Sera Leads OÜ (“Sera,” “we” “us” or “Company;” for contact details see the end of this privacy policy) considers protecting and respecting your privacy and safeguarding your personal data as critically important aspects of its business. The first section of this policy details and regulates how we collect, store, process, transfer, share and use your personal data when you visit our website (https://www.seraleads.com) for informational purposes, and information regarding our use of cookies and similar technologies. The second section of this policy details and regulates the aforementioned when you use our application which is accessible via our website (“Sera Application”). The third section of this policy contains general regulation on the protection measures concerning your personal data, on transferring your personal data, information on your rights, and our contact details.

If you have any questions about our privacy policy or how we use your personal information, please contact us via e-mail at sergio@seraleads.com.

DATA PROCESSING WITH REGARD TO VISITING AND USING OUR WEBSITE
‍
Who is Responsible for Processing Your Data
We are the data controller with regard to the personal data processed when you visit and use our website. This means that we determine and are responsible for how your personal data is processed. Our full contact details can be found at the end of this privacy policy.

Persons Affected by Data Processing, Types of Data Processed
The persons affected by data processing in visiting and using our website are the persons that visit and use our website over the internet.

If you visit our website, we may process personal data that we gather ourselves (or by using third-party services) regarding how, when and for what periods you access and use our website, and information about the device you use to access our website. We typically collect this data through various tracking technologies, e.g. cookies. This data includes information about pages visited, duration of visits, navigation patterns, IP address, browser type and version, device type and operating system, interactions with website elements, and general geographic location.

If you visit our website, we may also process personal data that you voluntarily and directly through our website provide us with. This includes data you provide to us when you book a demo, subscribe to our marketing communications, correspond with us, or use any other feature of our website. This data includes: first name, last name, e-mail address, phone number, employer, job position, communication, and correspondence data (including chats).

In requesting data from you, we will indicate to you if the provision of certain personal data is mandatory or optional. If you choose not to provide any personal data marked as mandatory, we may not be able to respond to your requests or provide other services to you.

We may combine the personal data you provide us with and that we collect ourselves or through third-party services.

Purposes and Lawful Basis for Data Processing
We process the personal data mentioned above for the purpose of making our website function properly, and to make improvements to the functioning of our website and/or the information contained in it. The lawful basis for such processing is our legitimate interest.

We also process the personal data mentioned above in order to reply to the requests that you have submitted to us, e.g. for setting up a demo or negotiating over establishing a potential customer relationship. In such case, the lawful basis for such processing is either our legitimate interest, the performance of a contract or taking steps at your request to enter into or prepare the entry into a contract or hold negotiations related thereto.

In case you have subscribed to our marketing communications, we will process your personal data based on your consent which you may at all times withdraw by an unsubscribe link provided in the marketing communication.

We may anonymise and aggregate any of the personal data we collect as such that the personal data will not allow for the identification of an individual. We may use such anonymised information for purposes that include testing our IT systems, research, data analysis, improving our website, providing our services, and developing new services and features. We may also share such anonymised and aggregated information with others, including for our commercial purposes.

Data Retention
We retain the personal data we collect in connection with you visiting or using our website for a period of 30 days.

We retain the personal data you provide to us with your requests etc. for a period of three years to enable us to better manage the relationship between us and cater to any of your follow-up requests and queries.

We may be required to store your personal data for periods which are longer than the periods above when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.

Cookies and Tracking
Cookies are small files or part of a file stored on your computer, created, and subsequently read by a website server, and containing personal information (such as a user identification code, customised preferences, or a record of pages visited).

We use cookies and similar tracking technologies to distinguish you from other users of our website. This helps us to provide certain functionalities, to monitor and improve the website, as well as to allow our partners to determine products and services that may be of interest to you and to display relevant advertising to you as you browse the internet.

We use the following types of cookies, whereas a detailed list of cookies can be found in our cookie policy:

- Strictly necessary cookies. These are cookies that are required for the operation of our website, and these are the only type of cookies from which it is not possible to opt out from.
- Analytical cookies. These are cookies that track how users navigate and interact with our website. The information collected is used to help us improve the website.
-Functionality/performance cookies. These are cookies that help enhance our website’s performance and functionality. We may use this information e.g. for remembering your settings.
- Third party cookies. These are cookies that have been created by a website other than ours. These cookies are used to analyse users’ web usage in order to offer users a personalised web experience.

You can modify cookies in your browser settings or in our cookie manager accessible via our website. Please note that if you disable all cookies which can be disabled, our website or parts of it may not function properly.

DATA PROCESSING WITH REGARD TO USING THE SERA APPLICATION
‍
Who is Responsible for Processing Your Data
The Sera Application is available and accessible on and through our website. The use of the Sera Application is regulated in detail in the Sera Leads SaaS Agreement.

In providing the Sera Application, we act both as a data controller and a data processor as outlined below.

In processing general customer contact data, we act as a data controller. In allowing our customers to transmit, input, view, edit, otherwise use and delete data in the Sera Application (“Customer Content”) using APIs or other tools and their dedicated exclusive access dashboards available in the Sera Application, we act as a data processor. Our customers are liable for ensuring that a lawful basis exists for the entry into and the further processing in the Sera Application of the Customer Content, including any personal and other data contained therein.

