*This document is an automated translation. In case of any legal disputes or discrepancies, the original Estonian version shall prevail.
1. ABOUT THIS PRIVACY NOTICE
Okidoki OÜ ("Okidoki," "we," or "us") provides an online platform service that includes creating user accounts, electronic management of user advertisements, and using all the features available on the okidoki platform. dat
The terms “you” or “your” refer to individuals who create a user account on the Okidoki.ee online platform and use the services offered by the platform. This notice provides you with information on how we handle and protect your personal data, explains your privacy rights, and informs you about the choices and controls available to you.
When collecting and processing personal data, Okidoki follows applicable data protection laws, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC ("General Data Protection Regulation," "GDPR").
When registering as a user on the Okidoki platform, you will be asked to confirm that you have read this privacy notice.
If you have any questions, please contact Okidoki customer support via email at [email protected].
1.1. Processing of Personal Data by an Independent Service Provider
Other legal entities ("independent service providers") may also use the okidoki platform and offer their services. All user accounts on the okidoki platform are of the same type.
If an independent service provider processes your personal data, they act as an independent controller under Article 4(7) of the GDPR and must comply with all obligations imposed on data controllers by the GDPR. This privacy notice only governs the collection and processing of personal data by Okidoki.
An independent service provider using the okidoki platform and collecting or processing personal data of Okidoki users must ensure that the processing is based on a legal basis as specified in Article 6(1) of the GDPR and that data processing follows the principles outlined in Article 5(1) of the GDPR. Furthermore, the independent service provider must ensure that the data subject is informed about all processing activities conducted by the provider, as required by Articles 13 and 14 of the GDPR.
2. WHAT PERSONAL DATA WE PROCESS
We collect and process the following types of personal data:
- Data you provide to Okidoki
- Data you submit when using the okidoki platform
The table below lists all categories of personal data we process, along with descriptions:
Category of Personal Data | Description of Personal Data |
User Account Data | We collect the following personal data when you create a user account on the okidoki platform: |
Identification Data | We collect information about the time, place, and manner of your login to the user account. |
Payment Data | If you choose to use the Okidoki deposit feature, we collect the following data regarding your payment methods: |
Demographic Data | • Age |
Geographic Data | We collect the following geographic data from your device: |
Platform Usage Data | We collect personal data about how you use the Okidoki platform, including: |
Communication Data | We collect personal data from your interactions with other users and customer support: We store conversation date, time, and content. Data is retained for 6 months. |
Cookies | Okidoki platform you use and what your preferences are to provide you with the most relevant ads and improve your user experience. Cookies used by Okidoki:
Cookies used by third parties on Okidoki's website:
For more information on the use of cookies, please refer to Section 6 of this privacy Notice. |
Marketing Data | We collect data to send out newsletters. |
3. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
The table below outlines the purposes for processing personal data and the corresponding legal bases under the General Data Protection Regulation (GDPR).
To better understand the table, we have provided a general explanation of each legal basis we rely on:
- Performance of a Contract (GDPR Article 6(1)(b)): Okidoki must process your personal data to provide you with the agreed services and fulfill its obligations under the User Agreement. If the legal basis for processing personal data is the performance of a contract and you choose not to provide the required information, we may not be able to offer you Okidoki's services.
- Legitimate Interest (GDPR Article 6(1)(f)): Okidoki processes your personal data based on legitimate interest when we have business and/or non-business interests in providing you with the best possible service. The table below explains each specific legal interest in more detail.
- Compliance with a Legal Obligation (GDPR Article 6(1)(c)): Okidoki processes your personal data to fulfill legal obligations imposed on us by applicable laws. The table below provides details on each specific obligation. If the legal basis for processing personal data is compliance with a legal obligation and you choose not to provide the required information, we may not be able to offer you Okidoki's services.
- Consent (GDPR Article 6(1)(a)): Okidoki processes your personal data based on prior, active, and informed consent. If we rely on your consent for data processing, you can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of data processing that occurred before the withdrawal.
Processing Purpose | Legal Basis | Category of Personal Data |
Creating and maintaining an Okidoki user account | Performance of a contract |
|
Authenticating the user account and verifying identity | Performance of a contract |
|
Providing, customizing, and improving Okidoki services | Performance of a contract |
|
Using the deposit system and processing payments | Performance of a contract |
|
Customer support and ensuring security | Performance of a contract
|
|
Providing marketing services | Consent |
|
Fraud prevention, anti-money laundering, and counter-terrorism compliance | Legitimate interest |
|
4. WHO WE SHARE PERSONAL DATA WITH
We share your personal data with other platform users to facilitate reliable communication and the sales process. If a third party processes your personal data, they act as an independent data controller and must comply with GDPR and other legal requirements for data processing.
