Welcome, and thank you for your interest in Softhaus OÜ (“Softhaus“, “we“, “us“), our websites and products including Loadgate and Seamlog (together with any related websites, applications, and communications where this Privacy Notice is displayed, the “Service“).

This Privacy Notice explains what personal data we collect, how we use and share it, and the choices and rights you have. This Notice is part of (and is incorporated into) our Terms and Conditions.

If you want to understand what cookies and similar technologies we use, please review our Cookie Notice (where available on the Service).

We process personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR“) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

1. Definitions

• Personal Data: any information relating to an identified or identifiable natural person.
• Visitor: a person who uses the public parts of our websites without logging in.
• User: a person who accesses the Service through an account (for example, as an employee or representative of a customer).
• Customer / Client: the organisation that enters into an agreement with Softhaus for the Service.
• Customer Data: data submitted to the Service by or on behalf of a Customer (including Customer’s end-user data).

2. Data controller and contact

Controller (Art. 4(7) GDPR):

Softhaus OÜ Rüütli 7,
Tartu, Tartumaa 51007, Estonia
Email: info@softhaus.eu

If you contact us about privacy, please include sufficient information for us to verify your request (for example, the account email address).

3. Roles and responsibilities

3.1 When Softhaus acts as a Controller
We act as a controller for personal data we process for our own purposes, such as:

• website operation and security
• account administration
• billing and payments
• customer support and communications
• sales and marketing (where permitted)

3.2 When Softhaus acts as a Processor
We may act as a processor when we process Customer Data on behalf of a Customer (the Customer is the controller). In those cases, our processing is governed by our contract with the Customer and (where applicable) a Data Processing Agreement/Addendum (“DPA“).

3.3. Requests relating to Customer-controlled data
If you are a User or another data subject and your request concerns Customer Data processed on behalf of a Customer, please contact the Customer directly first. We will assist Customers in responding to requests where required by law and our agreements.

4. Personal data we collect

We collect personal data in three main ways: (A) data you provide, (B) data collected automatically, and (C) data from third parties.

4.1 Data you provide directly
Depending on how you interact with us, this may include:

• Account and profile data: name, business email, phone number, company name, role, language/time zone (optional)
• Support and communications: messages you send to us, support tickets, call/chat records (where used)
• Billing and transactions: billing contact details, invoice details, payment status (we generally do not store full payment card numbers if a payment provider is used)
• Event and marketing sign-ups: webinar/event registration data, newsletter subscriptions, preferences and opt-ins

4.2 Automatically collected data
When you visit or use the Service, we may collect:

• Device and log data: IP address, browser type, device identifiers, operating system, language settings, referring URLs, timestamps
• Usage data: pages viewed, features used, clicks and interactions, error and performance logs
• Cookie and similar technology data: identifiers used to recognise your browser/device, remember preferences, and measure usage (see Section 7)

4.3 Data from third parties
We may receive limited personal data from:

• Identity and authentication providers (if you choose to use single sign-on, where available)
• Partners or resellers (if you request contact through them)
• Event organisers (if you register through a third-party event platform)
• Public sources (for example, if you interact with us on social networks or marketplaces)

We do not intentionally collect special categories of data (Art. 9 GDPR) and ask you not to upload such data unless strictly necessary.

5. How we use personal data and our legal bases
We use personal data for the purposes below. The legal basis depends on the context:

5.1 Provide and operate the Service

• Create and manage accounts, authenticate users, provide features, maintain the Service
• Legal basis: performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))

5.2 Customer support and communications

• Respond to requests, provide technical support, send service-related messages
• Legal basis: contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))

5.3 Billing, accounting, and compliance

• Issue invoices, manage payments, keep records as required by law
• Legal basis: legal obligation (Art. 6(1)(c)) and contract (Art. 6(1)(b))

5.4 Security, fraud prevention, and integrity

• Protect the Service, prevent abuse, monitor for suspicious activity, enforce policies
• Legal basis: legitimate interests (Art. 6(1)(f))

5.5 Improve and develop the Service

• Understand usage trends, diagnose issues, improve performance and features
• Where Customer Data is involved, we use it in aggregated/anonymised form where feasible
• Legal basis: legitimate interests (Art. 6(1)(f))

5.6 Marketing (where permitted)

• Send newsletters and marketing communications, manage preferences, measure campaign effectiveness
• Legal basis: consent (Art. 6(1)(a)) or legitimate interests (Art. 6(1)(f)) where permitted by law (for example, B2B relationship marketing), with an opt-out in every message

Where we rely on legitimate interests, you can object as described in Section 11.

6. How we share personal data
We do not sell personal data. We may share personal data in the following situations:

6.1 Service Providers (processors)

We use trusted vendors to help us operate the Service (for example, hosting, monitoring, analytics, customer support, invoicing, email delivery). They may process personal data only on our instructions and under contractual safeguards (Art. 28 GDPR).

6.2 Within your organization

If you are a User, information in the Service may be accessible to authorised administrators or other Users within your Customer’s account, depending on account settings.

6.3 Legal and safety reasons
We may disclose personal data where we believe in good faith it is necessary to:

• comply with a legal obligation or lawful request
• protect rights, safety, and security of Softhaus, our Customers, Users, or others
• investigate fraud, security incidents, or violations of our terms

6.4 Business transfers

If Softhaus is involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

7. Cookies and similar technologies
We use cookies and similar tracking technologies for:

• Essential purposes (security, authentication, load balancing, preferences)
• Analytics and performance (understanding usage and improving the Service)
• Marketing (only where used and only with consent)

Where required, we request consent before placing non-essential cookies. You can manage preferences via our cookie banner (where available) and through your browser settings.


8. International data transfers
We primarily process personal data within the European Economic Area (EEA). If we transfer personal data outside the EEA, we do so in accordance with GDPR Chapter V (Arts. 44–49), using appropriate safeguards such as:

• European Commission Standard Contractual Clauses (SCCs)
• where needed, supplementary technical and organisational measures

9. Data Retention
We retain personal data only as long as necessary for the purposes described above, unless a longer retention period is required or permitted by law.

Typical retention considerations include:

• account status and ongoing contractual relationship
• statutory accounting and tax retention obligations
• statutory accounting and tax retention obligations

Where feasible, we delete or anonymise data when it is no longer needed.

10. Security

We maintain appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (Art. 32 GDPR). No method of transmission or storage is fully secure, so we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential and using secure devices.

If we become aware of a personal data breach, we will assess it and notify the relevant authority and affected individuals where required by law.

11. Your rights and choices
If you are in the EEA/Estonia, you have the following rights (subject to legal conditions):

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Data portability (Art. 20)
• Objection to processing based on legitimate interests (Art. 21)
• Withdraw consent at any time where processing is based on consent (Art. 7(3))

Marketing opt-out: You can unsubscribe from marketing emails at any time using the link in the email.

Cookies: You can manage cookie settings via our cookie banner (where available) and browser settings.

Complaints: You can lodge a complaint with a supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI).

12. Children

Our Service is not directed to children under 18, and we do not knowingly collect personal data from children.

13. Changes to this notice

We may update this Privacy Notice from time to time. We will post the updated version on our website and update the “Last updated” date. If changes are material, we will take additional steps where required by law.

14. Contact

For questions or requests about this Privacy Notice or our processing of personal data, contact:

Softhaus OÜ
Email: info@softhaus.eu