Privacy policy

Last updated: 9 January 2026 

Lightfoundry ÖU is committed to protecting your privacy and ensuring transparency in how we process personal data. This Privacy Policy explains how we collect, use, store, and disclose personal data when you visit our website, use our services, subscribe to our communications, or otherwise interact with us. 

This Policy is prepared in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian data protection laws. 

1. Data Controller 

The legal entity responsible for processing your personal data is: 

Lightfoundry ÖU 

Registry code: 17213705 

Registered address: Tuukri tn 19-202, 10120, Tallinn, Harju,
Estonia Email (privacy matters): jhuang@lightfoundry.ee

Lightfoundry ÖU acts as the data controller under Article 4(7) GDPR. 

2. Personal Data 

For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable natural person, as defined by the GDPR, including information that can directly or indirectly identify you. 

3. Legal Basis for Processing

We process personal data on one or more of the following legal bases: 

• Performance of a contract (Article 6(1)(b) GDPR): to provide products, services, and process payments. 

• Legitimate interests (Article 6(1)(f) GDPR): to operate, maintain, secure, and improve our website and services. 

• Consent (Article 6(1)(a) GDPR): for newsletters, marketing communications, and optional cookies.

• Legal obligation (Article 6(1)(c) GDPR): to comply with accounting, tax, and regulatory requirements.

4. Collection of Personal Data 

We may collect personal data in the following ways:

• When you place an order or make a payment through our website • When you subscribe to our newsletter

• When you contact us via email or website forms

• When you submit a CV or professional information voluntarily • When you browse or interact with our website (via cookies and analytics tools)

5. Categories of Personal Data

We may process the following categories of personal data:

a) Personal data

• Name, email address, telephone number

• Billing and payment information

• Company name and professional role

• Communication history

• Newsletter subscription details 

• CVs and professional information submitted voluntarily 

• IP address, browser type, device data, and website usage

data b) Special categories of personal data 

Lightfoundry ÖU does not intentionally collect or process special categories of personal data as defined under Article 9 GDPR. 

6. Purposes of Processing 

Personal data is processed for the following purposes: 

• Delivery of products and services 

• Processing payments and managing orders 

• Customer communication and support 

• Sending newsletters and marketing communications (where consent is given)

• Website analytics and performance optimization 

• Reviewing CVs and professional inquiries 

• Compliance with legal and regulatory obligations 

7. Payments 

Payments made through our website are processed securely via third-party payment  service providers. Lightfoundry ÖU does not store full payment card details. Payment  providers act as independent data controllers or processors under their own privacy  policies.

8. Disclosure of Personal Data 

We may disclose personal data, where necessary and lawful, to: 

• Authorized employees and contractors of Lightfoundry ÖU 

• IT, hosting, cloud, analytics, and email service providers 

• Payment service providers 

• Accounting, legal, and professional advisors 

• Public authorities where required by law 

All service providers are contractually required to comply with GDPR and maintain  appropriate safeguards. 

9. Cookies and Analytics 

Our website uses cookies and similar technologies to ensure proper functionality and to  analyze website traffic. 

Cookies may be used for: 

• Essential website functionality 

• Traffic monitoring and statistics 

• Improving user experience 

We use Google Analytics or similar analytics tools. Where required, cookies are placed only after your consent. You can manage or withdraw your consent at any time via the cookie settings on our website or your browser preferences.

10. Data Retention 

We retain personal data only for as long as necessary for the purposes described: 

• Accounting and transaction data: up to 7 years (legal obligation) • Customer data: for the duration of the contractual relationship • Marketing data: until consent is withdrawn

• CVs and professional inquiries: up to 12 months, unless deletion is requested earlier 

11. Data Subject Rights 

Under the GDPR, you have the right to: 

• Access your personal data 

• Rectify inaccurate or incomplete data 

• Request erasure of your data 

• Restrict or object to processing 

• Data portability 

• Withdraw consent at any time 

• Lodge a complaint with a supervisory authority 

To exercise your rights, contact us at: jhuang@lightfoundry.ee 

You also have the right to lodge a complaint with the Estonian Data Protection  Inspectorate (Andmekaitse Inspektsioon).

12. Security 

Lightfoundry ÖU implements appropriate technical and organizational measures to  protect personal data against unauthorized access, loss, alteration, or disclosure, including access controls, secure hosting, encryption where appropriate, and regular  system monitoring.

13. Children’s Privacy 

Our services are not directed at children under the age of 13, and we do not knowingly  collect personal data from children.

14. Links to Third-Party Websites 

Our website may contain links to third-party websites. Lightfoundry ÖU is not responsible for the privacy practices or content of external websites.

15. Governing Law 

This Privacy Policy is governed by the laws of Estonia and applicable European Union  legislation.

16. Changes to This Policy 

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, with the update date clearly indicated.