Our full contact details can be found at the end of this privacy policy.

Persons Affected by Data Processing, Types of Data Processed
The persons affected by data processing in connection with managing Sera Application related customer relationships are the contact persons appointed by the customer and notified to us. The data may include first name, last name, e-mail address, phone number, and job position (“Contact Data”). We also process company (customer) specific information, including with regard to invoicing.

The persons affected by data processing in connection with the functions and services of the Sera Application are the customer’s employees and natural persons regarding whom our customer has transmitted or input Customer Data into the Sera Application. The data may include first name, last name, job title, seniority, work e-mail address, phone number (“Data on Persons”).

Purposes and Lawful Basis for Data Processing

We process Contact Data for the administration and fulfilment of our customer contracts, and for ensuring that the customer contracts are duly fulfilled by our customers. The lawful bases for such processing activities are the fulfilment of a contract with a customer, and our legitimate interests in protecting our rights (e.g. in case of disputes, and in collection of debt).

We process Data on Persons included in the Customer Content both as a controller and a processor.

As a controller, we may process the Customer Content. The lawful basis for such processing is our legitimate interest in continually improving the services we provide to our customers via the Sera Application.

As a processor, we process Data on Persons for the customer acting as a controller, and the customer is liable for and obliged to have a lawful basis for processing. In acting as a processor, we enable the customers to transmit, input, view, edit, otherwise use and delete Data on Persons included in the Customer Content using APIs or other tools and their dedicated exclusive access dashboards available in the Sera Application.

Data Retention
Customer Data shall be retained for the duration of the relevant customer contract and for a period of three years thereafter. Customer Data which is related to accounting, billing and taxes shall be retained for a period of ten years or until required by applicable legislation. We may be required to store Customer Data for longer periods when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.

Data on Persons shall be retained for the duration of the relevant customer contract and shall be deleted within 12 months as of termination of the relevant customer contract. Data on Persons shall also be deleted if requested by the relevant data subject or the customer, and we shall in such case follow the instructions of the data subject or the customer. Please note that such data deletion requests may result in us being unable to continue the provision of our services.

GENERAL REGULATION
Storing and Transferring Your Personal Data

We implement appropriate technical and organisational measures to protect your personal data, Customer Data and Data on Persons against accidental or unlawful destruction, loss, change or damage. All data we collect will be stored on the secure servers of our reputable cloud service providers.

If you wish to enquire further about the safeguards we use, please contact us using the details set out at the end of this privacy policy.

Any transfers of personal data outside the EU/EEA shall be done under a lawful basis, including to a recipient which is in a country which provides an adequate level of protection for personal data; or under appropriate safeguards which cover the EU/EEA requirements for the transfer of personal data outside the EU/EEA.

Recipients

Your personal data may be shared with third party service providers that perform services for us or on our behalf. Such services may include e-mail and chat services, cloud services, large language model services’ providers, machine translation services’ providers, fraud prevention services, and analytics services.

Your personal data may also be shared with external recipients if we are legally obliged to do so. This may include court orders and judgements, and data protection supervisory authority requests. In honouring such orders, judgements, and requests, we shall make sure that a lawful basis exists under which we share the information.

We may share your personal data in connection with legitimate exercise or protection of our or our customers’ rights, or in investigating contract breaches or illegal activity. In such cases the recipients of your personal data may be professional advisors or law enforcement agencies.

Your personal data may be disclosed to third parties if we are involved in a merger, sale of all or part of our assets or shares, reorganisation, or financing.

Your Rights

In accordance with and subject to exceptions prescribed by applicable law, you as a data subject have the following rights against us to the extent we act as a data controller, which you may exercise by submitting a relevant request to us which we shall process in accordance with applicable legal acts:

- Right to Information: You have the right to obtain clear and transparent information about how we process your personal data, including the purposes for the processing and the lawful basis.
- Right of Access: You may request access to your personal data processed by us, including a copy of such data.
- Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transfer your data directly to another controller, where technically feasible.
- Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request correction or completion of the data held by us.
- Right to Restrict Processing: You may request the restriction of processing in certain circumstances, such as when you contest the accuracy of the data, the processing is unlawful, or when you need the data for legal claims, and we no longer require it for processing purposes.
- Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. In such cases, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is required for legal claims.
- Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful. This right is subject to exceptions, such as where processing is required to comply with legal obligations or to establish, exercise, or defend legal claims.
- Right to Withdraw Consent: If our processing of your personal data is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.

Amendments to the Privacy Policy
This privacy policy may be amended by us from time to time. We suggest for you to periodically review this page. In amending the privacy policy, the “last modified” date at the top of this privacy policy shall be updated. The privacy policy currently published on our website (https://www.seraleads.com) is regarded as valid and effective.

Contacting Us
‍Please contact us if you have any questions, comments, or requests regarding this privacy policy. Our contacts are as follows:
‍
Sera Leads OÜ

Estonian commercial register code: 16976269

Registered address: Kentmanni tn 6-6, 10116 Tallinn, Estonia

e-mail address: sergio@seraleads.com

Our supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee)
‍