Privacy Policy

The privacy of customers personal data is important to Digital Formula Lab (DFL). This Policy describes the rules according to which Digital Formula Lab processes the personal data of any person using the Digital Formula Lab’s website, mobile apps and any services offered by Digital Formula Lab.

1 - General Definitions

Digital Formula Lab

Service provider who needs to process customer’s personal data for the provision of service. Depending of the service the services providers are the following:

    • Digital Formula Lab OÜ (registry code 14877570, address Sepapaja 6, Tallinn, Estonia) who provides Digital Service
    • Affiliate of the forenamed service provider whose company information is provided in the respective service agreement


Natural person who is using DFL’s website, app or any services provided by DFL


Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data


This privacy policy

Personal Data

Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Personal Data processed by DFL is described under Section 3


Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction


A person who alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

Depending of the service the Controller of the Customer’s Personal Data is:

    • Digital Formula Lab OÜ or its affiliate if Customer requested Digital Service


A person who Processes Personal Data on behalf of the Controller

In the course of provision of Service, DFL may act as Processor by Processing Personal Data on behalf of its Customer or Customer’s legal entity. However, this Policy shall not regulate the DFL’s actions as Processor


Any services provided by DFL via website and DFL mobile apps

2 - Policy Applicability

This Policy applies to Personal Data Processing where DFL acts as a Controller. Any personal data Processing conducted on behalf of the Customer or his legal entity is subject to an additional data processing agreement signed between DFL and the legal person controlled by the Customer.

3 - Personal Data being collected

DFL Processes the following Personal Data about the Customer:

    1. Personal Details – full name (surname and given name), gender, personal identification code, date of birth, nationality, contact postal address, e-mail address, mobile phone number, bank where the personal bank account exists;
    2. Profile Data – Customer’s Google profile data, such as name, e-mail address, language preference and profile picture;
    3. Payment Data – data concerning payments for DFL’s Service and state fees, such as account number (IBAN), account holder name, bank name, transaction details, If the Customer chooses to pay for the Service by credit card or by PayPal or Stripe, his/her payment details are not stored by DFL and therefore cannot be accessed by DFL.
    4. Device Data – information regarding the device on which the Customer is using the DFL’s website/app, including the device’s model, name or any other identifier and the IP address;
    5. Preference Data – Customer’s preferences in the DFL’s website/app;
    6. Customer Support Data – communication between DFL and the Customer (inquiries submitted via the website, email, social media or chat);
    7. Usage Data – data about Customer’s interaction in DFL’s website/app.

4 - Sources of Personal Data collection

Majority of Customer’s Personal Data Processed by DFL is collected directly from the Customer. However, DFL may collect Customer’s Personal Data also from third party sources. Some of these databases are publicly available and some of them are not.

5 - Purposes for collecting and Processing Customer's Personal Data

Personal Data collected by DFL is Processed for the purposes established in the law or as described herein, including but limited for the following purposes:

    1. Contractual Purpose – DFL needs to Process Customer’s Personal Data in order to enter into service agreement with the Customer and to provide Service to Customer;
    2. Compliance Purpose – DFL needs to Process Customer’s Personal Data in order to perform obligations under applicable laws, such as to comply with the lawful inquiries and orders of public authorities with whom DFL is obligated to cooperate;
    3. Analytical Purpose – DFL needs to Process Customer’s Personal Data in order to manage, analyse and improve the Service, website and app;
    4. Marketing Purpose – DFL needs to Process Customer’s Personal Data in order to send relevant promotional information to the Customer about DFL services and the related offerings by third parties we work with, if the Customer has granted an explicit consent to use his/her Personal Data for this purpose;
    5. Personalization Purpose – DFL needs to Process Customer’s Personal Data in order to personalize the Service and the content provided to the Customer;
    6. Communication Purpose – to contact the Customer for administrative purposes such as customer service, address technical or legal issues related to the Service provided, or share updates and notifications about the Service;

DFL shall not use Customer's Personal Data for any other purpose incompatible with the purposes outlined above or required, permitted or authorized by law.

Customer is not subject to statutory obligation which obligates Customer to provide Personal Data described herein to DFL. The collection of certain Personal Data referred herein may be required under the law and/or inevitably necessary for the provision of service to the Customers (such as data necessary for the verification of the Customer). Failure to provide data may result in adverse consequences, such as, DFL’s inability to comply with our obligations under law. The Customer is welcome to ask for clarifications regarding the obligation to submit any specific Personal Data and also about possible consequences arising from the failure to provide the Personal Data.

