Skip to content
Owl Owl OÜ

GDPR Compliance

Last updated: July 2026

Owl Owl OÜ operates all of its services from within the European Union and processes personal data in accordance with Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR) — and the Estonian Personal Data Protection Act.

This page explains our role under the GDPR, the legal bases we rely on, your rights as a data subject, and how to exercise them. For a plain-language overview of what we collect, see our Privacy Policy.


Data Controller

The data controller responsible for personal data processed across our services is:

For data protection enquiries, contact us at [email protected] with the subject line “GDPR Request”.


Scope

This statement covers the websites and platforms operated by Owl Owl OÜ:

Each platform also publishes its own platform-specific policy with additional detail.


We only process personal data where the GDPR (Article 6) gives us a lawful basis to do so:

We do not carry out advertising, behavioural profiling, or automated decision-making that produces legal effects.


Categories of Data

Depending on the service, we may process:

We do not use third-party advertising cookies or behavioural tracking on this website.


Your Rights as a Data Subject

Under the GDPR you have the right to:

All of our platforms let you edit your profile, export your data, and delete your account directly. For anything else, email [email protected].

We respond to verified requests within one month, as required by Article 12(3). This period may be extended by two further months for complex requests, in which case we will inform you.


International Data Transfers

Our infrastructure and data are hosted within the European Union / European Economic Area. Where a sub-processor or recipient is located outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses (Art. 46).


Sub-Processors & Data Processing Agreement

Where you use our services on behalf of an organisation that is itself a data controller (for example, an institution running an account), Owl Owl OÜ acts as a data processor under Article 28 GDPR. For these cases we provide a standard Data Processing Agreement (DPA):

Download the Data Processing Agreement (PDF)

To execute a signed DPA, download the document, complete the controller details, and return it to [email protected].


Data Retention

We keep personal data only for as long as necessary for the purposes described above. When you delete your account, associated personal data is removed from our active systems, subject to short technical backup retention and any legal obligation to retain certain records.


Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it (Art. 33), and affected users without undue delay where required (Art. 34).


Supervisory Authority

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Estonian supervisory authority:

You may also contact the supervisory authority in your country of residence.


Contact Us

For any GDPR or data protection question, contact: