to withdraw it, you can do so by sending an email to Neither the request nor the withdrawal of consent shall have retroactive effect.

When sending marketing emails or newsletters, there is usually a link at the bottom of the email to conveniently unsubscribe.

If you withdraw your consent and We have no other legal basis for processing your personal data, We will stop processing your personal data. If We have any other legal basis for processing the data, We may continue to do so for the relevant purpose.

Legitimate interest

The processing of your data is necessary for Our legitimate interests or the legitimate interests of a third party, provided that your rights and interests do not override those interests.  Such legitimate interests may include:

You can contact Us at any time to ask for clarification or to object to the processing for any of the above purposes. Processing for marketing purposes on the basis of legitimate interest can always be challenged on request. In other cases, you can object to processing where your interests clearly outweigh the interests of Our business. 

Performance of the contract

The processing of personal data for the performance of a contract is necessary to enable the performance of the contract concluded with you or to carry out operations necessary before the conclusion of the contract.

Legal obligation

Legal obligations include data processing that We are obliged to carry out because We are required to do so by law. If the processing is necessary for compliance with a legal obligation, We cannot decide on the processing of such personal data and neither can you.

V How long do We keep your personal data?

We will retain your personal data for the period necessary for the fulfilment of the required purposes or for as long as required by law. It should be noted that in certain cases there are exceptions to the normal deletion deadlines, for example if there are debts or if there is an ongoing legal dispute. The retention of anonymous data is also not subject to these rules, as it is no longer personal data.

The retention period after which the personal data in Our possession will be deleted or anonymised, unless there are circumstances that preclude this (this is not an exhaustive list and you can get more information by contacting Us):

VI Where is personal data processed and how is its security ensured?

We process and store your personal data in Estonia, the European Union or the European Economic Area. In certain cases, your data may also be processed outside Estonia, the EU or the EU Economic Area.


VII Third parties who may process your personal data

Nowadays, it is common for third parties to be used to help a company simplify its operations and/or provide a better service (e.g. host an application, communicate with customers, collect statistics, etc.). For this reason, cooperation is established with third parties with whom it is sometimes necessary to share personal data.

Below is information about the main third parties We use:

VIII What are your rights regarding your personal data and how can you exercise your rights?

You have the right to access your personal data that We have stored at any time. You also have the right to receive information about the purposes and retention periods of the data processing. To do this, you need to submit a request to Us. We have the right to respond to such requests within 30 days.

If you have accessed your personal data and have discovered incorrect information or your personal data has changed, you can always ask Us to change it by contacting Us.

In certain cases, you have the right to have your personal data deleted. This is in particular the case for data processing based on consent and legitimate interest. This includes, for example, marketing profiles and the like. However, complete deletion of personal data is often not possible because We also use the data for other purposes for which early deletion is not permitted by contract or law.

You have the right to object, at any time, to the processing of personal data concerning you that We carry out on the basis of legitimate interest. In the case of an objection, We will consider the legal interests and, where possible, stop the respective processing.

In certain cases, you have the possibility to restrict the processing of personal data by informing Us in writing. This right can only be exercised in cases provided for by law.

The right to transfer data gives you additional control over your personal data. This means, for certain data, the right to receive it in machine-readable form or to have it transferred directly to another company/individual (provided that the recipient is able to receive it in that form). Please note that We cannot guarantee and are not responsible for the recipient’s ability to receive such personal data. This right can be exercised in the cases provided for by law.

If you would like further information about the use of your personal data, wish to lodge a complaint or exercise your rights, you can always contact Us by writing to

You always have the right to turn to the Data Protection Inspectorate or the court to protect your privacy rights and data. The Data Protection Inspectorate (DPI) is the national authority you can turn to for advice or assistance on personal data protection.