PRIVACY & DATA PROCESSING POLICY
This Privacy & Data Processing Policy outlines how https://www.totamtotut.com (hereinafter “we”, “our”, or “the Provider”) collects, uses, discloses, and protects your personal data when you interact with our services, website, or platform.
1. Controller Information. The data controller responsible for your personal data is: Relocation Consulting OÜ (registrational number 17155617)
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Masina tn 22, 10113
Email: hello@totamtotut.com
If you have any questions about this policy, please contact our manager at: hello@totamtotut.com.
2. Types of Data We Collect. We may collect and process the following categories of personal data:
Identity data (full name, gender, date of birth, nationality, ID/passport number)
Contact data (email address, phone number, residential address)
Immigration history and relevant documents
Financial data (invoicing details, payment status)
Technical data (IP address, browser type, device information)
Communication records (emails, messages, service-related documents)
We do not collect special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data) unless required by law or with explicit consent.
3. Purposes and Legal Basis for Processing. Your personal data is collected and processed for the following purposes:
To assess your eligibility and provide personalized relocation advice
To prepare and submit documentation for residence permit applications
To communicate with you and respond to your inquiries
To manage billing, invoicing, and payment processes
To fulfill legal obligations (e.g. accounting, anti-money laundering laws)
To ensure website functionality and security
The legal basis for processing your data includes:
Your explicit consent (Art. 6(1)(a) GDPR)
Contractual necessity (Art. 6(1)(b) GDPR)
Legal obligations (Art. 6(1)(c) GDPR)
Legitimate interests (Art. 6(1)(f) GDPR)
4. How We Share Your Data. Your personal data may be shared only as necessary and strictly limited to the following recipients:
Internal staff and consultants involved in service delivery
External service providers (e.g., document translators, legal experts)
Payment processors and accounting service providers
Governmental and immigration authorities, where legally required
All third parties with access to your data are contractually obligated to protect its confidentiality and comply with data protection laws.
5. International Data Transfers. Your data may be transferred outside the European Economic Area (EEA) if required for service purposes (e.g., foreign embassies or legal support). In such cases, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
6. Data Retention. We retain your data:
For the duration of our contractual relationship
For 5 years following contract termination (or longer if required by law)
As long as necessary for legal claims or defense
7. Your Rights Under the GDPR. As a data subject, you have the following rights:
Right to access your data
Right to rectify inaccurate or incomplete data
Right to erasure (“right to be forgotten”) under certain conditions
Right to restrict or object to processing
Right to data portability
Right to withdraw consent at any time
Right to lodge a complaint with your local Data Protection Authority
To exercise your rights, please contact us at: hello@totamtotut.com.
8. Data Security Measures. We use a combination of technical and organizational safeguards to protect your data, including:
Encrypted data storage and transmission
Restricted access based on role and need
Internal confidentiality protocols and training
Regular data protection reviews and updates
9. Changes to This Policy. We reserve the right to update this Privacy Policy at any time. Significant changes will be communicated via our website or by email.