Privacy policy
This Privacy Policy outlines how Summus Capital OÜ (hereinafter „we“, „us“ or „our“) collects, uses, discloses and safeguards personal data through our website and in the course of our operations. Personal data is any information relating to an identified or identifiable natural person (e.g. name, e-mail address, personal identification code). We are committed to ensuring the confidentiality, integrity, and lawful processing of personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (EU 2016/679) (hereinafter “GDPR”).
- Scope of the Policy
This Privacy Policy applies to personal data we process:
- When you interact with our website;
- When you provide personal information to us;
- Through communication with our representatives or submission of forms.
- Personal data that we collect
We may process the following categories of personal data:
| Category | Examples |
| Personal data | Name, personal identification code |
| Contact data | E-mail address |
| Bank account data | Securities account number |
| Technical and usage data | IP address, browser type, visited pages |
| Cookie data | Session identifiers, analytics, preferences |
- Purposes of and legal basis for the processing of personal data
Your personal data may be processed for the purposes of processing declarations, responding to contact form or direct inquires, managing investor communications, compliance with legal or regulatory obligations and website analytics and performance monitoring.
We process the personal data on the basis of your consent (GDPR Article 6 (1) (a)), for the purpose of performing our contractual obligations (GDPR Article 6 (1) (b)), in order to fulfil our legal obligations (GDPR Article (1) (c)), or in our legitimate interests (GDPR Article 6 (1) (f)). In the latter case we process your personal data only if we have assessed in advance that the processing of your personal data will not unduly infringe your rights.
- Use of cookies
Our website is using cookies to improve the quality of the provided services. We use session cookies, permanent cookies and third-party cookies (Google Analytics, Facebook):
Allowing cookies is not unavoidably necessary for the main functions of the website to work, but it gives a better browsing experience. If you so wish, you can always delete and block the cookies, but in doing so, some functions of the website might not work as intended.
Please consider that some cookies are from third-party service providers who perform some of the tasks on our behalf.
Information related to cookies is not used to identify your person and the collected data are under our control. The cookies are not used for any purpose other than described above.
- Data sharing
We do not sell or rent your personal data to third parties. However, in the course of our activities, there may be instances where we need to share personal data with third parties who process personal data as either data processors on our behalf or as independent controllers. We may disclose your personal data to comply with our legal obligations.
Your personal data may be disclosed to competent supervisory or regulatory authorities. We may also share your personal data with professional service providers such as legal advisors, auditors and compliance consultants, to the extent necessary to protect our legal rights and fulfil our compliance obligations. Additionally, certain IT service providers, hosting services, and cloud based infrastructure providers may process personal data on our behalf as data processors.
We generally do not process personal data outside the European Economic Area. However, if such transfer occurs, we ensure that adequate safeguards are in place as required under the GDPR.
- Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which the data was collected, or to comply with applicable legal, regulatory, or contractual requirements. The specific retention period depends on the nature of the data and the legal obligations governing its processing.
Personal data submitted via the contact form or through other general correspondence will typically be retained for up to one year, unless the context of the inquiry requires longer storage for ongoing communication or legal follow-up.
Technical and analytics data collected through cookies and similar technologies is stored for the duration necessary to fulfil the purposes for which it was collected, typically no longer than […] months, depending on the configuration of the analytics tools and applicable consent.
When data is no longer required, it is securely deleted or anonymised in accordance with applicable standards.
- Your rights
As a data subject, you have a range of rights under the General Data Protection Regulation and the Estonian Personal Data Protection Act. These rights allow you to maintain control over your personal data and how it is used.
You have the right to access the personal data we hold about you and to receive information about how and why it is being processed. If your data is inaccurate or incomplete, you have the right to request its rectification. In certain circumstances, you may request the erasure of your data, particularly where it is no longer needed for the purposes for which it was collected, or if you withdraw consent where consent was the legal basis.
You may also request the restriction of processing where the accuracy of the data is contested or where processing is unlawful but you oppose erasure. Where we process your data based on our legitimate interests, you have the right to object to such processing, especially in the context of direct marketing.
Additionally, you have the right to data portability, which allows you to obtain your data in a commonly used, machine-readable format and, where feasible, request its transmission to another controller.
If we rely on your consent to process your personal data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise your rights, please contact us using the contact details provided at the end of this policy. We may request additional information to verify your identity before fulfilling your request.
If you believe your rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) (address Tatari 39, 10134 Tallinn, Estonia, Email: info@aki.ee, Website: www.aki.ee) If your permanent residence, workplace, or the place of infringement is in another European Union Member State, you have the right to submit a complaint with the data protection supervisory authority of that country as well. However, we recommend that you first contact us in case of any issues.
- Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy at any time in response to legal, regulatory, or operational developments. When updates are made, we will revise the “Effective Date” at the top of the policy and, where appropriate, notify you through our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
- Our contact details
Summus Capital OÜ,
Rotermanni tn 2-3b, Tallinn 10111, Republic of Estonia