Introduction

The right to the protection of privacy is enshrined in the Estonian Constitution and the European Convention on Human Rights. Bobobite OU and its employees are committed to ensuring that the privacy of its customers and the customers of its customers are protected against unwanted and unexpected consequences.

The European and Estonian legislators help with this. It has legislation that largely determines how different organizations that work together should deal with this. That legislation is the GDPR (and GDPR in a European context).

Contact Information

Bobobite OU, here referred to as "Bobobite", "Company", "we", etc., commits to the compliance with data protection laws and the following Privacy Policy states the practices that are used by us to collect personal data.

Welcome to our site www.bobobite.com named hereafter the "Website". At Bobobite, named hereafter "We or we", we value our clients and visitors' privacy. Therefore, we do our best effort to comply to the rules imposed by the EU General Data Protection Regulation ("GDPR").

Below we describe the information we collect, how we use it and your choices regarding this information.

You may contact us using any of the methods listed below.

• Via our contact form
• Via mail: Harju maakond, Tallinn, Kristiine linnaosa, Seebi tn 1-1501, 11316/ Estonia
• Via e-mail: hello@bobobite.com

1. Who Is the Data Controller

Data Controller: Bobobite OU
Address: Harju maakond, Tallinn, Kristiine linnaosa, Seebi tn 1-1501, 11316/ Estonia
E-mail: hello@bobobite.com

2. Personal Data We Collect

What is personal data?

In this Privacy Policy, "personal data" means any information relating to you as an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

For the avoidance of doubt, personal data does not include data from which you cannot be identified (which is referred to simply as data, non-personal data, anonymous data, or de-identified data)

In this Privacy Policy, "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

We may collect the following categories of personal data:

Personal Data You Voluntarily Submit to Us

We collect information from you when you fill out a form or enter information on our site, such as:

• Full name
• Email address
• Company
• Phone number
• Message
• Additional personal data as is contained in the messages / job applications

Automatically Collected Data

Through cookies and analytics, we may collect:

• Users' device information,
• Operating system information,
• IP address information,
• and accessed web pages (including page URL).

We collect this information based on our legitimate interest to operate, maintain, and provide you with the features and functionality of the Service. This information will help us to allow you to use the service's functionality.

• Log files (including the following information: Internet Protocol ("IP") address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information),
• The domain name of users' Internet Service Provider

We process this information for technical maintenance and security purposes. Moreover, the information is used to improve the Service, ensure its stability, and enable you to use the Service. The legal basis for such processing is our legitimate interest to analyze how the Service is used, diagnosing service or technical problems, or maintaining security.

• Location information (general) extracted from your first IP address numbers

is processed to improve your user experience by making a personalised interface. The processing is based on our legitimate interest to personalise your user experience.

• Pages you visit, the time and date of your visits

This helps us understand which pages are most popular, evaluate traffic patterns and improve user experience.

• Clickstream behaviour

We collect information about the sequence of clicks and navigation paths to analyse how users interact with our website and identify areas for improvement.

• Session duration

We measure how long users stay on our site to assess engagement levels and enhance content effectiveness.

• The links you click

Link interaction data helps us evaluate the relevance and performance of website elements and improve site structure.

Some data is anonymously collected through cookies or other similar technologies. To find out more, please refer to section 8 of this Privacy Policy.

3. Purposes of the Data Processing

Bobobite will use data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. We take reasonable steps to ensure that the personal data is relevant to its intended use, accurate, complete and current.

Your personal data stays strictly confidential and will in no way be communicated to third parties or used for direct marketing purposes unless we therefore have obtained your consent, unless we have a legitimate interest to process your information. Your consent can be revoked at any time, without justification, and freely by email at hello@bobobite.com

General purposes

We collect personal data from our website visitors to:

• analyse profile and or behavioural data to help us improve the services we offer to you
• operate and optimize our website
• enable us to provide you with the services and information offered through the Website and which you request
• administer the technical aspects of the Website and applications
• improve our services by compiling anonymous visitor statistics
• analyse website traffic and improve user experience
• lead an investigation regarding the quantity of visits on the different parts of the Website
• improve security
• comply with legal and regulatory obligations

Serious violations

Upon request and in case of serious violations of rules of conduct, user's data can be provided to the police.

4. Data Sharing and Third Parties

We may share data with:

• Service providers and contractors
• Web hosting providers
• Digital marketing platforms
• Analytics providers (e.g., Google Analytics)
  Uses cookies and aggregates website navigation data on our domain. Information is automatically ingested by Google and collected in the US.
• Legal authorities when required

We do not sell or rent personal data to third parties.

5. Duration of the Retention of the Data

All personal data is kept as long as necessary to achieve the purposes determined in this Policy for which it has been collected unless a longer retention period is required by the law.

6. Where Your Personal Data Is Processed

Most of the information that you submit via the Site is sent to and stored on secure servers located in Turkey.

We also use third-party email services to manage our regular communications: Gmail. Some are companies based in the US.

Whenever we transfer your personal data outside of the European Economic Area (EEA) we ensure that a country's data protection laws have been assessed as adequate by the European Commission, and if not, we ensure we have standard contractual clauses (and perform transfer impact assessments) in place as a safeguard for such transfers.

Your personal data on our Site may be used and shared by all our offices around the world. We keep your information confidential but may share it with our shareholders, subsidiaries and business partners where necessary.

When you contact us through our forms, request whitepapers or subscribe to our newsletter, you agree to your data being stored this way.

