25. May 2018

Privacy Policy

Last Modified: 4th January 2020.

Valithea OÜ (“We” or “Valithea”) are committed to protecting and respecting your privacy.

This privacy statement (together with our Terms & Conditions and any other policies referred to in it) explains what information we gather about you, what and how we use that information, the lawful basis on which that information is used and who we give that information to. It also sets out your rights and our obligations in relation to your information and who you can contact for more information or queries.

Valithea offers services almost exclusively to registered businesses, individuals in the process of forming a business or investors who may purchase business services as individuals or businesses. This privacy statement is important as we are required to gather personal information when completing business consulting projects and as we offer the possibility to purchase services online on www.valithea.com. In the process, we strive to protect your personal data and to use them only in ways that benefit you, to complete the services you purchased and to operate our day to day business. When doing this we are committed to complying with applicable laws and have included extensive information on the possible uses of personal data as well as details on the way these are processed. If you have any questions or require clarifications, you can contact us.

The name of the data controller is: Olivia Passoni.

Who this privacy statement applies to and what it covers

This privacy statement sets out how we will collect, handle, store and protect information about you when providing services to you , or performing any other activities that form part of the operation of our business.

This privacy statement also contains information about when we share your personal information with other members of our group and other third parties (for example, third parties carrying out due diligence activities on our behalf).

In this privacy statement, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.


We understand the importance of protecting children’s privacy. Our website is not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

What information we collect

We may collect and process personal data about you because you give it to us, because other people give that data to us (for example, our clients) or because it is publicly available.

The personal data that we collect or obtain may include: your name; gender; e-mail address; your phone number or Skype ID; company address; country of residence; personal characteristics and behaviours (for example, soft skills used for professional purposes); employment and education details; your IP address; your browser type and language; your access times; complaint details; details of how you use our products and services; your payment and tax details, your reviews about our services; details of how you like to interact with us and other similar information.

  • If you provide Information to us by email, phone or in person, or by filling in order forms on our website. This may include information provided at the time of purchase of our services, sending messages, information collected during our projects and information you shared with us during interviews.
  • Details of transactions you carry out via our website and projects that we collaborate on together.
  • We may ask you for information when you report an issue or concern or we have or receive a complaint or query about you.
  • We may keep a record of correspondence between you and us.
  • We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

We may collect and process personal data about you from other sources as follows:

  • We sometimes supplement the information that you provide with information received from third parties. For instance, credit reference agencies, search information providers, LinkedIn, Paypal, other companies (subject to their privacy policies and applicable law), and from other accounts we have reason to believe you control (whether in part or in whole).
  • Where we are provided with personal data about you by any third party such as a service provider, we take steps to ensure that that third party has complied with the privacy laws and regulations relevant to that information; this may include, for example, that the third party has provided you with notice of the collection (and other matters) and has obtained any necessary consent (if applicable) for us to process that information as described in this privacy statement.

Contractor Data

We collect personal data about our prospective, current and former service providers as follows: basic identification information, such as your name, title, professional history, experience, bank account, tax details and contract details.

Use of Personal Data

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication to quickly process your transaction, schedule the meetings and provide you with the assistance you requested, as well as to collect reviews on the services provided. We may also contact you after some time the service has ended to collect statistics on the performance and the effect of our work.

We will mainly collect your email address and other details in order to:
       Send information, respond to inquiries, and/or other requests or questions
       Process orders and to send information and updates pertaining to orders.
       Send you additional information related to your product and/or service
       Provide you with personalised discounts that are connected to your email address
       Carry out any service that you request from us

We will use your personal data to fulfill your requests and we will ask only for data that is adequate, relevant and not excessive for those purposes. Where we send you information for any purpose, it may be sent by e-mail or post. When we ask you for personal data it may also include the following purposes, which will mainly involve personalised emails to fulfill our consultant-client relationship:

  • We may contact you occasionally to inform you of new products and services we will be providing;
  • We may send you updates on issues we think will be of interest to you;
  • We may ask you for updates on your business performance to provide assistance and measure the effectiveness of our past work delivered
  • We may send you requested information on our products and services;
  • We may use your personal data for marketing purposes and market research;
  • We may interview you as expert and publish an article about you, only when you agree to it in writing;
  • We may use your personal data internally to provide you with the services offered by us via this website, to administer this website and to help us improve our services.
  • We may use your personal data for managing and making information available to third party service providers (e.g. providers of due diligence services or in order to support our information technology) and our affiliates.
  • We may use your personal data to allow you to participate in interactive features of our service when you choose to do so;
  • We may use your personal data to notify you about changes to our services, terms and conditions, policies or website.
  • We may use your personal data to manage risk, or to investigate, detect, prevent, and/or remediate fraud, suspected fraud or other potentially illegal or prohibited activities.
  • We may use your personal data pursuant to applicable legal or regulatory requirements or to respond to requests and communications from competent authorities (including courts and tribunals).
  • We may use your personal data for the services we receive from our professional advisors, such as lawyers, accountants and consultants.
  • We may use your personal data for protecting our rights, those of our clients, or protecting those of our affiliates.
  • We may publish opinions and reviews about our services that you have shared with us and have given consent to publish. However, we are not bound not publish any review that we do not consider suitable or useful.
  • We may publish brief information about your company’s achievements as a result of our work with you, and the agreed goals that your company met.

