Rohuaia Kodu

Privacy Policy

Last updated: 12.05.2026

This privacy policy explains how MHE OÜ ("we") processes the personal data of visitors and inquirers on the rohuaiakodu.ee website. We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act.

1. Data controller

MHE OÜ

Registry code: 12677015

Address: Pargi tn 30, Kunda, 44107 Viru-Nigula Parish, Lääne-Viru County, Estonia

Email: info@mhe.ee

2. Data processor

The website is developed and technically maintained by Tarkvara Lahendused OÜ, which acts as a data processor solely on our instructions and only for the purposes described in this document.

3. What personal data we collect

Through the contact form we collect:

  • name
  • email address
  • phone number (optional)
  • message content
  • inquiry context: selected building, apartment or office number, language used
  • browser technical info (User-Agent string) — for security and spam prevention

In addition, our hosting provider produces standard server logs (including IP address, request time and URL), which are required to ensure the security and operation of the service.

We do NOT collect: company name, payment or billing data, user account data, location data or marketing profiles. The website does not have an online shop, user accounts or a newsletter.

4. Channels through which we collect data

  • the website contact form
  • direct communication by email or phone (when you contact us)
  • web hosting server logs

5. Purposes and legal bases of processing

  1. Responding to inquiries and pre-sales communication — legal basis: pre-contractual measures at your request (GDPR Art. 6(1)(b)) and our legitimate interest in responding to inquiries (Art. 6(1)(f)).
  2. Performance of a contract, if one follows — legal basis: contractual necessity (Art. 6(1)(b)).
  3. Accounting and compliance with statutory obligations — legal basis: legal obligation (Art. 6(1)(c)), e.g. the Accounting Act.
  4. Ensuring website security, abuse and spam prevention — legal basis: legitimate interest (Art. 6(1)(f)).

We do not carry out profiling or automated decision-making that would have legal effects on you.

6. Cookies and similar technologies

The website does not use analytics, marketing or third-party tracking cookies. Non-essential cookies are not set without the user's consent. If analytics or marketing is added in the future, we will request separate consent via a cookie banner, which you can withdraw at any time.

Only technical local storage (e.g. remembering the selected language) — necessary for the basic functioning of the website — is considered essential and does not require consent under the law.

7. Data retention

  • Contact inquiries: up to 24 months from submission, or until communication related to the inquiry has ended — whichever is later.
  • Contract-related data: for the duration of the contract and up to 7 years after its end (Accounting Act).
  • Accounting documents: 7 years (Accounting Act § 12).
  • Server logs: up to 90 days.
  • Records of consent (where applicable): until consent is withdrawn and a reasonable period thereafter for evidentiary purposes.

After the retention period expires, the data is deleted or anonymised.

8. Data sharing and transfers

We do not sell your personal data to third parties. Data is shared only with the following processors, who are bound by confidentiality and process data on our instructions:

  • Tarkvara Lahendused OÜ — website development and technical maintenance.
  • Lovable Cloud (Supabase) — database and inquiry hosting on EU servers.
  • Google Fonts (Google Ireland Limited) — loading of web fonts; your IP address and browser information may be transmitted to Google when fonts are loaded.

Data is stored within the European Economic Area (EEA). Where individual transfers outside the EEA occur (e.g. via Google's infrastructure), we rely on the European Commission's Standard Contractual Clauses or other safeguards provided for in Chapter V of the GDPR.

9. Your rights

You have the right to:

  • be informed about the processing of your data;
  • access your data and obtain a copy;
  • request rectification of inaccurate data;
  • request erasure of your data ("right to be forgotten");
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • data portability in a machine-readable format, where technically feasible and where processing is based on consent or a contract;
  • withdraw any given consent at any time, without affecting the lawfulness of processing carried out before its withdrawal;
  • lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee, info@aki.ee, +372 627 4135).

To exercise your rights, contact us at: info@mhe.ee. We will respond to your request within 30 days at the latest.

10. Security

We apply reasonable technical and organisational measures to protect your data:

  • access restrictions on a "need to know" basis;
  • encrypted data transfer (HTTPS/TLS);
  • automated database backups on EU servers;
  • access logging;
  • confidentiality obligations for all employees and processors;
  • regular software updates and security reviews.

In the event of a data breach likely to result in a high risk to your rights, we will notify the Estonian Data Protection Inspectorate within 72 hours and, where necessary, also you personally.

11. Changes to this privacy policy

We may update this privacy policy from time to time. The current version is always available on this page together with the date of the last update. We will notify you of significant changes in a visible manner on the website.

12. Contact

Privacy-related questions, requests and complaints:

MHE OÜ

Email: info@mhe.ee