6 - Legal grounds for Processing

DFL is relying on the following legal grounds when Processing Customer’s Personal Data:

    1. Processing is necessary for the performance or entry into a contract between Customer and DFL (GDPR article 6 (1) (b)), DFL is Processing Personal Data for Contractual Purpose under contract entered into between DFL and Customer;
    2. Processing is necessary for compliance with a legal obligation to which DFL is subject (GDPR article 6 (1) (c)). DFL is Processing Personal Data for Compliance Purpose under legal obligations to which DFL is subject to;
    3. Processing is necessary for the purposes of the legitimate interests pursued by DFL (GDPR article 6 (1) (f)). DFL is Processing Personal Data for Analytical or Personalization Purpose under legitimate interest;
    4. Customer has granted a consent to the Processing of his Personal Data (GDPR article 6 (1) (a)). DFL is Processing Personal Data for Marketing Purpose under Customer’s consent.

7 - Transfer of the Personal Data

DFL may transfer Customer's Personal Data to third parties, such as:

    1. legal and regulatory authorities whom DFL is obligated to disclose Customer’s Personal Data under the law;
    2. server hosts who host DFL’s servers;
    3. identification service providers who help DFL verify Customer’s identity and acquire Verification Data;
    4. communication service providers who facilitate e-mails, calls, SMS messages and other communication between DFL and the Customer;
    5. customer support and customer management service providers;
    6. marketing service provider;
    7. DFL’s partner bank who providing banking services to the Customer or to the legal entity controlled by the Customer or any other financial service provider;
    8. DFL’s affiliate. i.e. any company that directly or indirectly controls DFL; any company that is directly or indirectly controlled by DFL; or any company that is controlled, directly or indirectly, by the ultimate parent company of DFL. Control shall mean owning more than fifty percent of the voting rights in a company or otherwise having the power to govern the financial and the operating policies or to appoint the management of a company;
    9. other parties involved with the provision of DFL’s Service (accountants, auditors, lawyers, IT systems suppliers and support, or any other outsourcing providers).

DFL has taken steps to ensure that these data recipients protect the confidentiality and security of Personal Data, and to ensure that Personal Data is Processed only for the provision of Service and in compliance with applicable law.

Such third parties may be located in countries outside of the European Economic Area ("EEA") whose privacy regulations may differ and which are not subject to adequacy decisions of the European Commission. In those countries the security of the Personal Data (inc. protection against misuse, unauthorized access, disclosure, alteration or destruction) may not be ensured as it is secured in the European Union, due to the lack of adequate data protection level.

For example, DFL may transfer Customer's Personal Data to the US, in which case DFL shall ensure that the recipient of the Personal Data is certified in accordance to the EU-US Privacy Shield entered by and between the US Department of Commerce and the European Commission. To learn more about the Privacy Shield program, please visit

When transferring collected Personal Data outside of the EEA, DFL shall ensure the application of the appropriate safeguards. If the Customer wishes to receive a copy, please contact us as instructed below.

8 - Security

DFL will take appropriate legal, organisational, and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied in order to protect Personal Data from involuntary or unauthorized Processing, disclosure or destruction.

Upon transferring Personal Data to third parties, DFL will apply the following safeguards:

    1. DFL enters into a data processing agreement with the relevant third party;
    2. DFL makes sure that such third party undertakes to implement appropriate technical and organizational measures ensuring the Processing of Customer’s Personal Data in accordance with this Policy and applicable law;
    3. DFL makes sure that (a) the third party is established in a jurisdiction which the European Commission has recognized as ensuring an adequate level of personal data protection, or (b) the Processing of Customer’s Personal Data is subject to other appropriate safeguards stipulated in the GDPR.

9 - Integrity and retention of the Personal Data

DFL will retain Personal Data for the period required or permitted by applicable law, but no longer than it is reasonably necessary in order to achieve the purposes for which the Personal Data was collected.

DFL takes reasonable steps to ensure that the Personal Data we Process is reliable for its intended use, accurate, and complete as necessary to carry out the purposes described herein.

10 - Customer's rights in regarding to the collection of Personal Data

Customer has the following rights in relation to the Processing of his Personal Data:

    1. Request information - DFL has provided all information which the Customer has right to receive in this Policy. The valid version of the Policy is available in DFL’s website at any time.
    2. Right to access - Customer has the right to ask DFL to provide a copy of Customer’s Personal Data which DFL Process.
    3. Right to Rectification - Customer has the right to ask DFL to rectify Personal Data in case the data is incorrect or incomplete.
    4. Right to Erasure - Customer has the right to ask DFL to erase Personal Data, unless DFL is obliged to continue Processing Customer’s Personal Data under law or under a contract between the Customer and DFL, or in case DFL has other lawful grounds for the continued Processing of Personal Data.
    5. Right to Restriction - Customer has the right to ask DFL to restrict the Processing of his Personal Data in case the data is incorrect or incomplete or in case his Personal Data is Processed unlawfully.
    6. Right to Data Portability - Customer has the right to ask DFL to provide the Customer or, in case it is technically feasible, a third party, his Personal Data, which the Customer has provided to DFL and which is Processed in accordance with Customer’s consent or a contract between the Customer and DFL.
    7. Right to Object - Customer has the right to object to Processing his Personal Data in case there is a reason to believe that DFL has no lawful grounds for Processing the Personal Data.
    8. Right to withdraw Consent for the Processing of Personal Data - Customer is entitled to withdraw the consent granted for the Processing of Personal Data at any time. Withdrawal does not affect the lawfulness of the Processing conducted before the withdrawal.
    9. Right to File Complaints - Customer has the right to file complaints regarding Processing of his Personal Data.

