-
Email
-
Phone
Kodwise OÜ
PRIVACY POLICY
Last Updated: 18 Oct 2025
This Privacy Policy explains how Kodwise OÜ (“Kodwise”, “we”, “us”) collects, uses, shares, and protects personal data when you use our websites, mobile applications, and other services (together, the “Services”). We are committed to safeguarding your privacy, protecting information security, and respecting ethical and legal standards under the General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act.
1. DATA CONTROLLER
Kodwise OÜ
Address: Viru väljak 2, 10111 Tallinn, Estonia
Email: info@kodwise.org
2. WHAT PERSONAL DATA WE PROCESS
Depending on your relationship with Kodwise and how you use the Services, we may process:
• Identity data (name, surname, child’s first name/age when required for classes)
• Contact data (email, phone, city, country)
• Customer data (customer ID, enrollment information)
• Transactional and billing data (orders, invoices, payment status – full card details are not stored by us)
• Usage and analytics data (page views, device information, referrer/UTM data, and events such as form submissions or trial bookings)
• Communications (messages, calls, support requests, lawful recordings)
• Visual and audio materials (photos, videos, lesson recordings, documents)
• Marketing preferences and consent choices
3. PURPOSES & LEGAL BASES (GDPR ART. 6)
We process personal data for the following purposes and legal bases:
• To provide and manage the Services (accounts, classes, support) – performance of a contract (Art. 6(1)(b))
• For payments, invoicing, and accounting – legal obligation (Art. 6(1)(c))
• To improve products, analytics, and service quality – legitimate interest (Art. 6(1)(f))
• For marketing, remarketing, and retargeting (email/SMS/ads) – consent where required (Art. 6(1)(a))
• For security, fraud prevention, and system integrity – legitimate interest (Art. 6(1)(f))
4. SOURCES OF DATA
We obtain personal data directly from you (through forms, checkout, or support), from your device (via cookies, SDKs, or analytics tools), and—where applicable—from CRM or advertising partners in accordance with your consent and applicable law.
5. SHARING & INTERNATIONAL TRANSFERS
We may share personal data with:
• Service providers acting on our behalf (e.g., CRM, analytics, hosting, communications, payment processors)
• Advertising and analytics partners (e.g., Google, Meta) based on consent or legitimate interest
• Public authorities, regulators, or courts where legally required
Where data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and supplementary technical and organizational measures. We also conduct Data Transfer Impact Assessments (TIAs) to ensure compliance and security.
6. DATA RETENTION
We retain personal data only as long as necessary for the purposes outlined in this Policy:
• Contractual and financial records – up to 7–10 years (as required by law)
• Marketing data – until consent is withdrawn or you object
• Analytics data – in accordance with tool defaults or internal policies
When data is no longer required, it is securely deleted, anonymized, or aggregated for statistical purposes.
7. SECURITY MEASURES
We implement technical and organizational measures to ensure an appropriate level of security, including data encryption (in transit and at rest), strict access controls, staff training, regular audits, data minimization, and business continuity protocols. Although no system is entirely secure, we continually improve our safeguards to protect your data from unauthorized access, misuse, loss, or alteration.
8. PROCESSORS AND SUB-PROCESSORS
We engage carefully selected third-party service providers that process data strictly under our instructions. All processors are bound by written Data Processing Agreements (DPAs) and confidentiality obligations. Categories include hosting, CRM, communications, analytics, and payment processing.
You may request an up-to-date list of these providers or view them at: /en/subprocessors.
9. COOKIES & CONSENT MANAGEMENT
We use cookies, SDKs, and similar technologies for core functionality, analytics (e.g., Google Analytics), and advertising (e.g., Google Ads, Meta). Consent-based cookies are activated only after you grant permission through our Consent Management Platform (CMP), which complies with IAB TCF v2.2 standards. You may withdraw or adjust your preferences anytime. For details, see our Cookie Policy.
10. CHILDREN’S DATA
Our Services are designed for children, but all contracts and payments are concluded with parents or legal guardians. We collect a child’s first name and age only as necessary to deliver lessons, always with parental consent. We do not use children’s data for marketing or profiling. Parents or guardians may request correction or deletion of their child’s data at any time by contacting info@kodwise.org.
11. MARKETING & PROFILING
We may analyze interactions with our Services to personalize communication and advertising (including remarketing). Such processing is based on legitimate interest or your explicit consent where required. You may withdraw consent or object to such profiling and marketing at any time using unsubscribe links, CMP preferences, or by contacting us directly.
12. YOUR RIGHTS UNDER GDPR
You have the following rights under GDPR:
• Access your data and receive a copy
• Request correction or deletion of inaccurate or outdated data
• Restrict or object to processing, including direct marketing
• Request data portability
• Withdraw consent at any time without affecting prior processing
To exercise your rights, contact info@kodwise.org. We may ask for additional information to verify your identity. We will respond within one month as required by GDPR (extendable by up to two additional months for complex requests, in which case we will notify you).
You may also lodge a complaint with your local authority or the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at
https://www.aki.ee/en.
Kodwise OÜ is registered and supervised under Estonian law. The competent supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
13. DATA PROTECTION CONTACT
While Kodwise OÜ is not legally required to appoint a Data Protection Officer under Article 37 GDPR, all privacy-related inquiries can be directed to info@kodwise.org. For non-EU users, Kodwise acts as the data controller and ensures that any data transferred to the EU is handled under equivalent safeguards.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. Significant updates will be clearly communicated on this page. Please review this Policy regularly to stay informed about how we protect your personal data.
Effective Date: 17 Oct 2025 — Version 1.0
CONTACT
Kodwise OÜ
Viru väljak 2, 10111 Tallinn, Estonia
Email: info@kodwise.org
