ENG
  • EST
  • RUS
  • ENG
  • LAV
  • LIT
  • UKR
  • FIN
  • FRA
  • DEU
  • ENG
  • HYE

Privacy notice for users of the okidoki.ee platform

Last update: 12.08.2025

*This document is an automated translation. In case of any legal disputes or discrepancies, the original Estonian version shall prevail.

1. ABOUT THIS PRIVACY NOTICE

Okidoki OÜ ("Okidoki," "we," or "us") provides an online platform service that includes creating user accounts, electronic management of user advertisements, and using all the features available on the okidoki platform. dat

The terms “you” or “your” refer to individuals who create a user account on the Okidoki.ee online platform and use the services offered by the platform. This notice provides you with information on how we handle and protect your personal data, explains your privacy rights, and informs you about the choices and controls available to you.

When collecting and processing personal data, Okidoki follows applicable data protection laws, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC ("General Data Protection Regulation," "GDPR").

When registering as a user on the Okidoki platform, you will be asked to confirm that you have read this privacy notice.

If you have any questions, please contact Okidoki customer support via email at [email protected].

1.1. Processing of Personal Data by an Independent Service Provider

Other legal entities ("independent service providers") may also use the okidoki platform and offer their services. All user accounts on the okidoki platform are of the same type.

If an independent service provider processes your personal data, they act as an independent controller under Article 4(7) of the GDPR and must comply with all obligations imposed on data controllers by the GDPR. This privacy notice only governs the collection and processing of personal data by Okidoki.

An independent service provider using the okidoki platform and collecting or processing personal data of Okidoki users must ensure that the processing is based on a legal basis as specified in Article 6(1) of the GDPR and that data processing follows the principles outlined in Article 5(1) of the GDPR. Furthermore, the independent service provider must ensure that the data subject is informed about all processing activities conducted by the provider, as required by Articles 13 and 14 of the GDPR.

2. WHAT PERSONAL DATA WE PROCESS

We collect and process the following types of personal data:

  • Data you provide to Okidoki
  • Data you submit when using the okidoki platform

The table below lists all categories of personal data we process, along with descriptions:

Category of Personal Data

Description of Personal Data

User Account Data

We collect the following personal data when you create a user account on the okidoki platform:
• Full name
• Username and password
• Email address
• Phone number
• Age and date of birth
• Profile picture (optional)
• Linked Google account (optional)
• Account type (Personal, Business)
• Preferences/settings associated with the account
• Date of registration

Identification Data

We collect information about the time, place, and manner of your login to the user account.

Payment Data

If you choose to use the Okidoki deposit feature, we collect the following data regarding your payment methods:
• Bank name
• Type of payment card
• Payment history (payment time, amount)
• Account balance amount

Demographic Data

• Age

Geographic Data

We collect the following geographic data from your device:
• Location at the municipal level during account registration
• IP address when using the okidoki platform

Platform Usage Data

We collect personal data about how you use the Okidoki platform, including:
• Last login and usage time (timestamp and date)
• All advertisements you have posted, including inactive ones

Communication Data

We collect personal data from your interactions with other users and customer support:
• Communication and correspondence data from conversations with customer support via the platform and email
• Communication and correspondence data from messages exchanged with other okidoki users within the platform

We store conversation date, time, and content. Data is retained for 6 months.

Cookies

Okidoki platform you use and what your preferences are to provide you with the most relevant ads and improve your user experience.  

Cookies used by Okidoki:  

  • Login authentication 
  • Login location authentication 
  • SBOA 
  • Deposit usage authentication.

 Cookies used by third parties on Okidoki's website: 

  • CKEditor 5 
  • Google Suite 
  • Lijit.com 
  • Doubleclick.net 

For more information on the use of cookies, please refer to Section 6 of this privacy Notice.

Marketing Data

We collect data to send out newsletters.

3. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

The table below outlines the purposes for processing personal data and the corresponding legal bases under the General Data Protection Regulation (GDPR).

To better understand the table, we have provided a general explanation of each legal basis we rely on:

  • Performance of a Contract (GDPR Article 6(1)(b)): Okidoki must process your personal data to provide you with the agreed services and fulfill its obligations under the User Agreement. If the legal basis for processing personal data is the performance of a contract and you choose not to provide the required information, we may not be able to offer you Okidoki's services.
  • Legitimate Interest (GDPR Article 6(1)(f)): Okidoki processes your personal data based on legitimate interest when we have business and/or non-business interests in providing you with the best possible service. The table below explains each specific legal interest in more detail.
  • Compliance with a Legal Obligation (GDPR Article 6(1)(c)): Okidoki processes your personal data to fulfill legal obligations imposed on us by applicable laws. The table below provides details on each specific obligation. If the legal basis for processing personal data is compliance with a legal obligation and you choose not to provide the required information, we may not be able to offer you Okidoki's services.
  • Consent (GDPR Article 6(1)(a)): Okidoki processes your personal data based on prior, active, and informed consent. If we rely on your consent for data processing, you can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of data processing that occurred before the withdrawal.

