Note: This is a translation of the German version. The German version (https://nadovo.ai/de/datenschutz/) is legally binding.
The protection of your personal data is important to us. In this privacy policy we inform you about how we collect, use, and protect personal data.
1. General Information
Personal data is any information by which you can be personally identified. This privacy policy explains which data we collect on nadovo.ai, what we use it for, and what rights you have as a data subject.
This statement describes the current state of the website. When we extend the site (e.g. with new tools, web analytics, contact form), we will update the privacy policy accordingly.
2. Data Controller
The data controller for the data processing on this website is:
CONTORO SOLUTIONS OÜ
Sakala tn 7-2
10141 Tallinn
Estland
Email: info[a]contoro.solutions
The data controller is the natural or legal person who decides on the purposes and means of the processing of personal data.
3. Hosting
We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland (hereinafter "Hetzner").
When you access our website, personal data (e.g. IP addresses) is processed by Hetzner. The processing is carried out for the secure, fast, and reliable provision of the website (Art. 6(1)(f) GDPR - legitimate interest).
The servers are located in data centres in Germany. No data transfer to third countries takes place as part of the hosting.
We have concluded a data processing agreement (DPA) with Hetzner under Art. 28 GDPR, which ensures GDPR-compliant handling of personal data. The DPA is available at: https://www.hetzner.com/AV/DPA_de.pdf
Further information on data protection at Hetzner: https://www.hetzner.com/de/legal/privacy-policy/
4. Server Log Files
When you visit our website, information is automatically collected and stored in so-called server log files which your browser transmits to our hosting provider:
- Browser type and browser version
- Operating system
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website. Hetzner stores this data in accordance with its own policies regarding the security and stability of the service.
5. Fonts (Montserrat)
This website uses the "Montserrat" typeface, which is hosted locally. The font has been integrated locally into the build via the open-source package @fontsource-variable/montserrat.
When you access our pages, no data is transferred to external font CDNs (e.g. Google Fonts).
6. Cookies
In its delivery state, this website does not set any cookies. No tracking cookies, no analytics cookies, and no marketing cookies are used.
In the event of changes (e.g. introduction of web analytics or a cookie banner), this privacy policy will be updated accordingly and you will be asked for your consent.
7. Cal.com (Appointment Booking)
On our website we link to external Cal.com booking pages (Cal.com, Inc., 2261 Market Street #4242, San Francisco, CA 94114, USA).
Booking takes place by clicking on an external link. There is no embed and no automatic data transmission to Cal.com when you access our website. Only when you actively click on a Cal.com link will you be redirected to an external Cal.com page.
If you book an appointment there, your details (name, email, chosen time, and any other information you provide) will be stored on Cal.com servers. This is based on your consent given by the click (Art. 6(1)(a) GDPR) and on contract initiation (Art. 6(1)(b) GDPR).
Cal.com processes data in the USA. The transfer is based on the EU Commission's Standard Contractual Clauses. Further information on data processing at Cal.com: https://cal.com/privacy
8. Inquiry by Email
If you contact us by email, your details (name, email address, content of the inquiry) will be stored by us for the purpose of processing your inquiry and for follow-up questions.
The processing is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or to the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries (Art. 6(1)(f) GDPR).
This data remains with us until you request its deletion or the purpose for storage no longer applies. Statutory retention periods remain unaffected.
9. Storage Duration
Unless a more specific storage period has been mentioned within this privacy policy, your personal data remains with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke a consent for data processing, your data will be deleted, provided no other legally permissible reasons for storage exist (e.g. tax or commercial law retention periods).
10. Legal Bases for Data Processing
If you have consented to the data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR. If your data is required for the performance of a contract or for pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR. To fulfil legal obligations, we process data on the basis of Art. 6(1)(c) GDPR. The processing may also take place on the basis of our legitimate interest under Art. 6(1)(f) GDPR.
11. Recipients of Personal Data
In the course of our business activities, we work with external parties. A transfer of personal data to external parties only takes place if it is necessary for the performance of a contract, we are legally obliged to do so, there is a legitimate interest in the transfer, or another legal basis permits it.
When using data processors (currently: Hetzner for hosting), we only transfer personal data on the basis of a valid data processing agreement.
12. Third Country Transfers
When using external services whose providers are based outside the EU (currently: Cal.com, USA), a transfer of personal data to third countries may take place. In these cases, the transfer is based on the EU Commission's Standard Contractual Clauses or other suitable safeguards under Art. 46 GDPR.
We point out that in third countries a level of data protection comparable to that of the EU may not be guaranteed under all circumstances.
13. Revocation, Objection, Right to Lodge a Complaint
Revocation of Your Consent
Many data processing operations are only possible with your express consent. You can revoke a previously given consent at any time. The lawfulness of the data processing carried out up to the point of revocation remains unaffected.
Right to Object (Art. 21 GDPR)
If the data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time, on grounds arising from your particular situation, to the processing of your personal data.
If your personal data is processed for direct marketing, you have the right to object at any time to the processing for that purpose.
14. Supervisory Authority
In the event of violations of the GDPR, you have a right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged violation.
The supervisory authority responsible for us is:
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39
10134 Tallinn
Estland
Email: info[a]aki.ee
Website: https://www.aki.ee
15. Right to Information, Correction, Deletion
You have the right at any time to free information about your stored personal data, its origin, recipients, and the purpose of the data processing. You also have the right to correction or deletion of this data. For this and for further questions on the topic of personal data, you can contact us at any time.
16. Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data, in particular in the following cases:
- If you contest the accuracy of your personal data stored by us and we need time to verify it.
- If the processing of your personal data is unlawful and you request the restriction instead of deletion.
- If we no longer need your data, but you need it for the establishment, exercise, or defence of legal claims.
- If you have lodged an objection under Art. 21(1) GDPR and a balancing between your interests and ours is being carried out.
17. Right to Data Portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract in a common, machine-readable format, or to have it transferred to a third party, insofar as this is technically feasible.
18. SSL/TLS Encryption
For security reasons, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in the browser bar.
When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
19. Objection to Promotional Emails
The use of contact data published as part of the legal notice obligation for the transmission of advertising and information material that has not been expressly requested is hereby objected to. We reserve the right to take legal action in the event of unsolicited transmission of promotional information.
Last updated: 2026-04-28