Last updated: May 19, 2025

At Uristium Academy OÜ, we take your privacy and the protection of your personal data very seriously. This policy clearly explains how we collect, use, and protect your information, in accordance with the General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act (PDPA).

1. Who is responsible for processing your data?

• Controller: Uristium Academy OÜ

• Address: Lõõtsa tn 2a, Lasnamäe linnaosa, Harju maakond, Tallinn, 11415, Estonia

• Registration number: 16772182

• VAT number (EE): EE102641684

• Contact email: legal-and-security@uristium.com

• Supervisory authority: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)

2. What personal data do we collect?

Through our management systems (Outseta and Stripe), we may collect the following:

• Full name

• Postal address

• Email address

• Phone number

• Subscription and access data

• Payment information (processed directly by Stripe)

• IP address and technical browsing data (via cookies)

3. How do we collect your data?

We collect your data when you:

• Register or subscribe to our services through Outseta

• Make a payment through Stripe

• Browse our website and accept the use of cookies

• Contact us or request information

Data is not stored directly on our website (which is hosted on Framer), but on secure platforms provided by our service providers.

4. What do we use your data for?

• To manage your subscription and provide access to our services

• To issue invoices and manage payments

• To send you relevant information (only with your consent)

• To comply with legal and tax obligations

• To improve your experience through anonymous browsing analysis

5. What is the legal basis for processing?

• Contract: to give you access to the service and manage your subscription

• Legal obligation: to retain invoices and comply with tax regulations

• Consent: to send you commercial communications or use cookies

• Legitimate interest: to prevent fraud and improve our services

6. Who do we share your data with?

• Outseta (account management): Privacy Policy

• Stripe (payments): Privacy Policy

• Google, Meta, and Microsoft: for advertising purposes, only if you have consented to analytical or marketing cookies

7. Do we transfer data outside the EEA?

Yes, some of your data may be transferred to the United States:

• Stripe is certified under the EU–US Data Privacy Framework, ensuring adequate protection according to the European Commission.

• Outseta is not certified, but we have signed Standard Contractual Clauses (SCCs) with them to ensure appropriate safeguards.

We only work with providers that comply with European data protection laws.
You may request more information about these safeguards by contacting us.

8. How long do we retain your data?

• Billing data: 5 years (legal obligation)

• Subscription data: as long as your account remains active

• Marketing data: until you withdraw your consent

Once the retention period ends, your data will be securely deleted or anonymized.

9. What are your rights?

You can request at any time:

• Access to your data

• Correction of inaccurate or outdated information

• Erasure of your data (“right to be forgotten”)

• Restriction or objection to data processing

• Data portability

• Withdrawal of your consent

To exercise any of these rights, email us at: legal-and-security@uristium.com
You may also file a complaint with the Estonian data protection authority: aki.ee

10. Changes to this policy

We reserve the right to update this policy at any time. If there are relevant changes, we will notify you, and we recommend reviewing it periodically to stay informed about how we handle your personal data.