Effective date: September 26, 2025

1. Who we are

Personal data controller: Heikkinen OÜ (reg. code: 12054291, address: Piloodi tee 4, Soodevahe küla, Rae vald, Harjumaa, 75322, Estonia, email for data inquiries: info@ecoslider.com).
Our website: https://ecoslider.com.

2. What data we collect

2.1. Data from greenhouse request and feedback forms

When you fill out a request/commercial offer/feedback form on the website, we collect: Name, Phone number, Email, Delivery and installation address for the greenhouse, and Comments/Message. This data is needed to prepare a price quote and for communication, logistics planning, and installation

2.2. Data for newsletters

If you have agreed to receive our newsletter, we use your name and email address to send you news, offers, and materials. You can unsubscribe at any time by clicking the “Unsubscribe” link in each email or by writing to us.

2.3. Comments

When you leave comments, you provide us with data from the comment form; we also process your IP address and user agent for anti-spam purposes. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you have an account there. See the Gravatar service privacy policy: https://automattic.com/privacy/. After approval of your comment, your avatar image is visible to the public.

2.4. Media files

If you upload images, avoid EXIF geolocation metadata (GPS). Visitors can extract this data from downloaded images.

2.5. Technical data and cookies

We use cookies and similar technologies to ensure the functioning of the site, analyze traffic, and for marketing purposes.

• Comment cookies may store your name, email, and website for one year.

• When you log in to your account, we set temporary cookies to check cookie support (deleted when you close your browser), login cookies (up to 2 days; if you select “Remember me,” up to 2 weeks), and screen settings cookies (up to 1 year).

• When editing/publishing content, an additional cookie is stored (post ID, expires after 1 day).

2.6. Embedded content

Materials on the website may include embedded content (videos, images, articles). Embedded content behaves as if you were visiting the corresponding third-party website and may collect data, use cookies, embed third-party tracking, and record interactions.

3. Purposes and legal basis for processing

We process personal data on the grounds provided for in Article 6 of the GDPR:

• Performance of the contract/pre-contractual measures (Article 6(1)(b)): calculation of the offer, communication, organization of delivery and installation.

• Legitimate interest (Article 6(1)(f)): ensuring website security (anti-spam, prevention of abuse), aggregated traffic analytics, service improvement.

• Consent (Article 6(1)(a)): marketing mailing list (name, email), installation of non-mandatory cookies.

• Legal obligation (Article 6(1)(c)): accounting, tax, and other mandatory requirements.

4. Who we share data with

We may transfer data only to the extent necessary for the purpose:

• Hosting providers/IT contractors — for website operation and data storage.

• Mailing/distribution services — for delivering letters and mailings.

• Logistics companies and installation teams — delivery/installation address, name, and telephone number for delivery and installation of the greenhouse.

• Anti-spam/security — filtering and protection services.

In all cases, such recipients are processors under contract and are required to comply with data protection requirements. Transfers outside the EEA are only permitted if appropriate safeguards are in place (standard EU contractual clauses, etc.).

5. Storage periods

• Lead requests/correspondence regarding commercial offers: up to 36 months from the last contact or until consent is withdrawn (if the basis is consent/marketing), unless longer storage is required to protect rights.

• Mailing list data: until unsubscribing or withdrawal of consent.

• Comments and their metadata: indefinitely (for recognition and automatic approval of repeat comments), unless you request deletion and there is no legal obligation to store.

• User profile: as long as the account is active.

• Accounting documents: in accordance with Estonian law (usually up to 7 years).

6. Your rights

You have the right to access, correct, delete, restrict processing, transfer, object to processing, and withdraw consent (this does not affect the lawfulness of processing previously carried out).
To exercise your rights, please contact us at info@ecoslider.com.
You also have the right to lodge a complaint with the Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate).

7. Marketing communications

We only send emails with your consent or based on our legitimate interests within the scope of applicable law. You can always unsubscribe by clicking the link at the bottom of the email or by writing to us.

8. Data security

We use organizational and technical security measures (access management, encryption where applicable, access logs, backup). No internet method is 100% secure, but we strive to maintain a high level of security.

9. Age restrictions

Our website and products are not intended for persons under the age of 16. We do not knowingly collect data from children. If you become aware that a child has provided us with data, please contact us to have it deleted.

10. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that would have legal consequences for you.

11. International transfers

We strive to process your data within the EEA. If individual contractors are located outside the EEA (e.g., mailing service providers or cloud hosting providers), data transfer is only possible if legal safeguards under the GDPR are in place: (i) European Commission adequacy decisions, and/or (ii) Standard Contractual Clauses (SCCs) with additional security measures (encryption, access restrictions, pseudonymization). Details are available upon request.

12. Changes to the Policy

We may update the Policy. The current version is always posted on this page with the date of entry into force.

13. Google Services (Analytics, Tag Manager, reCAPTCHA)

We use certain Google services. Their use may involve the processing of technical and, in some cases, personal data, as well as the transfer of data outside the EEA, subject to the safeguards described in §11.

13.1. Google Tag Manager (GTM)

GTM is used to manage tags on the website (connecting analytics, pixels, etc.). GTM itself does not collect or store users’ personal data — it only triggers other tags. Analytical/marketing tags are only triggered after you have given your consent via the cookie management banner (see §2.5).

13.2. Google Analytics (GA)

We use GA to analyze website usage and improve our service. What data is processed: cookie/device identifiers, IP address (with IP anonymization enabled where available), website interaction events (views, clicks, session duration, etc.), technical information about the browser/device.

Legal basis: consent (Art. 6(1)(a) GDPR). Analytics will not be activated without your consent. Storage periods: metrics and identifiers in GA are stored for a limited time according to our settings (usually 14 months, unless otherwise specified).

How to opt out: You can withdraw your consent in the cookie settings on the website at any time. Browser mechanisms for blocking analytics/add-ons are also available for opting out.

Note: when enabling “advertising features” (remarketing, demographics, interests), we will request separate consent; without it, such features will not be activated.

13.3. Google reCAPTCHA

We use reCAPTCHA to protect forms from abuse and spam. The service analyzes visitor behavior (e.g., IP address, cursor movements/events, browser technical parameters) to determine whether a request is automated.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — ensuring the security and availability of the website. reCAPTCHA is a strictly necessary security tool and is not dependent on consent to marketing cookies.

Personal data is only transferred to Google to the extent necessary for verification. We minimize the data transferred and do not use reCAPTCHA to profile website visitors for marketing purposes.

13.4. Data transfers and safeguards

Google may process data on servers outside the EEA. Such transfers are carried out with the safeguards specified in §11 (e.g., Standard Contractual Clauses (SCCs) and additional protective measures).

13.5. Your choices and control

You can:

• manage your consent to analytics in the cookie banner (on/off GA),

• withdraw your consent at any time (effective for the future),

• contact us at info@ecoslider.com

• exercise the rights listed in §6.

14. Contact

For questions regarding data processing and protection: info@ecoslider.com
Postal address: Heikkinen OÜ, Piloodi tee 4, Soodevahe küla, Rae vald, Harjumaa, 75322, Estonia.