Privacy Policy and Personal Data Processing

The controller of OIXIO’s websites and service portals is:

Siduri 3, 11313 Tallinn, Estonia
Phone +372 699 0678

Savanorių ave. 321C, LT-50120 Kaunas, Lithuania
Phone +370 630 14144

Personal data protection

Personal data are data collected by OIXIO for providing a service, identifying a person, contacting a person for providing a service or for resolving any issues.

OIXIO does not process special categories of personal data as defined in Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR).

OIXIO undertakes to protect the personal data and privacy of its customers and users. OIXIO’s activities online are in conformity with all applicable requirements and legislation of the Republic of Estonia and the European Union, including Regulation (EU) 2016/679 of the European Parliament and of the Council. OIXIO applies all precautionary measures (including administrative, technical and physical) to protect the personal data collected. Access to the personal data to change and process the data is only granted to authorised persons.


The personal data which have become known in the course of visiting OIXIO’s websites and making purchases in the service portals are treated as confidential information. An encrypted data communication channel with banks ensures the security of the customer’s personal data and bank information.

The following is OIXIO’s privacy policy concerning the collection, processing, use, disclosure, transfer, amendment, forgetting and erasure of personal data.
The policy does not apply to the processing of the data of legal persons and other companies/institutions, or to the processing of personal data on the websites / service portals to which our websites / service portals refer (external links).
The person representing a company (as a customer of the service) is not a natural person, but an authorised representative of a legal person, and the processing of their personal data is not governed by Regulation (EU) 2016/679 of the European Parliament and of the Council.

1. What kind of data are collected?

  • Anonymous technical data are collected about a visitor who browses the websites.
  • In addition, personal data are collected in the service portals for the provision of services and identification of persons.
  • The technical data include the URL address (IP address) of the computer or the computer network used, the software version of the browser and the operating system, and the time (time, date, year) of the visit. IP addresses are not linked to personally identifiable information, except in the case of service portals where it is an additional security measure.
  • Information is collected on website visits and the time spent on the website in order to improve the websites and service portals and make them more convenient for visitors to use.
  • In the service portals (incl. in the online shop), personal data are collected for the performance of contracts and for gathering information on the topics of interest for the person (including the content of the shopping cart, preferences, attitudes, behaviours, etc.), to improve the provision of the expected information where possible and thereby provide a better customer experience in the use of services and direct marketing.
  • In the case of natural persons, the data collected include the personal identification code to identify uniqueness where necessary, the name for communication, the e-mail address, mobile phone number, city of location, and the country.
  • To process the data of legal persons, we collect data such as the registry code, VAT number, name, country, address, e-mail addresses to contact and send invoices, and the names, e-mail addresses and phone numbers of the persons representing the company.
  • When paying for goods and services using a credit card or bank link service, only Paysera LT UAB will have access to the bank card information and bank details. An encrypted data communication channel with the service provider ensures the security of the customer’s personal data and bank information.
  • The personal data processed by OIXIO’s customers and uploaded to the OIXIO portal within the scope of the service are protected by the duty of confidentiality which will apply after the customer signs the service contract. OIXIO’s services can only be used after accepting the agreement. Acceptance of the agreement is verified by software; in the absence of such agreement, you are prompted to accept it.
  • All OIXIO service staff who come into contact with personal data have been trained to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council and to implement security measures in their work when servicing OIXIO’s customers.
  • Consent to the collection of related personal data and the personal data necessary for the service is given by the customer upon ordering the service. By ordering the service, consent is deemed to be given with the respective time stamp.

2. How long will the collected data be stored?

  • The anonymous technical data collected by websites and service portals are stored indefinitely.
  • The personal data related to non-anonymous inquiries and/or transactions are stored for up to 7 years after the last interaction with the service provider, pursuant to the obligation prescribed by the Accounting Act to prove transactions. An interaction means, in particular, reacting to direct marketing by viewing or clicking on a link.

3. Who are the recipients of personal data?

  • The personal data processed by OIXIO can be transmitted without the consent of the respective person only to a lawfully entitled (e.g. by a court or a body conducting pre-trial proceedings) institution or person who has a legitimate need.
  • The customers’ personal data processed within the scope of OIXIO’s services are treated as confidential and only the owner of the data (customer) has the right to process, issue or transfer such data.
  • At the request of OIXIO’s customer, OIXIO will provide technical assistance in data processing, but this will not change the ownership or liability relations of the data.
  • OIXIO is the controller of personal data and transfers the personal data required for processing the payments to the processor, Maksekeskus AS.

4. What are the data subject’s rights regarding the data collected?

The right to access the personal data, rectify the data and object to processing

  • By default, personal data will not be disclosed unless relevant permission has been obtained (participation in trainings/seminars/conferences).
  • All persons have the right to access their personal data on the service portals.
  • If it is possible to rectify the data, it can be done immediately depending on the service and the service portal.
  • If the personal data cannot be rectified or accessed or are not made available on the website or on the service portals, an application should be filed to us in a format which allows identifying the person, to access or rectify the data. If possible, the personal data are made available to access or rectify in 7 business days.
  • Direct marketing offers for all or some of the topics can be opted out of immediately via the link in the footer of each marketing e-mail received. The change will become effective immediately.
  • If there is no legal ground (anymore) for processing or granting access to the personal data, the termination of the use of the data, the erasure of the data, or the termination of the disclosure of, or access to, the data can be requested. In order to avoid misuse of the customer’s data and rights, applications may only be submitted in a format where the applicant can be identified (digitally signed or personally signed at the representative office). We have the right to respond to such requests within 30 days.
  • An application will not be satisfied if:
    • it may affect the rights and freedoms of another person;
    • it may prevent the provision or non-provision of the service;
    • it may hinder the work of law enforcement agencies;
    • it is not technically necessary and/or possible;
    • the identity of the applicant is not legally related to the data;
    • the applicant’s identity cannot be verified.

Terms and conditions of, and changes to, the Privacy Policy

By using OIXIO’s websites and/or service platforms, you declare you have read and accept this policy and terms and conditions. We retain the right to change the general terms and conditions by notifying all related persons thereof.