Legal
Privacy Policy
This Privacy Policy explains how KAKK Partners processes personal data when you use kakk.chocokoo.ee.
Last updated: 18 May 2026
This Privacy Policy explains how KAKK Partners OÜ processes personal data when you use kakk.chocokoo.ee.
This website is an informational website. It does not provide e-commerce, online accounts, online payments, or order processing.
1. Controller
The controller of personal data is:
KAKK Partners OÜ
Registry code: 16707322
Address: Põdra 30, Tallinn 10915, Estonia
Email: kakk@chocokoo.ee
For privacy-related questions, contact us at kakk@chocokoo.ee.
2. What Personal Data We Process
We may process the following personal data:
| Situation | Personal data |
|---|---|
| Contact form | Name, email address, phone number if provided, company name if provided, message content, date and time of submission |
| Email communication | Email address, message content, attachments if sent, communication metadata |
| Website security and technical operation | IP address, browser/device information, server log data, date and time of visit, page requests |
| reCAPTCHA protection | Interaction data, device/browser data, IP address, reCAPTCHA token, risk score or assessment result |
| Cookie consent management | Cookie consent status, consent ID, or similar technical consent record |
We ask you not to send sensitive personal data through the contact form unless it is necessary for your enquiry.
3. Why We Process Personal Data and Legal Bases
| Purpose | Legal basis |
|---|---|
| To receive and respond to enquiries sent through the contact form | Legitimate interest: responding to business enquiries; or steps before entering into a contract if your enquiry concerns potential cooperation |
| To manage business communication | Legitimate interest or contract-related communication |
| To protect the website against spam, bots, abuse, and malicious traffic | Legitimate interest: website and communication security |
| To operate the website technically and maintain security logs | Legitimate interest: secure and reliable website operation |
| To store cookie consent choices | Legal obligation and legitimate interest in documenting consent choices |
| To comply with legal obligations | Legal obligation |
4. Contact Form
When you submit the contact form, we use the information you provide to read, assess, and respond to your message.
We do not use contact form submissions for automated marketing. We do not sell personal data.
5. reCAPTCHA
We use reCAPTCHA to help protect the website and contact form from spam, automated submissions, fraud, and abuse.
reCAPTCHA may process technical and interaction data, including IP address, browser and device information, user interaction signals, and a reCAPTCHA token or assessment result.
This site is protected by reCAPTCHA.
Starting from 2 April 2026, Google states that reCAPTCHA customers are
the sole data controllers for reCAPTCHA Customer Data and that Google
processes such data under the Google Cloud Terms of Service and Cloud
Data Processing Addendum. Google also states that the
_grecaptcha cookie remains in use.
6. Cookies and Consent
We use Cookiebot to manage cookie consent and provide cookie information.
Essential cookies and similar technologies may be used to operate the website, maintain security, remember consent choices, and protect the contact form.
Non-essential cookies, if any are added later, should only be used according to the consent choices shown in the cookie banner.
You can change or withdraw cookie consent through the cookie settings link on the website.
7. Recipients and Processors
We may share personal data with service providers only where needed for website operation, hosting, security, communication, or legal compliance.
These may include:
- website hosting provider;
- WordPress, theme, plugin, and maintenance providers;
- email service provider;
- Cookiebot or cookie consent provider;
- Google as reCAPTCHA processor;
- legal, accounting, or IT-security advisers where necessary.
We do not sell personal data.
8. International Transfers
Some service providers may process data outside the European Economic Area.
Where this happens, we rely on appropriate safeguards required by GDPR, such as an adequacy decision, standard contractual clauses, or other lawful transfer mechanisms.
9. Retention
We keep personal data only for as long as needed for the purposes described above.
Suggested retention periods:
| Data type | Suggested retention |
|---|---|
| Contact form submissions | Up to 24 months after the last communication, unless a longer period is needed for a business relationship, legal claim, or legal obligation |
| Business email correspondence | Up to 5 years where needed for business records or legal protection |
| Server/security logs | Usually 30–90 days, unless longer retention is needed to investigate abuse or security incidents |
| Cookie consent records | For the period needed to document consent choices |
| reCAPTCHA-related data | According to the applicable service configuration and Google Cloud processing terms |
Adjust these retention periods to match your actual hosting, email, WordPress form, and Cookiebot settings.
10. Your Rights
Subject to GDPR conditions and limits, you may have the right to:
- access your personal data;
- correct inaccurate personal data;
- request deletion of personal data;
- restrict processing;
- object to processing based on legitimate interests;
- receive personal data in a portable format where applicable;
- withdraw consent where processing is based on consent;
- lodge a complaint with a data protection authority.
To exercise your rights, contact us at [privacy/contact email].
11. Complaint Authority
You may contact us first if you have a privacy concern.
You also have the right to lodge a complaint with a data protection authority in the EEA country where you live, work, or where the alleged infringement took place.
In Estonia, the relevant authority is the Andmekaitse Inspektsioon / Estonian Data Protection Inspectorate.
Website:
https://www.aki.ee
Address: Tatari 39, Tallinn 10134, Estonia
Phone: +372 627 4135
Email:
info@aki.ee
12. Automated Decision-Making
We do not use personal data for automated decision-making that produces legal or similarly significant effects.
reCAPTCHA may automatically assess whether a website interaction appears legitimate or abusive for security purposes. This may affect whether a contact form submission is accepted, blocked, or flagged for review, but it does not make legal or similarly significant decisions about you.
13. Security
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.
14. Changes to This Privacy Policy
We may update this Privacy Policy when our website, services, tools, or legal obligations change.
The latest version will be published on this page.