In order to exercise any rights referred herein the Customer is required to submit a written application to DFL (DFL’s contact details can be find under Section 16). DFL has the right to decline this application by justifying the reasons for the refusal.

According to the article 12(3) of GDPR, DFL is obligated to respond to the application within 1 month. However, DFL will make its best efforts to respond to Customer’s request within 1 week.

11 - Cookies and tracking technologies

DFL is using automatically collected information and other information collected within its website through cookies and similar technologies.

Cookies are small text files that a website or its service provider transfers to the Customer's computer hard drive through his website browser (if Customer allows) that enables the website's or service provider's systems to recognize Customer's browser and capture and remember certain information. For example, cookies may help a website remember certain preferences the Customer has selected on the website, such as language preferences.

    1. Within the website DFL is using the following types of cookies:
      • first-party cookies, which are stored to the Customer’s device by DFL. These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions that provide a good user experience;
      • third-party cookies, which are stored to the Customer’s device by other service providers on DFL’s website. DFL may use third-party analytics tools (such as Google Analytics), to help us measure traffic and usage trends for the DFL’s Service. Web analytic service providers analyse the usage of the DFL website and services so that DFL could improve and amend our website/app and function thereof.
    2. Cookies are being used to serve the following purposes:
      • to store authentication information and protect Personal Data from third parties;
      • to personalize our Service, help remember Customer's choices within the website, understand and save Customer's preferences for future visits;
      • to provide customized advertisements, content and information;
      • to track Customer's entries, submissions, and status in any promotional or other activities on the Service;
      • to monitor and analyse the effectiveness of the Service;
      • to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.

The Customer can delete or block cookies through his browser settings at any time. However, some cookies might be necessary for the functionality of the DFL Services and usage of the website. Therefore, the Customer understands that when blocking or deleting the cookies some features within the website might not function correctly. For more general information about cookies please see


12 - Google Analytics and ads

DFL have implemented the following Google Analytics and META features:

    1. Remarketing / Retargeting;
    2. Google Display Network Impression Reporting;
    3. Demographics and Interests Reporting.

DFL along with third-party vendors, such as Google and META, use first-party cookies (such as the Google Analytics cookies) and third-party cookies or other third-party identifiers together to compile data regarding Customer interactions with ad impressions, and other ad service functions as they relate to our website.

Customers can set preferences for how Google or META advertises to them using the Google or META Ad Settings page. Alternatively, the Customer can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

DFL is using Google Analytics and META to measure and evaluate access to and traffic on the public area of our website and create user navigation reports for our website administrators.

DFL takes measures to protect the technical information collected by the use of Google Analytics and META. The data collected will only be used on a need to know basis to resolve technical issues, administer the website and identify visitor preferences.

13 - Commercial Communication

If a Customer receives commercial emails from us, he may unsubscribe at any time by following the instructions contained within the email or by sending an email to [email protected]

The Customer is able to view and modify settings relating to the nature and frequency of promotional communications that they receive from us by accessing the "Settings" section in the restricted area of the website.

The Customer has to be aware that if he opts-out of receiving commercial emails from us or otherwise modify the nature or frequency of promotional communications he receives from us, it may take up to five (5) business days for us to Process the request. Additionally, even after he/she opts-out from receiving commercial messages from us, he/she will continue to receive administrative messages from us regarding the Service.

14 - Right to amend this Policy

DFL is entitled to unilaterally amend this Policy from time to time. Upon amending the Policy, DFL will notify the Customer about the terms by e-mail. In case the new terms refer to Processing of Customer’s Personal Data for any new purpose, which requires Customer’s consent, then DFL will not Process Personal Data for such new purpose, before it has received respective consent.

15 - Contact Information

Should the Customers have any questions regarding this Policy or Processing of Personal Data, they are welcome to contact DFL with requests, inquiries or any complaints via email: [email protected]

16 - Confirmation

By accepting this Policy, the Customer confirms that he has familiarized himself with this Policy, understood it and agree to its terms.


Last updated: March 4th, 2022