Processing Purpose

Legal Basis

Category of Personal Data

Creating and maintaining an Okidoki user account

Performance of a contract

  • User account data

Authenticating the user account and verifying identity

Performance of a contract
Legitimate interest

  • User account data
  • Identification data
  • Platform usage data
  • Geographic data

Providing, customizing, and improving Okidoki services

Performance of a contract

  • User account data
  • Platform usage data
  • Cookies

Using the deposit system and processing payments

Performance of a contract

  • User account data
  • Profile data
  • Payment data
  • Platform usage data

Customer support and ensuring security

Performance of a contract
Legitimate interest

  • It is in Okidoki's interest to ensure that the use of the platform is safe for all parties and complies with Okidoki's user terms.
  • User account data
  • Profile data
  • Communication data
  • Platform usage data

Providing marketing services

Consent

  • Newsletter subscription data

Fraud prevention, anti-money laundering, and counter-terrorism compliance

Legitimate interest

  • User account data
  • Platform messages

4. WHO WE SHARE PERSONAL DATA WITH

We share your personal data with other platform users to facilitate reliable communication and the sales process. If a third party processes your personal data, they act as an independent data controller and must comply with GDPR and other legal requirements for data processing.

All Okidoki OÜ platform moderators have access to user account data. Administrators have access to all data listed in Section 2.

If necessary, we may share your personal data with public authorities, particularly data protection supervisory authorities. This is done when required by law or necessary for the performance of a public interest task.

5. DATA RETENTION PERIOD

Okidoki retains your personal data only for as long as necessary to provide services based on the purposes and legal bases described in Section 3. Okidoki complies with the retention periods for personal data as established by applicable laws.

Category of Personal Data

Processing Purpose

Retention Period

  • User Account Data

Creating and maintaining an Okidoki account

5 years

  • User account data
  • Identification data
  • Geographical data
  • Platform usage data

Provision, customization, and improvement of Okidoki services
User account authentication and identity verification

5 years

  • Payment Data

Using the deposit system and processing payments

7 years

  • User account data
  • Profile data
  • Communication data
  • Platform usage data
  • Profile analysis data

Providing customer support and ensuring security

5 years

  • User account data
  • Messages sent on the platform

Prevention of fraud, compliance with obligations arising from anti-money laundering and counter-terrorism financing laws

6 months

  • The information you need to create and send a newsletter

Sending newsletters

Until the user withdraws consent

  • Cookies

Analytics, personalization, and improving user experience

Up to 5 years, depending on the cookie (for exact retention periods, see section 6 ‘Cookies’ of this privacy Notice).

6. COOKIES

A cookie is a small text file that our online platform saves on your computer or mobile device when you visit a website. 

Okidoki uses cookies to provide the services of using the online platform, which are divided into the following categories based on the purpose of use:

Categories of cookies by token and retention periods in the web browserPlatform functioning (functionality)AnalyticsAdvertisement
Front-End•login_warning (5 years)
• SBOA (1 day)

• safetyAcknowledged (30 days)


• notlocal (7 days)


• nodeposittip*

Back-End• pp (30 days)


• s_id (up to 30 days or until the browser session ends)


• view (30 days)


• gid (30 days)


• cid (30 days)


• regio (30 days)


• mobile (30 days)

Third party cookies• CKEditor 5 (while visiting the website)


• Google Suite (up to 1 year)• Google Suite (up to 1 year)• Google Suite (up to 1 year)

*This cookie used to be used for functionality but will no longer be set from mid-2023. If this cookie is still present, it will be automatically deleted. 

We use cookies based on your consent. Consent to the use of cookies is voluntary and you have the right to withdraw or modify your consent at any time. You can manage your cookie settings through your web browser settings.

7. YOUR RIGHTS

As a data subject, you have the following rights, considering the limitations set forth in applicable data protection laws:

  • Right of Access: You have the right to be informed about the processing of your personal data and the right to access your personal data and request copies of it.
  • Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data. The quickest way to update your account details is through the "Settings" section of the Okidoki platform.
  • Right to Erasure: Under certain conditions, you have the right to request the deletion of your personal data. If the legal basis for processing your data is a legal obligation, an overriding legitimate interest, or another excluding factor, we may not be able to delete your data.
  • Right to Restriction of Processing: Under certain conditions, you have the right to request that we restrict the processing of your personal data. If the processing is based on a legal obligation, an overriding legitimate interest, or another excluding factor, we may not be able to restrict the processing of your data.
  • Right to Data Portability: Under certain conditions, you have the right to request the transfer of your data to another organization or to yourself. This right applies only to personal data you have provided to us.
  • Right to Object: Under certain conditions, you have the right to object to the processing of your personal data (e.g., if the processing is based on legitimate interest).
  • Right to Object to Fully Automated Decision-Making: Under certain conditions, you have the right to object to any fully automated decisions that have a legal or significant impact on you. Some exceptions apply to this right, such as when processing is necessary for contract performance or legally permitted.
  • Right to Withdraw Consent: If the legal basis for processing your personal data is consent, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of the processing conducted before the withdrawal.
  • Right to File a Complaint: You have the right to file a complaint with the Data Protection Inspectorate, which is the supervisory authority responsible for data protection in Estonia. You also have the right to seek legal remedies.

To exercise the above rights, please contact Okidoki customer support via email at [email protected].

Okidoki reserves the right to modify this privacy notice. The latest version of the privacy notice is available on the Okidoki website.

Did you find this article helpful?