All Okidoki OÜ platform moderators have access to user account data. Administrators have access to all data listed in Section 2.
If necessary, we may share your personal data with public authorities, particularly data protection supervisory authorities. This is done when required by law or necessary for the performance of a public interest task.
5. DATA RETENTION PERIOD
Okidoki retains your personal data only for as long as necessary to provide services based on the purposes and legal bases described in Section 3. Okidoki complies with the retention periods for personal data as established by applicable laws.
Category of Personal Data | Processing Purpose | Retention Period |
| Creating and maintaining an Okidoki account | 5 years |
| Provision, customization, and improvement of Okidoki services | 5 years |
| Using the deposit system and processing payments | 7 years |
| Providing customer support and ensuring security | 5 years |
| Prevention of fraud, compliance with obligations arising from anti-money laundering and counter-terrorism financing laws | 6 months |
| Sending newsletters | Until the user withdraws consent |
| Analytics, personalization, and improving user experience | Up to 5 years, depending on the cookie (for exact retention periods, see section 6 ‘Cookies’ of this privacy Notice). |
6. COOKIES
A cookie is a small text file that our online platform saves on your computer or mobile device when you visit a website.
Okidoki uses cookies to provide the services of using the online platform, which are divided into the following categories based on the purpose of use:
| Categories of cookies by token and retention periods in the web browser | Platform functioning (functionality) | Analytics | Advertisement |
| Front-End | •login_warning (5 years) | • SBOA (1 day) | |
| • safetyAcknowledged (30 days) | |||
| • notlocal (7 days) | |||
| • nodeposittip* | |||
| Back-End | • pp (30 days) | ||
| • s_id (up to 30 days or until the browser session ends) | |||
| • view (30 days) | |||
| • gid (30 days) | |||
| • cid (30 days) | |||
| • regio (30 days) | |||
| • mobile (30 days) | |||
| Third party cookies | • CKEditor 5 (while visiting the website) | ||
| • Google Suite (up to 1 year) | • Google Suite (up to 1 year) | • Google Suite (up to 1 year) |
*This cookie used to be used for functionality but will no longer be set from mid-2023. If this cookie is still present, it will be automatically deleted.
We use cookies based on your consent. Consent to the use of cookies is voluntary and you have the right to withdraw or modify your consent at any time. You can manage your cookie settings through your web browser settings.
7. YOUR RIGHTS
As a data subject, you have the following rights, considering the limitations set forth in applicable data protection laws:
- Right of Access: You have the right to be informed about the processing of your personal data and the right to access your personal data and request copies of it.
- Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data. The quickest way to update your account details is through the "Settings" section of the Okidoki platform.
- Right to Erasure: Under certain conditions, you have the right to request the deletion of your personal data. If the legal basis for processing your data is a legal obligation, an overriding legitimate interest, or another excluding factor, we may not be able to delete your data.
- Right to Restriction of Processing: Under certain conditions, you have the right to request that we restrict the processing of your personal data. If the processing is based on a legal obligation, an overriding legitimate interest, or another excluding factor, we may not be able to restrict the processing of your data.
- Right to Data Portability: Under certain conditions, you have the right to request the transfer of your data to another organization or to yourself. This right applies only to personal data you have provided to us.
- Right to Object: Under certain conditions, you have the right to object to the processing of your personal data (e.g., if the processing is based on legitimate interest).
- Right to Object to Fully Automated Decision-Making: Under certain conditions, you have the right to object to any fully automated decisions that have a legal or significant impact on you. Some exceptions apply to this right, such as when processing is necessary for contract performance or legally permitted.
- Right to Withdraw Consent: If the legal basis for processing your personal data is consent, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of the processing conducted before the withdrawal.
- Right to File a Complaint: You have the right to file a complaint with the Data Protection Inspectorate, which is the supervisory authority responsible for data protection in Estonia. You also have the right to seek legal remedies.
To exercise the above rights, please contact Okidoki customer support via email at [email protected].
Okidoki reserves the right to modify this privacy notice. The latest version of the privacy notice is available on the Okidoki website.