PRIVACY POLICY – AAYS (Always At Your Service)

Last updated: [27/12/2025]
Website: https://www.aays.digital

This Privacy Policy explains how AAYS Always At Your Service (“AAYS”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit our website, contact us, request information, or use our services.

This notice is provided pursuant to the EU General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) and applicable national data protection laws.

Data Controller

Data Controller: AAYS Always At Your Service OÜ
Registered address: [full registered address], [Country]
Company registry code: [registry code]
Email: [email protected]

Scope of this Policy

This Policy applies to personal data processed by AAYS in connection with:

Visits to our website and interaction with online content

Requests submitted via contact forms, email, or other channels

Business communications and pre-contractual interactions

Delivery and management of our services (where applicable)

Marketing communications (where permitted)

Legal and compliance obligations

If you are a customer and we provide services under a contract, additional privacy terms may apply (e.g., in a Data Processing Agreement).

Categories of personal data we may process

Depending on how you interact with us, we may process the following categories of personal data:

A) Identification and contact data

Name, surname, email address, phone number, job title, company name, country

B) Communication data

Messages you send us, request details, support tickets, call notes (if applicable)

C) Technical and usage data

IP address, device identifiers, browser type, operating system, pages visited, timestamps, referral URLs, and similar information collected via cookies or similar technologies

D) Transaction and service data (if applicable)

Billing details, VAT information, payment status, purchased services, contract-related information

E) Compliance data (if applicable)

Information necessary for legal, accounting, tax, or AML/KYC compliance where required for specific engagements

We do not intentionally collect “special categories” of personal data (e.g., health data, biometric data, political opinions). Please do not share such information unless strictly necessary and requested.

Purposes of processing and legal bases

We process personal data for the purposes and on the legal bases below:

To operate, maintain, and secure our website
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) and/or compliance with legal obligations (Art. 6(1)(c)).

To respond to inquiries and provide requested information
Legal basis: Performance of pre-contractual measures (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).

To provide and manage our services and contractual relationships (if applicable)
Legal basis: Contract performance (Art. 6(1)(b)).

To manage administrative, accounting, and tax requirements
Legal basis: Compliance with legal obligations (Art. 6(1)(c)).

To improve our website and services (analytics)
Legal basis: Consent where required (Art. 6(1)(a)) or legitimate interests for strictly necessary analytics where permitted.

To send marketing communications (newsletters, updates, offers)
Legal basis: Consent (Art. 6(1)(a)) or legitimate interests in B2B contexts where permitted by applicable law, with opt-out available.

To establish, exercise, or defend legal claims and manage disputes
Legal basis: Legitimate interests (Art. 6(1)(f)) and/or legal obligations (Art. 6(1)(c)).

Cookies and tracking technologies

We may use cookies and similar technologies (e.g., pixels, tags). For details, please refer to our Cookie Policy: [link to Cookie Policy].
Where required, we will request your consent before using non-essential cookies.

How we share personal data (recipients)

We may share personal data with the following categories of recipients, only when necessary:

Service providers / processors (e.g., hosting, IT support, CRM, email delivery, analytics, security, payment providers) acting on our instructions under appropriate agreements (GDPR Art. 28)

Professional advisors (e.g., lawyers, accountants, auditors) where necessary

Public authorities where required by law or lawful request

Business partners only where relevant and with appropriate safeguards and transparency

A list of key processors/vendors can be provided upon request, or referenced within the Cookie Policy for tracking-related vendors.

International transfers

Where personal data is transferred outside the European Economic Area (EEA) (e.g., certain cloud providers or analytics platforms), we ensure appropriate safeguards, such as:

EU adequacy decisions, where applicable; and/or

Standard Contractual Clauses (SCCs) approved by the European Commission, plus supplementary measures where necessary.

Further information on transfers may be provided in the relevant vendor policies and/or upon request.

Data retention

We retain personal data only for as long as necessary for the purposes described above, including legal and contractual requirements. Indicative retention periods:

Website logs / security records: typically up to 6 months, unless needed for security investigations

Contact requests and pre-contractual communications: up to 24 months after last interaction

Contract and billing records: for the period required by applicable tax/accounting laws (often 10 years, depending on jurisdiction)

Marketing data: until you withdraw consent or object, and in any case subject to periodic review

Retention may be extended where necessary to establish, exercise, or defend legal claims.

Your rights under GDPR

Subject to conditions and exceptions under applicable law, you may have the right to:

Access your personal data

Rectify inaccurate or incomplete data

Erase your data (“right to be forgotten”)

Restrict processing

Object to processing (especially where based on legitimate interests)

Data portability (where processing is based on consent or contract and carried out by automated means)

Withdraw consent at any time (without affecting lawfulness before withdrawal)

Lodge a complaint with a supervisory authority in the EU/EEA, particularly in the Member State of your habitual residence, place of work, or place of alleged infringement

To exercise your rights, contact us at: [[email protected]].

Security measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, where appropriate, access controls, encryption in transit, secure hosting environments, and staff confidentiality obligations.

No system is perfectly secure; however, we continuously review and improve our safeguards.

Children’s privacy

Our website and services are not intended for individuals under the age of 16 (or the applicable age of digital consent in the user’s jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

Third-party websites

Our website may contain links to third-party websites or embedded content. We are not responsible for the privacy practices of those third parties. Please review their privacy notices independently.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. We will post the updated version on this page and update the “Last updated” date.

Contact

For any questions about this Privacy Policy or our data processing practices:

AAYS Always At Your Service
Address: Sepapaja tn 6, 15551 Tallinn, Estonia
Email: [email protected]