As you would expect for a company of data protection professionals, our clients’ (hereinafter “you” and “your”) privacy really does matter to Maili DPPM (“we” and “us”). This privacy notice is to inform you what types of personal data we process, why we process it, how we do this lawfully, who we might share the data with and how long do we keep it. We want to assure you that we apply all
reasonable and proportionate organizational and technological measures to secure your data and protect your privacy.

Whose and what data we collect?

If you represent the company who is our audit, advisory or DPO service client, we will ask your first and last name, your professional e-mail, phone number and your job title.


If you work for the company who is our audit, advisory or DPO service client we may see your first and last name, your job title and professional contact details during the audit or providing DPO service.


If you take CIPP/E, CIPM or other data protection courses with us we will ask for your first and last name, your job title, company name and professional contact details.


If you contact us with a query about our services, we will ask for your name and professional contact details. 
If you contact us to see if we process your personal data or to exercise any of your rights, we will ask you to authenticate yourself.

What purposes and on what lawful grounds do we collect your data?


We process your personal data because the company you work for or represent has bought our services and we need it to deliver the service agreed in the contract between each business.

If you buy a training service from us we process your data to deliver the service based on a contractual agreement between you and us.

When you submit a query through our website we process your data based on our legitimate interest. When using legitimate interest as a lawful base we conduct a three part balance test to make sure that our legitimate interest doesn’t cause high risk to your fundamental rights.

Who is the data controller of your personal data? 


Controller is the organization who decides the means and purposes of personal data processing. The controller your data is:

Maili DPPM OÜ (registry code 16067035)

Tallinn, Harjumaa

Do we disclose your data to anyone?


We do not use any data processors. Processors are companies that process data based on Controllers instructions.

We do use Microsoft 365 cloud solution for storing our documents. Microsoft’s Data Protection Addendum for online services is available here:

What are your rights concerning your data?


You have a right to ask us if we process any data about you and obtain a copy of any data we process about you. We may ask you to authenticate yourself to keep your information secure.

You can always correct your data that we hold about you.

You have a right to ask us to stop or restrict processing of your data and you can raise concerns if you are dissatisfied with our processing your personal data. Please note that we cannot delete or restrict processing of data where we have a legal or contractual obligation to so.

You might have a right to ask for data to be ported to another Controller’s systems if this is technologically feasible.

We will inform you if we correct or erase your data without your request outside of the terms given in this privacy notice.

If you have any queries about if and how we process your data please contact us by e-mail at .

You have a right to contact Data Protection Inspectorate if you think your privacy rights have been breached.

How do we ensure your data is processed securely?


We use relevant organisational, physical and technological security measures to protect your personal data. Some examples of the measures we use:

Physical measures – the office is locked and we don’t keep paper-based documents with personal data.

Technological measures – all our computers are password protected and encrypted as necessary. We use firewalls and antivirus programmes, with regular backups.

Organisational measures – data protection, information security and access management policy; regular employee training, confidentiality requirements for employees.

Do we use cookies?


The website only uses functional cookies, we don’t follow our website visitors nor do we collect statistics of their behaviour

Do we update the privacy policy?


We update our policy as our personal data processing changes, the privacy policy published on our website is always the latest version.