Legal · GDPR

Privacy Policy

How RS Traffic OÜ collects, stores, and protects personal data. Compliance with EU Regulation 2016/679 (GDPR).

GDPR-compliant · Updated 21.06.2026

1. Data Controller

The Data Controller is RS Traffic OÜ, a legal entity incorporated under the laws of the Republic of Estonia, registration number 16543218, registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 18, office 405, 10115, Estonia. GDPR contact: privacy@rs-traffic.net. Data Protection Officer (DPO): Thomas Meier.

2. Scope of the Policy

This Policy describes the processing of personal data of: (a) visitors to rs-traffic.net; (b) persons who have submitted a brief or contacted us via forms; (c) representatives of legal entities — current and prospective Clients; (d) marketing newsletter subscribers. This Policy does not apply to end users of the Client's product — their data is processed by the Client as a separate data controller.

3. Data We Collect

Directly from you: name, email, Telegram/messenger handle, company name, project domain, country, role, project budget, GEO of interest, task description. Automatically: IP address, user-agent, referrer, pages visited, cookie identifiers, approximate geo-region (by IP). From third parties: company enrichment data (Clearbit, for B2B verification). We do not collect special categories of data (health, political views, biometrics).

4. Legal Bases for Processing

(a) Performance of a contract (Art. 6(1)(b) GDPR) — for Clients and persons who have submitted a brief with the intent to enter into an agreement. (b) Consent (Art. 6(1)(a)) — for marketing email communications, analytics cookies, and data enrichment. (c) Legitimate interests (Art. 6(1)(f)) — for fraud prevention, website usage analytics, and dispute resolution. (d) Legal obligation (Art. 6(1)(c)) — for retaining accounting records under Estonian law.

5. Purposes of Processing

Processing enquiries, preparing commercial proposals, entering into and performing contracts, invoicing and tax accounting, project communications, website analytics, protection against bot traffic and abuse, sending marketing materials (subject to consent only), and fulfilling legal obligations. No automated decision-making or profiling with legal consequences is carried out.

6. Transfers to Third Parties (Processors)

Data is transferred only to: (a) payment providers (LHV Pank AS, USDT processors) for invoicing and payment processing; (b) hosting providers (Hetzner Online GmbH — Germany, Cloudflare Inc. — USA) under Data Processing Agreements; (c) mailing services (Postmark — USA) subject to subscriber consent; (d) accountants and auditors under NDA; (e) regulatory, tax, and law enforcement authorities solely upon a lawful request. We never sell or share data for third-party advertising.

7. International Transfers

Part of the infrastructure (Cloudflare CDN, Postmark) may process data outside the European Economic Area, including in the USA. Such transfers are carried out on the basis of EU Standard Contractual Clauses (2021/914) and supplementary technical measures (TLS 1.3 encryption in transit, pseudonymisation, data minimisation).

8. Retention Periods

Brief, contract, and primary accounting data — 7 years from the date of the last transaction (as required by the Estonian Raamatupidamise seadus). Prospective Client data where no deal is concluded — 24 months, then automatically deleted or anonymised. Marketing contacts — until consent is withdrawn. Server and analytics logs — 90 days. Cookies — as per Section 12 below.

9. Your Rights under the GDPR

Right of access (Art. 15) — to request a copy of your data. Right to rectification (Art. 16). Right to erasure (Art. 17, 'right to be forgotten'). Right to restriction of processing (Art. 18). Right to data portability (Art. 20). Right to object to processing (Art. 21). Right to withdraw consent at any time. Right to lodge a complaint with a supervisory authority (in Estonia — Andmekaitse Inspektsioon, aki.ee). Requests should be sent to privacy@rs-traffic.net and are handled within 30 calendar days.

10. Exercising Your Rights

Requests must be sent from the email address used when interacting with us, or accompanied by an identity document (for verification purposes). In the case of manifestly unfounded or excessive requests, the Agency may charge a reasonable fee or decline to respond. Responses are provided in writing to the same email address.

11. Security

Data is stored in encrypted form (AES-256 at rest, TLS 1.3 in transit). Access to production systems is restricted to the 1Password vault with mandatory 2FA (FIDO2/TOTP). Annual external penetration testing and 24/7 SOC monitoring are in place. Regular encrypted backups are maintained. Any personal data breach is reported to the supervisory authority and affected data subjects within 72 hours of discovery (Arts. 33–34 GDPR).

12. Cookies and Tracking

We use: (a) strictly necessary cookies (session, security, CSRF) — no consent required; (b) functional cookies (language, preferences) — subject to consent; (c) analytics cookies (Plausible Analytics, self-hosted) — subject to consent, without cross-site tracking; (d) IP addresses in logs are anonymised (last octet zeroed) after 30 days. Third-party advertising, retargeting, and tracking cookies (Facebook Pixel, Google Ads) are not installed on the website. A granular cookie consent banner is displayed on the first visit from the EU/EEA.

13. Data of Minors

The website and services are intended exclusively for B2B clients and industry professionals aged 18 and over. We do not knowingly collect data relating to minors. Upon discovery of such data, it is deleted within 48 hours.

14. Automated Decision-Making

Automated decision-making that produces legal effects or similarly significantly affects data subjects is not employed. Lead scoring is used solely for internal prioritisation of manual processing and does not restrict interaction.

15. Policy Changes

Material changes to this Policy are communicated: (a) on this page with an updated date; (b) by email to all Clients whose data is actively being processed, at least 14 days before the changes take effect. Continued use of the website after publication of a new version constitutes acceptance of it.

16. Data Contact Details

For any questions regarding personal data, the exercise of rights, or complaints: privacy@rs-traffic.net. Postal address for official correspondence: RS Traffic OÜ, Attn: DPO, Tartu mnt 18, office 405, Tallinn 10115, Estonia. Supervisory authority: Andmekaitse Inspektsioon, Tatari 39, 10134 Tallinn, info@aki.ee.

We accept payments in cryptocurrency

  • Bitcoin
  • Ethereum
  • Tether USDT
  • Solana
  • TON
  • Litecoin
  • Dogecoin
  • Bitcoin Cash
  • Dash