Last Updated: December 2025
KAIZEN Digital OÜ acts as data controller for personal data processed through our business operations.
This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and Estonian data protection laws. This policy applies to all website visitors, clients, and business contacts.
We process personal data based on the following legal grounds:
Contract Performance: Processing necessary to deliver our consulting and digital marketing services to clients.
Legitimate Interests: Processing for business development, service improvement, and client relationship management, provided our interests don’t override your fundamental rights.
Legal Obligation: Processing required to comply with Estonian and EU legal requirements, including tax and accounting obligations.
Consent: Processing based on your explicit consent, which you may withdraw at any time without affecting prior lawful processing.
Contact Information: Names, email addresses, phone numbers, business addresses, and company details.
Professional Information: Job titles, business backgrounds, and information relevant to Japan market entry consulting services.
Communication Records: Correspondence, meeting notes, consultation records, and project-related communications.
Technical Data: IP addresses, browser information, device data, and website usage analytics collected through cookies and similar technologies.
Financial Information: Billing addresses, payment details, and transaction records for service delivery and accounting purposes.
Marketing Data: Communication preferences, event participation, and marketing campaign responses.
We do not intentionally collect sensitive personal data unless specifically required for service delivery and with your explicit consent.
Service Delivery: Providing Japan market entry consulting and digital marketing services, communicating about projects, analyzing market conditions, and coordinating with partners.
Business Operations: Processing payments, maintaining client relationships, improving services, and conducting business development activities.
Marketing Communications: Sending newsletters, industry insights, and event invitations to consenting recipients, and maintaining client relationships.
Legal Compliance: Complying with Estonian and EU legal obligations, responding to legal requests, protecting our rights, and preventing fraud.
Website Analytics: Understanding website usage patterns, improving user experience, and measuring marketing effectiveness.
We may share personal data with:
Service Providers: Third-party providers assisting with hosting, email services, payment processing, and analytics, all bound by contractual data protection obligations.
Business Partners: Trusted partners in Japan and other markets collaborating on service delivery, subject to appropriate confidentiality agreements.
Legal Authorities: Government agencies and law enforcement when required by law or necessary to protect our legal interests.
Professional Advisors: Lawyers, accountants, and auditors providing services to us, subject to confidentiality obligations.
We do not sell personal data for marketing purposes.
Given our specialization in Japan market entry, we may transfer personal data to Japan, which has received an adequacy decision from the European Commission ensuring comparable data protection to the EU.
For transfers to countries without adequacy decisions, we implement appropriate safeguards such as:
We retain personal data only as long as necessary for collection purposes:
Client Data: Retained during active relationships and for seven years thereafter to comply with Estonian legal requirements.
Marketing Data: Retained until consent withdrawal, deletion request, or when no longer relevant for marketing purposes.
Website Analytics: Technical data typically retained for 24 months before anonymization or deletion.
Legal Records: Data retained for periods required by law or until legal matters are resolved.
Under GDPR, you have the following rights:
Access: Request confirmation of processing and copies of your personal data.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of personal data in certain circumstances.
Restriction: Request limited processing in specific situations.
Portability: Receive your data in structured, machine-readable format for transfer to another controller.
Objection: Object to processing based on legitimate interests or for direct marketing purposes.
Withdraw Consent: Withdraw consent for consent-based processing at any time.
To exercise these rights, contact us using the information below. We will respond within one month, though complex requests may require up to three months.
We implement appropriate technical and organizational measures including:
Encryption: SSL/TLS encryption for data transmission and encryption at rest for sensitive stored data.
Access Controls: Role-based access restrictions and regular access reviews for authorized personnel only.
Security Training: Regular staff training on data protection and security best practices.
Vendor Management: Contractual security requirements for all service providers handling personal data.
Incident Response: Procedures for detecting, investigating, and responding to security incidents with appropriate notifications.
Our website uses cookies to enhance user experience and analyze usage:
Essential Cookies: Necessary for website functionality and cannot be disabled.
Analytics Cookies: Help us understand website usage through tools like Google Analytics.
Marketing Cookies: Track browsing for relevant advertising and campaign measurement.
Preference Cookies: Remember settings like language preferences.
You can manage cookie preferences through our cookie banner and browser settings. Note that disabling certain cookies may affect website functionality.
Our services target business professionals. We do not knowingly collect data from individuals under 16. If we discover such collection, we will promptly delete the information.
We may update this policy to reflect changes in practices, legal requirements, or business operations. Significant changes will be communicated through appropriate channels with updated effective dates posted on our website.
For questions about this Privacy Policy or to exercise your data protection rights:
KAIZEN Digital OÜ
You may lodge complaints with the Estonian Data Protection Inspectorate:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)