PRIVACY & DATA PROCESSING POLICY

This Privacy & Data Processing Policy outlines how https://www.totamtotut.com (hereinafter “we”, “our”, or “the Provider”) collects, uses, discloses, and protects your personal data when you interact with our services, website, or platform.

1. Controller Information. The data controller responsible for your personal data is: Relocation Consulting OÜ (registrational number 17155617)

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Masina tn 22, 10113

If you have any questions about this policy, please contact our manager at: hello@totamtotut.com.

2. Types of Data We Collect. We may collect and process the following categories of personal data:

Identity data (full name, gender, date of birth, nationality, ID/passport number)

Contact data (email address, phone number, residential address)

Immigration history and relevant documents

Financial data (invoicing details, payment status)

Technical data (IP address, browser type, device information)

Communication records (emails, messages, service-related documents)

We do not collect special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data) unless required by law or with explicit consent.

3. Purposes and Legal Basis for Processing. Your personal data is collected and processed for the following purposes:

To assess your eligibility and provide personalized relocation advice

To prepare and submit documentation for residence permit applications

To communicate with you and respond to your inquiries

To manage billing, invoicing, and payment processes

To fulfill legal obligations (e.g. accounting, anti-money laundering laws)

To ensure website functionality and security

The legal basis for processing your data includes:

Your explicit consent (Art. 6(1)(a) GDPR)

Contractual necessity (Art. 6(1)(b) GDPR)

Legal obligations (Art. 6(1)(c) GDPR)

Legitimate interests (Art. 6(1)(f) GDPR)

4. How We Share Your Data. Your personal data may be shared only as necessary and strictly limited to the following recipients:

Internal staff and consultants involved in service delivery

External service providers (e.g., document translators, legal experts)

Payment processors and accounting service providers

Governmental and immigration authorities, where legally required

All third parties with access to your data are contractually obligated to protect its confidentiality and comply with data protection laws.

5. International Data Transfers. Your data may be transferred outside the European Economic Area (EEA) if required for service purposes (e.g., foreign embassies or legal support). In such cases, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

6. Data Retention. We retain your data:

For the duration of our contractual relationship

For 5 years following contract termination (or longer if required by law)

As long as necessary for legal claims or defense

7. Your Rights Under the GDPR. As a data subject, you have the following rights:

Right to access your data

Right to rectify inaccurate or incomplete data

Right to erasure (“right to be forgotten”) under certain conditions

Right to restrict or object to processing

Right to data portability

Right to withdraw consent at any time

Right to lodge a complaint with your local Data Protection Authority

To exercise your rights, please contact us at: hello@totamtotut.com.

8. Data Security Measures. We use a combination of technical and organizational safeguards to protect your data, including:

Encrypted data storage and transmission

Restricted access based on role and need

Internal confidentiality protocols and training

Regular data protection reviews and updates

9. Changes to This Policy. We reserve the right to update this Privacy Policy at any time. Significant changes will be communicated via our website or by email.