7. International Data Transfers

Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor we will impose the same data protection safeguards that we deploy inside the EEA.

Some service providers may be located outside the EEA. When transferring personal data internationally, we rely on:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Appropriate technical and organizational safeguards

8. Your Rights

You have certain rights under applicable legislation, and in particular under the GDPR. We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission's website.

You have the right, free of charge, to access, rectify, transfer, restrict the processing or, if legally possible, ask the erasure of the personal data that you have communicated to Bobobite.

You can exercise these rights by contacting us by mail at hello@bobobite.com. Please note that the right to object requires a motivation unless it relates to the processing for direct marketing purposes. We will treat your request in maximum 30 days following your request or longer if the process is complex.

Always add a copy of your identity card, so we can verify that it is certainly you. If you can't provide us with the requested information, we can refuse your access to certain services. You are solely responsible for the accuracy and completeness of all information that you provide to us.

If we process your personal data you have – after successful identification – the following rights towards us:

• Right to information/access (Article 15 GDPR)
  • You have the right to request confirmation as to whether we process your personal data and, where this is the case, to access such data and obtain a copy, along with additional information about how it is used.
• Right to erasure ("right to be forgotten") (Article 17 GDPR)
  • In certain circumstances, such as where data is no longer necessary for the purposes for which it was collected, or where consent has been withdrawn, you may request that we delete your personal data.
• Right to rectification (Article 16 GDPR)
  • If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion.
• Right to restriction of processing (Article 18 GDPR)
  • You may request the restriction of processing where:
    • the accuracy of the data is contested,
    • processing is unlawful,
    • we no longer need the data but you require it for legal claims, or
    • you have objected to the processing pending verification.
• Right to data portability (Article 20 GDPR)
  • You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller where processing is based on consent or contract.
• Right to withdraw consent (Article 7(3) GDPR)
  • Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.
• Right to object to certain data processing activities (Article 21 GDPR)
  • You have the right to object to processing based on legitimate interests, including profiling, at any time. We will no longer process your data unless we demonstrate compelling legitimate grounds.
• Right to lodge a complaint (Article 77 GDPR)
  • You have the right to lodge a complaint with a supervisory authority, particularly in the country of your habitual residence, place of work, or place of alleged infringement.

Exercising Your Rights

To exercise any of your rights, please contact us at: hello@bobobite.com

We may need to verify your identity before fulfilling your request to ensure the security of your data. Requests are handled free of charge, unless manifestly unfounded or excessive, in which case a reasonable administrative fee may be charged in accordance with GDPR.

9. Use of Cookies, Consent Management and Other Similar Technologies

Certain data is anonymously collected through cookies and other similar technologies.

What is a cookie?

A cookie is a small file stored on your device or browser by a website, an app, online media or advertisements. This way, the website can honour your preferences during the use of our website. The collected data is then analysed to facilitate your browsing and personalize your experience on the website.

Some of the cookies used on our Website are set by us, and some are set by third parties who are delivering services on our behalf. For more information about the different types of cookies, our cookie policy and how to change your cookie preferences, please read the Bobobite Cookie Policy.

In a nutshell;

Our website uses cookies to personalize content, provide social media features, and analyse traffic.

We use a Consent Management Platform to enable users to:

• Accept or reject optional cookies
• Modify consent settings at any time
• Access cookie category explanations

You may manage your preferences through our cookie banner at any time.

For more information, please refer to our Cookie Policy.

10. Security and Confidentiality

We have developed technically and organizationally appropriate security rules in order to avoid the destruction, loss, forgery, modification, forbidden access and mistaken communication to third parties of your personal data. To accomplish this, we:

• use a Secure Socket Layer (SSL) encryption which encrypts your information before it is sent to us to ensure that all data passed between the web server and browser remain private
• periodically review and enhance as necessary our security and privacy policies
• only give access to personal information to authorised personnel
• keep our servers within the Economic European Area (EEA) or non-EU countries. We ensure that a country's data protection laws have been assessed as adequate by the European Commission, and if not, we ensure we have standard contractual clauses (and perform transfer impact assessments) in place as a safeguard for such transfers.

We are in no way liable for any direct or indirect damages resulting from the unauthorized access of your personal data by a third party such as hackers. Your use of our Website demonstrates your assumption of this risk.

The Website can include links, hyperlinks or references to other websites, that are not controlled or managed by us and to where our Privacy and Cookie Policy do not apply. We are not liable for the content of these websites, or for the offers, products and services offered by those. We encourage all users to read the privacy statements of the visited websites.

11. General Provisions

Changes to privacy policy

We may amend our privacy policy from time to time by changing it on the Website. This way, you are always aware of what information we collect and how we use it.

We recommend to periodically review the Privacy Policy to stay up-to-date about our privacy practices. However, if we plan to materially change the way in which we use or disclose your personally identifiable information, we will provide you with prior notice and a chance to opt-out of such differing uses.

This privacy policy was last updated on the 15th of December 2025. As long as you use www.bobobite.com, you are agreeing to this Privacy Policy and any updates we make to it.

Applicable law and jurisdiction clause

Together with our Cookie Policy, the Privacy Policy shall be governed, interpreted and executed in accordance with Estonia law, which is exclusively applicable to any eventual dispute. Only the courts of Estonia are competent to adjudicate with disputes arising out of or connected to our Privacy and Cookie Policy.

Submit a complaint

If you feel that we are not helping you in the right way, you are of course entitled to file a complaint before the Estonian Data Protection Authority.