Data Protection

  1. Overview
  2. Legal
  3. Data Protection

Last Updated: 17 November 2025

1. Introduction and Purpose

At fortheworld OÜ ("we," "us," "our"), we are deeply committed to safeguarding the privacy, rights, and freedoms of individuals regarding their personal data. This policy outlines our dedication to processing personal data safely, lawfully, and transparently, in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

This document establishes the principles, responsibilities, and protocols we maintain to ensure the highest standards of data protection.

Company Details:

2. Scope of Policy

This policy applies to all personal data processed by fortheworld OÜ. This includes data relating to:

  • Customers and clients

  • Employees and contractors

  • Partners and third-party vendors

It applies to all staff, contractors, and third parties who access or process personal data on our behalf.

3. Core Data Protection Principles

We adhere strictly to the data processing principles set out in Article 5 of the GDPR. All personal data is:

  1. Lawful, Fair, and Transparent: Processed legally and openly.

  2. Purpose Limited: Collected only for specific, legitimate reasons and not used for anything unrelated.

  3. Minimized: Restricted to data that is strictly necessary for the intended purpose.

  4. Accurate: kept up-to-date, with immediate steps taken to correct or delete inaccurate information.

  5. Storage Limited: Retained only for as long as necessary to fulfill the purpose of collection.

  6. Secure (Integrity & Confidentiality): Protected against unauthorized access, loss, or damage using robust technical and organizational measures.

Accountability: As the Data Controller, we accept full responsibility for demonstrating compliance with these principles.

4. Lawful Basis for Processing

We only process personal data when a valid lawful basis exists, including:

  • Consent: When you have given clear, explicit permission for a specific purpose.

  • Contractual Necessity: To fulfill a contract with you or take steps at your request prior to entering a contract.

  • Legal Obligation: To comply with statutory requirements (e.g., tax or employment laws).

  • Legitimate Interests: When necessary for our business interests, provided these do not override your fundamental rights and freedoms.

5. Your Rights (Data Subject Rights)

Under the GDPR, you have specific rights regarding your personal data. You have the right to:

  • Be Informed: Know how your data is collected and used.

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request the deletion of your data (the "right to be forgotten") under specific conditions.

  • Restrict Processing: Limit how we use your data in certain situations.

  • Data Portability: Receive your data in a structured format to move it to another service.

  • Object: Oppose processing based on legitimate interests or direct marketing.

  • Review Automated Decisions: Contest decisions made solely by automated means/profiling.

To exercise any of these rights, please contact support@sustainable.support. We respond to all requests within one month, as mandated by GDPR.

6. Data Security Measures

We employ comprehensive technical and organizational measures (TOMs) to secure your data against unauthorized access, alteration, or destruction. Our security framework includes:

  • Encryption of data where appropriate.

  • Strict access controls limiting data visibility to authorized personnel only.

  • Regular security audits of our collection and storage practices.

  • Mandatory data protection training for all employees.

7. Breach Notification

We have established procedures to detect and manage data breaches.

  • Regulatory Notification: If a breach poses a risk to individual rights, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours.

  • Individual Notification: If the breach poses a high risk to your rights, we will inform you directly without undue delay.

8. International Data Transfers

If we transfer data outside the European Economic Area (EEA), we ensure it is protected to GDPR standards by relying on:

  • Adequacy Decisions: Transferring to countries deemed "adequate" by the European Commission.

  • Standard Contractual Clauses (SCCs): Using EU-approved contracts that guarantee data protection.

9. Roles and Responsibilities

Every employee and contractor at fortheworld OÜ is responsible for adhering to this policy. Management is accountable for overall organizational compliance. All inquiries regarding data protection should be directed to our designated contact point at support@sustainable.support.

10. Policy Review

We review this policy at least annually to ensure alignment with evolving laws and operations. Updates will be communicated internally and, where relevant, to our external partners and users.

Key Changes Made:

  • Formatting: Added bullet points and bold headers to make the text "scannable."

  • Tone: Shifted to a slightly more active and modern voice (e.g., "We adhere strictly..." instead of "We adhere to...").

  • Clarity: Simplified the definitions of the GDPR principles in Section 3 for easier reading.

Was this article helpful?