Privacy

DEPOWISE PRIVACY POLICY
Last modified
07 August 2025
Depowise OÜ (“Depowise,” “we” “us” or “Company;” for contact details see the end of this privacy policy) considers protecting and respecting your privacy and safeguarding your personal data as critically important aspects of its business. The first section of this policy details and regulates how we collect, store, process, transfer, share and use our personal data when you visit our website (https://www.depowise.com/) for informational purposes, and information regarding our use of cookies and similar technologies. The second section of this policy details and regulates when you use our on-premises or SaaS software solutions which we make available to our customers (“Depowise Products”). The third section of this policy contains general regulation on the protection measures concerning your personal data, on transferring your personal data, information on your rights, and our contact details.
I. Data Processing with Regard to Visiting and Using Our Website
Who is Responsible for Processing Your Data
We are the data controller with regard to the personal data processed when you visit and use our website. This means that we determine and are responsible for how your personal data is processed. Our full contact details can be found at the end of this privacy policy.
Persons Affected by Data Processing, Types of Data Processed
The persons affected by data processing are those visiting and using our website over the internet.
If you visit our website, we may process personal data that we gather ourselves (or by using third-party services) regarding how, when and for what periods you access and use our website, and information about the device you use to access our website. We typically collect this data through various tracking technologies, e.g. cookies. This data includes information about pages visited, duration of visits, navigation patterns, IP address, browser type and version, device type and operating system, interactions with website elements, and general geographic location.
If you visit our website, we may also process personal data that you voluntarily and directly through our website provide us with. This includes data you provide to us when you book a demo, subscribe to our marketing communications, correspond with us, or use any other feature of our website. This data includes: first name, last name, e-mail address, phone number, employer, job position, communication, and correspondence data.
In requesting data from you, we will indicate if the provision of certain personal data is mandatory or optional. If you choose not to provide any personal data marked as mandatory, you may not be able to file your request and/or we may not be able to respond to your requests or provide other services to you.
We may combine the personal data you provide us with and that we collect ourselves or through third-party services.
Purposes and Lawful Basis for Data Processing
We process the personal data mentioned above to ensure the proper functioning of our website, to improve its performance and content, and to carry out analyses and usage statistics (such as tracking the number of visits or identifying navigation patterns). The lawful basis for such processing is our legitimate interest in maintaining and enhancing the functionality, security and relevance of our website.
We also process the personal data mentioned above to reply to the requests that you have submitted to us, e.g. for setting up a demo or negotiating over establishing a potential customer relationship. In such case, the lawful basis
for such processing is either our legitimate interest, the performance of a contract or taking steps at your request to enter or prepare the entry into a contract, or negotiate related thereto.
In case you have subscribed to our marketing communications, we will process your personal data based on your consent which you may always withdraw by an unsubscribe link provided in the marketing communication.
We may convert any personal data into anonymous or aggregated information that can no longer be linked to any individual. We do this, for example, to better understand how our website is used or to help us improve and develop new features. Once the data has been fully anonymised, we may use it for various purposes, such as testing and improving the website and IT-systems, research, data analysis, providing or optimising our services, or developing new services and features.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal obligations. Once data is no longer needed, we will either delete it or anonymise it, so it is no longer considered personal data.
We retain the personal data we collect in connection with you visiting or using our website for a period of no longer that six months.
We retain the personal data you provide to us with your requests etc. for a period of one year to enable us to better manage the relationship between us and cater to any of your follow-up requests and queries.
We may be required to store your personal data for periods which are longer than the periods above when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.
Some personal data may be retained in archived or backup systems for a limited period, solely for the purposes of ensuring data integrity, restoring systems in the event of failure, or fulfilling legal or compliance requirements. Such
data is securely stored, and access is strictly limited. It will be deleted or permanently anonymised once the relevant retention period expires or restoration is no longer required.
Cookies and Tracking
Cookies are small files or part of a file stored on your computer, created, and subsequently read by a website server, and containing personal information (such as a user identification code, customised preferences, or a record of
pages visited).
We use cookies and similar tracking technologies to distinguish you from other users of our website. This helps us to provide certain functionalities, to monitor and improve the website, as well as to allow our partners to determine products and services that may be of interest to you and to display relevant advertising to you as you browse the internet.
Please familiarize with our Cookie Policy by visiting our website.
We rely on your consent, which you may give or withdraw via our cookie manager. Please note that if you disable all cookies which can be disabled, our website or parts of it may not function properly.
II. Data Processing with Regard to Using the Depowise Products
Who is Responsible for Processing Your Data
The Depowise Products are made available by us to our customers either as (i) stand-alone on-premises applications or (ii) SaaS-based solutions. The use of the Depowise Products is governed by the applicable On-Premises Licensing Agreement or SaaS Service Terms, respectively.
1. SaaS Products
When the Depowise Products are provided as SaaS solutions hosted by us or our third-party service providers:
· We act as a data processor in relation to any data, including personal data, which the customer enters, transmits to, views, edits, or deletes within the Depowise Product (“Customer Data”) through APIs or other tools and their dedicated dashboards.
· Our customers act as the data controllers and are responsible for ensuring a valid legal basis for the processing of Customer Data, including any personal data contained therein.
· We act as a data controller in respect of certain limited data we process for our own purposes, such as customer contact information used for account administration, billing, and support.
2. On-Premises Products
When the Depowise Products are provided as on-premises solutions installed in the customer’s own environment:
· We generally do not act as a data controller nor as a data processor, since we do not have access to Customer Data processed within the on-premises application.
· However, if the customer explicitly grants us access to their systems (e.g. for support or maintenance purposes), we may act as a data processor in relation to Customer Data accessed during such services, subject to applicable data protection safeguards and terms.
