Privacy Policy

1. Introduction

JerroPc Osaühing (“JerroPc”, “we”, “us”, or “our”), registered in Estonia with registry code 17484930, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our IT support services and visit our website.

We respect your privacy and are dedicated to ensuring that your personal data is handled with the highest standards of protection.

2. Data Controller

The data controller responsible for your personal data is:

For all data protection inquiries, please contact us directly at the email address above. While we do not currently have a dedicated Data Protection Officer (DPO), our management team handles all data protection requests with the utmost priority.

3. Data We Collect

We collect the following types of personal data to provide our services:

Contact Information

• Name
• Email address
• Phone number
• Company name

Service-related Information

• Technical issues
• Device information (e.g., operating system, model)
• System configurations
• Service history and interaction logs

Communication Data

• Records of correspondence (emails, chat logs, support tickets)

Payment Information

• Invoice details
• Payment records
• Billing address

Website Data

• Contact form submissions
• IP addresses
• Browser information
• Cookies (for website functionality and analytics)

Special Categories of Data

We do not intentionally collect sensitive personal data, such as health information, racial or ethnic origin, political opinions, religious beliefs, or biometric data. If such data is incidentally provided during IT support sessions, we will handle it with extra care and delete it as soon as it is no longer necessary.

Cookies

We use cookies to improve your browsing experience. For more details, please refer to our Cookie Policy.

4. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To provide IT support services, troubleshoot, and offer technical assistance.
• Communication: To respond to your inquiries, send service updates, and follow up on support requests.
• Billing: To send invoices, process payments, and maintain financial records.
• Service Improvement: To analyze service quality, improve our offerings, and enhance customer experience.
• Security: To protect our systems and your data from unauthorized access, fraud, and security threats.
• Legal Compliance: To meet our legal and regulatory obligations, including accounting and tax requirements.

We do not use your personal data for marketing purposes or send promotional materials unless you have explicitly opted in to receive such communications. You may opt out at any time by contacting us or through your communication preferences.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to fulfill our service agreement with you.
• Legal Obligation: Processing required by law, such as maintaining accounting records.
• Legitimate Interest: Processing for business operations, service improvement, and security measures.
• Consent: Where you have given explicit consent for specific purposes (e.g., marketing communications).

You have the right to object to processing based on legitimate interests. To exercise this right, please contact us at contact@jerropc.com. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

6. Data Sharing

We do not sell your personal data. We may share your personal data with the following categories of recipients:

Service Providers

We work with third-party service providers to assist in our operations, including:

• Remote support software providers (for IT assistance sessions)
• Email and communication platforms
• Hosting and cloud infrastructure providers
• Accounting and invoicing services

All service providers are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance and protect your data.

Authorities

We may share your data with government bodies or regulators when required by law, such as for compliance with accounting or tax obligations.

7. Data Retention

We retain your personal data only for as long as necessary to provide services and comply with legal obligations. The specific retention periods for different types of data are as follows:

• Financial records: Retained for 7 years (as required by Estonian accounting law).
• Service history and support tickets: Retained for 3 years after the last service interaction.
• Communication records: Retained for 2 years after the last correspondence.
• Contact information: Retained while you are an active client and for 2 years after the business relationship ends.
• Website analytics data: Retained for 26 months.

Once the retention period expires, your data will be securely deleted or anonymized. You may request early deletion of your data (subject to legal retention requirements) by contacting us.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Access: You can request a copy of your personal data.
• Rectification: You can request correction of inaccurate or incomplete data.
• Erasure: You can request deletion of your data (subject to legal retention requirements).
• Restriction: You can request limitation of data processing.
• Portability: You can request transfer of your data in a machine-readable format.
• Objection: You can object to processing based on legitimate interests.
• Withdraw Consent: You can withdraw your consent at any time where processing is based on consent.

To exercise these rights, send your request to contact@jerropc.com with the subject line “Data Protection Request”. Please include your full name and describe which right(s) you wish to exercise. We will respond within 30 days. We may ask for additional information to verify your identity.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption: Data transmitted between you and our systems is encrypted using TLS/SSL protocols.
• Secure Access: Remote support sessions use encrypted connections with session-specific access codes.
• Access Controls: Strict access controls limit data access to authorized personnel only.
• Regular Updates: Systems and software are kept up-to-date with security patches.
• Secure Storage: Data is stored on secure servers with appropriate physical and logical protections.

10. International Data Transfers

Your data is primarily processed within the European Union/European Economic Area (EU/EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms that ensure adequate protection.
• Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate data protection.
• Supplementary Measures: Additional technical and organizational safeguards where necessary.

You may request information about specific safeguards used for international transfers by contacting us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new “last updated” date. We encourage you to review this policy periodically.

Notification of Changes

For significant changes that materially affect how we process your data, we will notify you by email (if we have your email address) or by a prominent notice on our website before the changes take effect.

12. Contact & Complaints

For questions about this Privacy Policy or to exercise your data protection rights, contact us at:

Right to Complain

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. The relevant authority for Estonia is:

You may also contact the supervisory authority in your country of residence.