None of the information that we request from you is mandatory. However, where such information is not provided to us, Valithea may be unable to carry out a scheduled project or process a transaction.

The legal grounds we use for processing personal information

We are not allowed to process personal information if we do not have a valid legal ground. Therefore, we will only process your personal information for the purposes outlined above because:

  • of our legitimate interests in the performance of activities that form part of the operation of our business;
  • of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests or fundamental rights and freedoms;
  • of the legal and regulatory obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
  • the information is required in order to carry out the activities that form part of the operation of our business(e.g. the processing is necessary to perform our contractual obligations towards you).

Examples of the ‘legitimate interests’ referred to above are:

  • to benefit from cost-effective services (e.g. we may opt to use certain IT platforms offered by suppliers);
  • to verify the accuracy of information provided by a third party;
  • to prevent fraud or criminal activity;
  • to safeguard the security of our IT systems and
  • to exercise our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property.

To the extent that we process any sensitive personal data relating to you for any of the purposes outlined above, we will do so because either: (i) we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti money laundering’ obligations (or other legal obligations imposed on us); (ii) the processing is necessary to carry out our obligations under employment, social security or social protection law; (iii) the processing is necessary for the establishment, exercise or defence of legal claims; or (iv) you have made the data manifestly public.


We may, from time to time, and only if you expressly subscribed to our newsletter, e-mail or post you information to make you aware of our other similar products and services which may be of interest to you, latest blog posts, events and information about our business. If you do not wish to receive emails or post from us for these purposes, or if you want to be removed from our electronic mailing list you can either select “unsubscribe” from any of the marketing emails that we send or alternatively contact us.

Anonymous data collected through this website

In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses and which web browsers our visitors use. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website.

Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks.

Links to other websites

This website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their data or privacy practices. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal data about yourself.


Our store is hosted on WooCommerce (Automattic, Inc.). They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data may be stored through WooCommerce’s data storage, databases and the general WooCommerce application. They store your data on a secure server.

If you choose a direct payment gateway to complete your purchase, then WooCommerce stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read WooCommerce’s Terms of Service or Privacy Statement.

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms & Conditions.


In order to collect the anonymous data described in the preceding paragraph, we may use temporary “cookies” that remain in the cookies file of your browser until the browser is closed. Cookies are mainly used by third-party applications used on the website and not directly under our control. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie.

This enables you to decide if you want to accept it or not. An IP address is a numeric code that identifies your computer on a network, or in this case, the internet. Your IP address is also used to gather broad demographic information. We may also perform IP lookups to determine which domain you are coming from (i.e.: aol.com, yourcompany.com) to more accurately gauge our users’ demographics.

Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at.

Disclosure of your Personal Data

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. We do not allow third-party behavioral tracking.

In connection with one or more of the purposes outlined in the “Use of personal data” section above, we may disclose details about you to: our affiliates; third parties that provide services to us and/or our affiliates, such as our lawyers; competent authorities (including courts and supervisory or other authorities); your advisers or where applicable, your employer or employees; credit reference agencies or other organisations that help us make decisions and reduce the incidence of fraud; and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Use of personal data” section above.

Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable law.

Where you have consented, we may also share your personal data with other companies who may request references and opinions on your previous work with Valithea.

Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. To ensure this level of protection for your personal information, we typically use a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission.

Protection of your personal data

We have implemented adequate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing by using an encrypted cloud storage. The storage is only used for client projects, whereas contact details and general project statistics are saved on a non-encrypted device.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

We do not use vulnerability scanning and/or scanning to PCI standards, as an external PCI compliant payment gateway handles all CC transactions. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
All transactions are processed through a gateway provider and are not stored or processed on our servers.

How long we keep your information for

We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for the relevant activity (which is typically 7 years); (ii) any retention period that is required by law or regulation; or (iii) the end of the period in which litigation or investigations might arise in respect of our activities.

As a valuation services provider, Valithea is committed to complying with the practice of keeping valuation projects workfiles for a minimum of 7 years, unless we have been legitimately ordered to destroy all information.

Your rights

You have various rights in relation to your personal data. In particular, you have a right to:

  • request a copy of personal data we hold about you
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data
  • object to our processing of your personal data
  • ask that we restrict our processing of your personal data; and
  • ask for the portability of personal data – receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us at info@valithea.com.

You can also submit a request for GDPR Data Deletion.

If you have redeemed a discount in exchange for your time to write a review, the review can only be deleted in exchange for the redeemed monetary discount. However, we welcome your concerns with regards to the use of your individual name, and we could come to an agreement to edit the individual name, but not the company name, which is not protected by GDPR. Get in contact to discuss.

Right to complain

If you are unhappy with the way we handled your personal information or any privacy query or request you have raised with us you also have a right to complain to a data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen. A list of national data protection authorities can be found here.

Changes to our privacy statement

We may modify or amend this privacy statement from time to time.

To let you know when we make changes to this privacy statement, we will amend the revision date at the end of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

Contact & Data deletion

If you have any questions, comments or requests regarding this privacy statement contact us. You can also get in contact through the form on our homepage or by email to info@valithea.com if you would like to have all your personal data deleted.

Valithea OÜ
Sepapaja 6
Tallinn 15551