· As with the SaaS Products, we act as a data controller for general business contact data we process for our own purposes, such as customer contact information used for account administration, billing, and support.
Persons Affected by Data Processing, Types of Data Processed
The persons affected by data processing in connection with managing Depowise Products’ related customer relationships are the contact persons appointed by the customer and notified to us, as well as other customers’ employees contacting us. The data may include first name, last name, e-mail address, phone number, and job position (“Contact Data”). We also process company (customer) specific information, including invoicing.
To the extent we act as a data controller or data processor in connection with Depowise Products, the data subjects affected by the data processing activities are the customer’s employees and other natural persons whose personal data has been transmitted to or input into the relevant Depowise Product by the customer. Such data (“Data on Persons”) may include first name, last name, job title, seniority, work e-mail address, telephone number, and related correspondence data.
Purposes and Lawful Basis for Data Processing
We process Contact Data for the administration and fulfilment of our customer contracts, and for ensuring that the customer contracts are duly fulfilled. The lawful basis for such processing activities is the fulfilment of a contract with a customer, and our legitimate interests in protecting our rights (e.g. in case of disputes, and in collection of debt).
To the extent we function as data processors in relation to Depowise Products, we process Data on Persons on
behalf of the customer, who acts as the data controller, under a data processing agreement concluded with the customer. The customer is responsible for ensuring a valid legal basis for all processing activities involving Data
on Persons. In our SaaS Depowise Products, we enable the customer to transmit, input, view, edit, otherwise use, and delete Data on Persons included in the Customer Data via APIs, tools, and their dedicated dashboards available in the relevant Depowise Product. In on-premises deployments, we do not access or process Customer Data in the ordinary course of providing the product. However, where the customer explicitly grants us access for support or maintenance purposes, we may temporarily function as a data processor in accordance with the agreed terms and applicable data protection obligations.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal obligations. Once data is no longer needed, we will either delete it or anonymise it. Anonymised and aggregated data that can no longer be linked to any individual may be retained and used indefinitely for purposes such as analytics, research, or service development. Customer Data shall be retained for the duration of the relevant customer contract and for a period of three years thereafter. Customer Data which is related to accounting, billing and taxes shall be retained for a period of seven years or until required by applicable legislation. We may be required to store Customer Data for longer periods when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.
Data on Persons shall be retained for the duration of the relevant customer contract and shall be deleted within 12 months as of termination of the relevant customer contract or any subsequent hand-over or continued support obligations arising therefrom. Unless otherwise permitted by applicable legislation, Data on Persons shall also be deleted if requested by the relevant data subject or the customer, and we shall in such case follow the instructions of the data subject or the customer. Please note that such data deletion requests may result in us being unable to continue the provision of our services.
Some personal data may be retained in archived or backup systems for a limited period, solely for the purposes of ensuring data integrity, restoring systems in the event of failure, or fulfilling legal or compliance requirements. Such
data is securely stored, and access is strictly limited. It will be deleted or permanently anonymised once the relevant retention period expires or restoration is no longer required.
III. General Regulation
Storing and Transferring Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data, Customer Data and Data on Persons against accidental or unlawful destruction, loss, change or damage. All data we collect will be stored on the secure servers of our reputable cloud service providers.
If you wish to enquire further about the safeguards we use, please contact us using the details set out at the end of this privacy policy.
Any transfers of personal data outside the EU/EEA shall be carried out in accordance with Chapter V of the GDPR, including based on an adequacy decision, or by implementing appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
Recipients
Your personal data may be shared with third party service providers that perform services for us or on our behalf. Such services may include e-mail and chat services, cloud services, machine translation services’ providers, fraud
prevention services, and analytics services. Our list of sub-processors is available here:
Sub-processor |
Purpose of processing |
Location(s) |
More information |
Microsoft 365 |
communication, file storage |
EU |
Our licenses are limited with EU |
Microsoft Azure |
storage, testing, development |
EU |
Only using the Azure North Europe |
Pipedrive |
CRM |
EU |
Data processed only within EU |
Google Analytics |
Website analytics |
US |
Joined with EU-U.S. Data Privacy |
Your Rights
In accordance with and subject to exceptions prescribed by applicable law, you as a data subject have the following rights against us to the extent we act as a data controller, which you may exercise by submitting a relevant request to us which we shall process in accordance with applicable legislation:
Right to Information: You have the right to obtain clear and transparent information about how we process your personal data, including the purposes for the processing and the lawful basis.
Right of Access: You may request access to your personal data processed by us, including a copy of such data.
Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transfer your data directly to another controller, where technically feasible.
Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request correction or completion of the data held by us.
Right to Restrict Processing: You may request the restriction of processing in certain circumstances, such as when you contest the accuracy of the data, the processing is unlawful, or when you need the data for legal claims, and we no longer require it for processing purposes.
Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. In such cases, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is required for legal claims.
Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful. This right is subject to exceptions, such as where processing is required to comply with legal obligations or to establish, exercise, or defend legal claims.
Right to Withdraw Consent: If our processing of your personal data is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.
Amendments to the Privacy Policy
This privacy policy may be amended by us from time to time with reasonable notice to you of such amendments e.g. via our website or e-mail. We recommend that you periodically review this page. In amending the privacy policy, the “last modified” date at the top of this privacy policy shall be updated. The privacy policy currently published on our website (https://www.depowise.com/) is regarded as valid and effective.
Contacting Us
Please contact us if you have any questions, comments, or requests regarding this privacy policy. Our contacts are as follows:
Depowise OÜ
Estonian commercial register code: 16379409
Registered address: Liivalaia tn 36, 10132 Tallinn, Estonia
e-mail address: info@depowise.com
Our supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee)