Back to home
Legal

Privacy Policy

How PentaFrame OÜ collects, uses, stores, protects and discloses personal data when you use the website, contact us or interact with our services.

Last updated: 20 May 2026

1. Company Information and Data Controller

The data controller responsible for the processing of personal data under this Privacy Policy is PentaFrame OÜ. Registry code: 17177435. VAT number: EE102867248. Registered office: Harju maakond, Tallinn, Tööstuse tn 48, 10416, Estonia. Email: info@pentaframe.it. Website: www.pentaframe.it.

For any privacy-related request, you may contact us at info@pentaframe.it.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed in connection with:

  • Access to and use of our website.
  • Contact forms, emails, calls and other communications.
  • Requests for quotations, proposals, consultations or business information.
  • Pre-contractual and contractual relationships with clients, suppliers, partners and collaborators.
  • Delivery of software development, AI, automation, cybersecurity, consulting, web development and digital transformation services.
  • Recruitment, collaboration or partnership discussions, where applicable.
  • Technical, analytical and security activities related to our website and systems.

This Privacy Policy does not apply to third-party websites, platforms, software or services that may be linked from our website or used independently by the user.

3. Categories of Personal Data We May Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Identification and contact data, such as full name, company name, job title or role, email address, phone number, country, city, business location or business address.
  • Business and project data, such as company information, project requirements, technical specifications, files, materials, budget, timeline, operational needs and project communications.
  • Technical and usage data, such as IP address, browser, device, operating system, pages visited, date and time of access, referring source, approximate location, usage patterns, error logs and security logs.
  • Communication data contained in emails, contact form submissions, meeting notes, support requests, business messages, attachments, screenshots or technical materials voluntarily provided to us.
  • Billing and administrative data, such as billing details, VAT number, tax identification details, invoice information, payment status, contractual records and accounting documentation.

We do not intentionally request or collect special categories of personal data, such as health data, political opinions, religious beliefs, biometric data, sexual orientation, trade union membership or criminal offence data, unless strictly necessary for a specific service and covered by an appropriate legal basis, written agreement or explicit instruction.

You should not send us sensitive personal data unless it is strictly necessary for the requested service and we have agreed in writing how such data will be handled.

4. How We Collect Personal Data

We may collect personal data in the following ways:

  • Directly from you when you contact us.
  • Through our website forms or email address.
  • During calls, meetings or commercial discussions.
  • When you request a quotation, proposal or technical consultation.
  • When you provide documents, credentials, files or project information.
  • Automatically through website technologies such as cookies, logs and analytics tools, where used.
  • From public sources, business directories or professional networks, when relevant to a legitimate business relationship.
  • From clients, suppliers or partners in the context of a project or collaboration.

5. Purposes of Processing

We may process personal data to:

  • Respond to inquiries, messages, contact form submissions, requests for information, quotation requests, project discussions and support requests.
  • Evaluate potential projects, prepare proposals, estimate costs, define requirements, assess feasibility, arrange calls and negotiate commercial terms.
  • Provide agreed services, including software development, web development, AI systems, automation, cybersecurity consulting, systems integration, technical support and digital consulting.
  • Manage client relationships, coordinate tasks, share updates, receive feedback, organize meetings, document decisions and maintain business communication.
  • Configure, develop, test, deploy, maintain, monitor and improve websites, platforms, databases, automations, AI systems, integrations and digital tools.
  • Protect our website, systems, infrastructure, clients and business operations from unauthorized access, misuse, cyber threats, malware, abuse, fraud or unlawful activity.
  • Comply with legal obligations, maintain accounting records, issue invoices, respond to lawful requests, manage tax documentation and preserve evidence of business transactions.
  • Analyze website usage, improve user experience, optimize our services, troubleshoot issues and develop better internal processes.
  • Send relevant professional communications, updates or information about our services where permitted by law. You may object to such communications at any time.

6. Legal Bases for Processing

We process personal data only when we have a valid legal basis under applicable data protection law. The legal bases may include:

  • Consent, where you voluntarily provide information, subscribe to communications, accept cookies or give specific permission for a defined processing activity.
  • Performance of a contract, where processing is necessary to provide services under a contract or to take steps before entering into a contract.
  • Legal obligation, where processing is necessary to comply with tax, accounting, corporate, regulatory or legal obligations.
  • Legitimate interest, where processing is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms.
  • Establishment, exercise or defence of legal claims, where processing is necessary to protect our legal rights, enforce agreements, resolve disputes or defend against claims.

Legitimate interests may include business communication, website security, fraud prevention, service improvement, internal administration, B2B relationship management and protection of legal claims.

7. Cookies and Similar Technologies

Our website may use cookies or similar technologies to operate properly, improve performance, analyze traffic and enhance user experience.

Cookies may include:

  • Strictly necessary cookies required for website operation.
  • Functional cookies used to remember preferences.
  • Analytics cookies used to understand website traffic and performance.
  • Security cookies used to protect the website.
  • Marketing or tracking cookies, only where applicable and permitted by law.

Where required, non-essential cookies will be used only after obtaining appropriate consent through a cookie banner or consent management tool.

You can manage or disable cookies through your browser settings. However, disabling certain cookies may affect website functionality.

8. Analytics and Tracking

We may use analytics tools to understand how visitors use our website, measure performance, identify errors and improve content.

Analytics data may include technical and usage information such as pages visited, time spent on pages, approximate location, device information and traffic source.

Where required by law, analytics tools will be configured with appropriate safeguards, such as IP anonymization, consent management or reduced tracking settings.

9. AI, Automation and Data Processing Services

PentaFrame may provide services involving artificial intelligence, automation, document analysis, internal knowledge bases, semantic search, software agents, data extraction or workflow optimization.

When we process personal data on behalf of a client within a project, the client may act as data controller and PentaFrame may act as data processor. In such cases, the processing may be governed by a separate Data Processing Agreement, project contract or written instructions from the client.

Clients are responsible for ensuring that they have a lawful basis to provide personal data to PentaFrame and to use AI, automation or data-processing tools in their own operations.

PentaFrame does not intentionally use client confidential data or personal data for unrelated purposes, model training or third-party commercial exploitation unless expressly agreed in writing and legally permitted.

10. Cybersecurity and System Logs

For security reasons, we may process technical logs, access records, security events, IP addresses and system activity data.

This processing may be necessary to:

  • Detect suspicious activity.
  • Prevent unauthorized access.
  • Investigate incidents.
  • Protect client systems.
  • Maintain infrastructure security.
  • Ensure continuity and integrity of services.

Security-related logs may be retained for a period reasonably necessary to protect our systems, investigate incidents, comply with legal obligations or defend legal claims.

11. Data Sharing and Recipients

We do not sell personal data.

We may share personal data only where necessary and lawful, including with:

  • Hosting providers.
  • Cloud infrastructure providers.
  • Email and communication service providers.
  • Analytics and website technology providers.
  • Payment, billing and accounting service providers.
  • Legal, tax, accounting or professional advisors.
  • Software tools used for project management, development, support or security.
  • Contractors, developers or technical collaborators working under confidentiality obligations.
  • Public authorities, courts or regulators where legally required.
  • Business partners, only where necessary for a specific project and subject to appropriate safeguards.

Any third-party service provider must process personal data only as necessary to provide its services and, where applicable, under appropriate contractual obligations.

12. International Data Transfers

Because PentaFrame provides digital services and may use cloud-based technologies, personal data may be processed in countries outside Estonia or the European Economic Area.

Where personal data is transferred outside the European Economic Area, we will take appropriate safeguards where required by law. These may include:

  • Adequacy decisions.
  • Standard Contractual Clauses.
  • Data processing agreements.
  • Security and confidentiality obligations.
  • Technical and organizational protection measures.

13. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Retention periods may depend on the nature of the relationship with you, the purpose of the processing, contractual obligations, legal, tax and accounting requirements, security needs, potential disputes or legal claims and technical backup cycles.

In general:

  • Contact and inquiry data may be retained for a reasonable period after the last communication.
  • Client and project data may be retained for the duration of the business relationship and for a reasonable period afterward.
  • Billing, accounting and tax records may be retained for the period required by applicable law.
  • Technical and security logs may be retained for the period necessary for security, troubleshooting and compliance purposes.

When personal data is no longer required, we will delete, anonymize or securely archive it where appropriate.

14. Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure or destruction.

Security measures may include:

  • Access controls.
  • Password protection.
  • Secure communication channels.
  • Encryption where appropriate.
  • Role-based access to internal systems.
  • Backups and recovery procedures.
  • Security monitoring.
  • Confidentiality obligations for collaborators.
  • Regular review of technical infrastructure.

However, no digital system, website, cloud service or internet transmission can be guaranteed to be completely secure. Users and clients are also responsible for maintaining the security of credentials, accounts, devices and systems under their control.

15. Data Breaches

In the event of a personal data breach, we will assess the nature and severity of the incident and take appropriate steps to contain, investigate and mitigate the breach.

Where required by applicable law, we will notify the competent supervisory authority and/or affected individuals within the required timeframe.

16. Your Rights

Subject to applicable law and possible limitations, you may have the following rights:

  • Right of access: to request information about the personal data we process about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of personal data where legally applicable.
  • Right to restriction: to request limitation of processing in certain circumstances.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive personal data in a structured, commonly used and machine-readable format, where applicable.
  • Right to withdraw consent: where processing is based on consent.
  • Right to lodge a complaint with a competent data protection authority.

To exercise your rights, please contact us at info@pentaframe.it. We may need to verify your identity before responding to your request.

17. Supervisory Authority

If you believe that our processing of personal data violates applicable data protection law, you may lodge a complaint with the competent data protection authority.

As PentaFrame OÜ is established in Estonia, the relevant supervisory authority may be the Estonian Data Protection Inspectorate, without prejudice to your right to contact another competent authority depending on your location and circumstances.

18. Children's Privacy

Our website and services are not directed to children under the age of 16.

We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate authorization, we will take steps to delete such data where required.

19. Third-Party Links

Our website may contain links to third-party websites, platforms or services.

We are not responsible for the privacy practices, security, content or legal policies of third-party websites. You should review the privacy policies of any third-party website or service before providing personal data.

20. Client Data and Confidential Materials

During a project, clients may provide us with documents, datasets, credentials, business information, technical files, user data, databases, source code, infrastructure access or other confidential materials.

Such materials will be handled according to the applicable agreement, confidentiality obligations and project requirements.

Clients must ensure that they have the necessary rights, authorizations and legal basis to share such materials with PentaFrame.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, website, technologies, legal obligations or business operations.

The updated version will be published on this page with a revised Last updated date.

Your continued use of the website after any update means that you have read the updated Privacy Policy.

22. Contact

PentaFrame OÜ. Registry code: 17177435. VAT number: EE102867248. Registered office: Harju maakond, Tallinn, Tööstuse tn 48, 10416, Estonia. Email: info@pentaframe.it. Website: www.pentaframe.it.

23. Legal Notice

This Privacy Policy is provided for general informational purposes and is intended to describe PentaFrame's approach to personal data protection. It does not constitute legal advice. For full legal compliance, this document should be reviewed and adapted by a qualified legal professional based on the exact technologies, cookies, analytics tools, data flows, contracts and services used by PentaFrame.