Privacy Policy

1. Introduction

Flexum OU (“Flexum,” “we,” “us,” or “our”) is a printing industry partner operating across Estonia, Latvia, Lithuania, and Finland. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website (flexum.eu) or interact with our services.

We are committed to protecting your privacy and processing your personal data in compliance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus), and the Estonian Electronic Communications Act as it relates to electronic direct marketing and the use of cookies.

2. Data Controller

The data controller responsible for processing your personal data is:

Due to the nature and scale of our processing activities, Flexum OU is not required to appoint a Data Protection Officer under GDPR Article 37. For any data protection inquiries, please contact us at info@flexum.eu.

3. What Data We Collect

When you submit a contact form or request a quote, we collect the following information:

• Name
• Email address
• Phone number
• Company name
• Message content

We also automatically collect standard web analytics data, including your IP address, browser type, device type, pages visited, referring URL, and timestamps. We do not collect sensitive personal data (special category data as defined under GDPR Article 9).

4. How We Collect Data

We collect personal data through the following means:

• Contact forms on the website
• Quote request forms
• Email correspondence
• Automatically via cookies and web analytics tools when you browse our website

5. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

• Contact form submissions and quote requests: processed on the basis of legitimate interest (GDPR Art. 6(1)(f) — responding to business inquiries) and/or pre-contractual measures (GDPR Art. 6(1)(b) — taking steps at your request prior to entering into a contract).
• Website analytics: processed on the basis of legitimate interest (GDPR Art. 6(1)(f) — improving website performance and user experience).
• Marketing communications (if any): sent only with your explicit consent (GDPR Art. 6(1)(a)). You may withdraw your consent at any time.

6. Cookies and Tracking Technologies

Cookies are small text files that are stored on your device when you visit a website. They help the website remember your preferences and understand how you interact with it. Our website may use the following types of cookies:

Non-essential cookies (such as analytics cookies) are only placed after you give consent via the cookie consent banner, in compliance with the EU ePrivacy Directive and the Estonian Electronic Communications Act. You can manage your cookie preferences at any time through the cookie consent banner or your browser settings.

How to disable cookies in your browser:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions → Manage and delete cookies

Please note that disabling cookies may affect the functionality of the website.

7. Data Sharing

We do not sell your personal data. We may share your data with the following categories of third-party service providers, who process data only on our instructions and in accordance with GDPR requirements:

• Hosting providers (for website infrastructure)
• Email service providers (for processing form submissions)
• Analytics providers (for website usage analysis)

All third-party processors are GDPR-compliant. Personal data is not transferred outside the EU/EEA unless adequate safeguards are in place, such as Standard Contractual Clauses per GDPR Article 46(2)(c).

8. Data Retention

Contact form data and business inquiry data is retained for 2 years after the last communication, unless there is an ongoing business relationship requiring longer retention. Analytics data is retained in anonymized and aggregated form. When the retention period expires, personal data is securely deleted or anonymized.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15) — request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”).
• Right to restriction of processing (Art. 18) — request that we limit how we process your data.
• Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21) — object to the processing of your data based on legitimate interests.
• Right to withdraw consent (Art. 7(3)) — withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at info@flexum.eu. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): website aki.ee, address Tatari 39, 10134 Tallinn, Estonia.

10. Automated Decision-Making

We do not use automated decision-making or profiling as defined under GDPR Article 22.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS/TLS), secure hosting infrastructure, access controls, and regular security reviews.

12. Third-Party Links

Our website may contain links to the websites of our manufacturer and distribution partners, including Nilpeter, Koenig & Bauer, SCREEN, Golden Laser, Lemorau, OKI, Flint Group, ECO3, Techkon, and others. We are not responsible for the privacy practices of these external websites and encourage you to review their respective privacy policies.

13. Children's Privacy

This website is a business-to-business (B2B) service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy regularly.

15. Contact

For any privacy-related questions or to exercise your data protection rights, please contact: