Skip to main content

GDPR Statement

Last updated: 2 May 2026

1. Our commitment

Aerion OÜ is committed to the EU General Data Protection Regulation, Regulation (EU) 2016/679, and to the principles of lawful, fair, and transparent processing of personal data. This statement summarises how those principles are applied in our day-to-day operations.

2. Controller details

The data controller is Aerion OÜ, registered with the Estonian Commercial Registry under number EE 17328101, with its registered office in Tallinn, Estonia.

3. Data Protection Officer

Given Aerion's current size and processing footprint we have not appointed a formal Data Protection Officer. All data protection enquiries are routed to contact@aerion.ee, where they are handled by the responsible director.

4. Lawful bases per processing activity

Inquiry and assessment forms are processed on the basis of consent and the steps preceding entry into a contract. Customer service delivery is processed on the basis of contract performance. Website security and abuse prevention is processed on the basis of legitimate interest. Statutory record keeping (for example tax records) is processed on the basis of legal obligation.

5. Data minimisation

We collect only the personal data we actually need for the purpose at hand and we do not retain it longer than necessary. Forms ask for the minimum information required to respond meaningfully to your request.

6. Data subject rights

Under the GDPR you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21), as well as the right not to be subject to solely automated decisions producing legal or similarly significant effects (Art. 22). Where processing is based on consent you may withdraw it at any time.

7. Response time

We acknowledge data subject requests as soon as reasonably possible and provide a substantive response within 30 days, in line with Article 12(3) of the GDPR. The period may be extended by up to two further months for complex or numerous requests, and we will tell you if that applies.

8. Data residency

Personal data and customer operational data are stored on infrastructure located within the European Union. We do not transfer personal data outside the EU/EEA except where appropriate safeguards under Chapter V of the GDPR are in place and the customer has been informed.

9. Processors

As of 2 May 2026 Aerion OÜ does not engage external sub-processors for the personal data collected through this website. If that changes we will update this statement and, where required, seek consent or provide notice in advance.

10. Supervisory authority

The competent supervisory authority for Aerion OÜ is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI), reachable at https://aki.ee. You have the right to lodge a complaint with AKI if you believe your data has been processed unlawfully.