Privacy policy

Privacy Policy

Last updated: 14 June 2026

This Privacy Policy explains how Sepplabs processes personal data on the website www.sepplabs.com, in customer communications, inquiries and B2B sales communications.

1. Controller

Sepplabs 

Email: karl@sepplabs.com
Phone: +358 40 656 9608

Sepplabs does not have a public visiting address. Please contact us by email or phone.

2. What personal data do we process?

We may process the following personal data:

Contact details:
- name
- email address
- phone number
- company name
- job title or role in the company

Communication data:
- messages you send to us
- contact form content
- email conversations
- requests for quotes and information related to a customer relationship

Customer relationship data:
- service-related needs and preferences
- services offered or purchased
- billing and contract-related information if you or your company becomes our customer

Technical website data:
- IP address
- browser and device information
- website usage events
- information collected through cookies and similar technologies

B2B sales-related data:
- publicly available company and contact information
- work role-related information available on company websites, business registers, LinkedIn or other public sources

We do not intentionally collect sensitive personal data, such as health data, religious beliefs, political opinions or other special categories of personal data.

3. Where do we get personal data from?

We mainly receive personal data from:
- you directly when you contact us
- the company you represent
- your use of our website
- public B2B sources, such as company websites, business registers and professional networks
- services we use, such as Shopify, Google Workspace and possible analytics tools

4. Why do we use personal data?

We use personal data for the following purposes:

Responding to inquiries:
We process data to respond to messages, requests for quotes and other inquiries.

Providing services:
We process data to plan, produce and deliver our services to customers.

Sales and B2B marketing:
We may use business contact details to contact companies that we believe may benefit from our services. This communication is directed to a person’s business role, not their private life.

Managing customer relationships:
We process data to manage contracts, billing, customer service and other customer communications.

Website operation and development:
We use technical data to improve website functionality, security, analytics and user experience.

Legal obligations:
We process data where necessary for accounting, taxation, official requests or legal claims.

5. Legal bases for processing

We process personal data on the following legal bases:

Contract or pre-contractual measures:
When you request a quote, purchase a service or we have a contractual relationship.

Legitimate interest:
When we respond to inquiries, develop our services, protect our website, maintain customer relationships or conduct relevant B2B sales based on a professional role.

Consent:
When we use non-essential cookies, analytics or other tracking that requires consent.

Legal obligation:
When we need to retain data due to accounting rules or other legal obligations.

6. Cookies and analytics

Our website may use cookies and similar technologies.

Essential cookies are necessary for the technical operation, security and basic functions of the website.

Non-essential cookies, such as analytics or marketing cookies, are used only in accordance with applicable law. If the website uses a cookie banner, you can accept or reject non-essential cookies through the banner.

We may use analytics to understand how the website is used and how it can be improved. We aim to process analytics data reasonably and only to the extent necessary for our business.

7. Who can we share data with?

We do not sell personal data.

We may share personal data only when necessary to provide our services, operate our business or comply with the law.

Data may be processed through the following service providers:
- Shopify, for website and technical platform hosting
- Google Workspace, for email and file processing
- analytics and marketing tools, if used
- billing, accounting and payment service providers, if used
- IT, hosting and cybersecurity service providers
- authorities, if required by law

Service providers process data only to the extent necessary to provide services to us.

8. Transfers outside the EU or EEA

Some of the service providers we use may process personal data outside the European Union or the European Economic Area.

If personal data is transferred outside the EU or EEA, we ensure that there is an appropriate legal basis for the transfer, such as the European Commission’s Standard Contractual Clauses or another safeguard required by applicable data protection law.

9. How long do we keep personal data?

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Typical retention periods:
- inquiries and quote requests: up to 24 months from the last contact if no customer relationship is formed
- customer relationship data: during the customer relationship and afterwards for as long as necessary for contracts, claims or legal obligations
- accounting records: for the period required by law
- marketing opt-out information: for as long as necessary to respect the opt-out
- technical logs and security data: for a reasonable period to ensure website security and functionality
- cookie and analytics data: according to the tool used and cookie preferences

10. How do we protect personal data?

We use reasonable technical and organisational measures to protect personal data.

These may include:
- limiting access only to people who need it
- strong passwords and two-factor authentication where possible
- reliable service providers
- encrypted connections
- regular review of systems and access rights

11. Your rights

Under applicable data protection law, you have the right to:

- receive information about the processing of your personal data
- request access to your personal data
- request correction of inaccurate data
- request deletion of your data
- request restriction of processing
- object to processing where processing is based on legitimate interest
- withdraw consent where processing is based on consent
- request data portability in applicable situations
- object to direct marketing at any time

If you want to exercise your rights, please contact us by email: karl@sepplabs.com

12. Right to lodge a complaint

If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with a competent data protection authority.

13. Opting out of B2B direct marketing

If you receive a B2B message from us and do not want further messages, you can reply for example “no thanks” or contact us at karl@sepplabs.com.

We respect marketing opt-outs and, where necessary, keep only minimal information to ensure that we do not contact you again for the same purpose.

14. Changes to this Privacy Policy

We may update this Privacy Policy if our services, website, tools or applicable laws change. The latest version is always available on our website.