Privacy Policy

Last updated: 26 July 2025

Erphitea OÜ (“Erphitea,” “we,” “us” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:

• visit erphitea.com (the “Site”); or

• engage our architectural-visualisation services (the “Services”).

We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and Brazil’s LGPD, as applicable.

1. Data Controller & DPO

Controller: Erphitea OÜ

Registry code: 17272613

Registered seat: Ahtri 12, 15551 Tallinn, Estonia

Data Protection Officer: info@erphitea.com

All privacy-related notices and requests (access, rectification, deletion, etc.) should be sent to that address.

2. What Data We Collect & Why

We collect the following categories of personal data:

Contact Data

  • Examples: Name, company name, email address, phone number

  • Legal basis: Performance of contract (GDPR art. 6(1)(b)) or your consent (art. 6(1)(a))

Project Data

  • Examples: Architectural drawings, 3-D model files, design notes

  • Legal basis: Performance of contract (art. 6(1)(b))

Payment Data

  • Examples: Invoice address, VAT number, transaction IDs

  • Legal basis: Legal obligation (art. 6(1)(c))

Website Usage Data

  • Examples: IP address, browser type, pages visited, cookie identifiers

  • Legal basis: Legitimate interest (art. 6(1)(f)), e.g. site security and improvement

Marketing Preferences

  • Examples: Newsletter opt-in status, communications history

  • Legal basis: Your consent (art. 6(1)(a))

We do not collect special-category data (art. 9) unless you voluntarily provide it (for example, health details under an NDA).

Except where needed to perform our contract or comply with law, you may choose not to provide any of the personal data listed above; however, this may limit our ability to deliver certain Services (e.g. quotes, invoicing, support).

3. How We Use & Share Your Data

  • Provide & support Services (quoting, delivery, support)

  • Billing & compliance (invoicing, tax)

  • Site operations (security, performance, analytics)

  • Marketing emails (only if you opt-in)

  • For internal analytics (e.g. to improve our marketing and sales)

  • Fraud prevention

Shared with:

  • Cloud hosts under EU safeguards

  • Payment processors under PCI-DSS

  • Email & marketing (e.g. Mailchimp) under GDPR-compliant contracts

  • Professional advisers (accountants, lawyers) bound by NDA

  • Authorities (tax, legal, where required)

Data transfers outside the EEA rely on an EU adequacy decision or Standard Contractual Clauses.

We do not carry out any profiling or automated decision-making under GDPR Art. 22.

We do not sell your personal information under any circumstances.

4. System Logs & Maintenance

We collect server logs (IP, timestamps, errors) and perform regular backups and vulnerability scans to keep the Site secure and running smoothly.

5. Cookies & Analytics

We use essential cookies for functionality and Google Analytics to measure traffic.

You can disable non-essential cookies via our banner or your browser settings.

6. Data Retention

  • Project files & invoices: 10 years (Estonian tax law)

  • Contact/marketing data: until consent withdrawn or 2 years after last contact

  • Analytics logs: up to 14 months

Expired data is securely deleted or irreversibly anonymised.

7. Your Privacy Rights

Under GDPR, CCPA & LGPD you may:

1. Access your data

2. Correct inaccuracies

3. Erase data (“right to be forgotten”)

4. Restrict or object to processing

5. Port your data to another controller

6. Withdraw consent at any time

Supervisory authorities

  • EU / Estonia: Estonian Data Protection Inspectorate (www.aki.ee)

  • CZ: Czech Personal Data Protection Office (https://uoou.gov.cz)

  • California: Office of the California Attorney General (www.oag.ca.gov/privacy/ccpa)

  • Brazil: National Data Protection Authority (ANPD) (https://www.gov.br/anpd)

To exercise any right, contact info@erphitea.com. We’ll verify your identity before acting.

You will not be denied services or charged different prices for exercising your data rights.

8. Data Security

  • Encryption, wherever possible

  • Access controls: authorised personnel under confidentiality obligations

  • MFA (multi-factor authentication) on all used cloud hosts

  • Monitoring: regular vulnerability scans & backups

9. Third-Party Links & Content

Our Site may embed or link to third parties. We aren’t responsible for their practices; please review their privacy policies.

10. Children

We do not knowingly collect data from anyone under 16. If we learn we have, we’ll delete it immediately.

11. Changes to this Policy

We may update this at any time. Material changes will be posted here and, where practical, emailed to you. Continued use of the Site or Services indicates acceptance.

12. Governing Law & Jurisdiction

Data-protection issues are governed by Czech law and, where applicable, overseen by the Czech DPA or local courts under EU rules.

© 2025 Erphitea OÜ. All rights reserved.