Privacy Policy

Last updated on 18 January 2021.

Caspar de Roij OÜ is committed to complying with the provisions outlined in the General Data Protection Regulation and the Data Protection Act 2018. Looking after the personal information you share with our organisation is very important and we want you to be confident that your personal data is kept safely and securely. We also want to ensure you understand how we use your data to offer you a better, more tailored user experience with Caspar de Roij OÜ.

The information outlined below will help you to understand:

  • how and why Caspar de Roij OÜ collect information from you;
  • who Caspar de Roij OÜ shares your information with, why and on what basis; and
  • what your rights are in relation to managing the personal data that is held by Caspar de Roij OÜ

If we make changes to this notice we will notify you by updating it on our website.

Please also see our Cookie Notice.



Please read this privacy notice carefully as it describes our collection, use, disclosure, retention, and protection of your personal information. This notice applies to any website, application, or service which references it. Where you provide us with your personal information in any of the ways described below, you agree that we may collect, store and use it: (a) in order to perform our contractual obligations to you; (b) based on our legitimate interests for processing (i.e. for internal administrative purposes, data analytics and benchmarking, direct marketing, maintaining automated back-up systems or for the detection or prevention of crime); or (c) based on your consent, which you may withdraw at any time, as described in this privacy notice.

This Privacy Notice applies to all products and services offered by Caspar de Roij OÜ (a company registered in Estonia, no. 14573969 and whose registered office address is Caspar de Roij OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia), but excludes any products applications or services that have separate privacy notices. It does not supersede any client contracts, nor does it cover the role Caspar de Roij OÜ plays in fulfilling its service to clients which is covered separately.



By using this (our corporate) website – or and associated subdomains, you signify your acceptance of this policy.

If you do not agree to this policy, please do not use our website. Your continued use following the posting of changes to this policy will be deemed your acceptance of those changes.



Caspar de Roij OÜ acts as the ‘Data Controller’ of the personal data you provide to us via this website, by telephone and by email direct. We will sometimes refer to ourselves within this notice as “we” or “us”.

You can contact us about the personal data we hold for you by post at FAO – The Data Controller, Caspar de Roij OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia. Alternatively contact us by email: quoting ‘Data Privacy Enquiry’. Please allow 3 working days for a response.



When you contact us on or offline, for example by completing a form on our website you are showing interest in the services we as an organisation provide and consent to us collecting some personal data for you.  We ask for certain relevant information that will help us provide the most tailored experience for you as we deal with your enquiry.

We may ask you to share with us and record the following:

  • Your full name.
  • Your email address.
  • Your company name.
  • Your company telephone number/s.
  • Your area of interest and/or stage in the buying cycle (e.g. ‘just researching’, ‘comparison’ or ‘ready to buy).
  • Non-personal, relevant information about your organisation – e.g. size, sector or location.



To the extent permissible under applicable law, we collect information about you when:

  • you register to use our websites or services;
  • you complete online forms (including call back requests),
  • you interact with us using social media including taking part in social media competitions or surveys, post on our message boards or content,
  • you download information such as whitepapers or other research and publications or participate in any other interactive areas that appear on our website;
  • contact us offline, for example by telephone, fax, SMS, email or post.

We may also collect your information where you only partially complete and/or abandon any information inputted into our website forms and/or other online forms. We may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.

We also collect information from your devices (including mobile devices) and applications you use to access and use any of our website, applications or services (for example, we may collect the device type, location or connection information, along with data about your page views, traffic to and from our website, referral URLs, ad data or your IP address). Please read more on this in our Cookie Notice.



To the extent permissible under applicable law, we use your information for several key things:

  • to provide any information that you have requested or any services that you have ordered;
  • to provide, maintain, protect and improve any products, services and information that you have requested from us;
  • manage and administer your use of our applications, products and services;
  • manage our relationship with you (for example, customer services and support activities);
  • monitor, measure, improve and protect our content, website, applications and services and provide an enhanced, personal user experience for you;
  • deliver targeted, relevant advertising, marketing or information to you which may be useful to you;
  • provide you with location-based services (for example, serving an American English page to user in the USA);
  • undertake internal testing of our website, applications, systems and services to test and improve their security, provision and performance;
  • provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
  • to help detect, prevent, investigate or remedy a crime, or any illegal activities (including when working with regulators and law enforcement agencies);

Data protection regulations state that we are permitted to use and share your personal data only where we have a proper reason to do so. The legitimate reasons include:

  • Contractual reasons – your personal information is processed to fulfil a contract e.g. in order for you to purchase our services.
  • Consent – where you agree to us using your information in this way e.g. for subscribing you to your newsletter.
  • Legitimate interests – this means the interests of Caspar de Roij OÜ in managing our business to allow us to provide you with the best products and service in the most secure and appropriate way e.g. to transfer your data to a certain Third Party such as delivery partners.
  • Legal obligation – where there are statutory or other legal requirements to share the information e.g. when we have to share your information for law enforcement purposes.

We process personal data only for the purpose for which it is collected. The purpose is dependent on whether you use only our website, or additionally, our services as a client.

Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.

What We Use Your Personal Information For

Provide you with location-based services

Anti Fraud / DDoS Protection

Marketing Comms

Maintain and ensure our website delivers a good User Experience

Manage your account

Our Reasons (Legal Basis)

Legitimate Interest

Legitimate interests


Legitimate Interest

Legal Obligation

Contractual Obligation

Legitimate Interests

To serve you the most relevant version of our website and localised (languages-specific) content and from a server nearest to you.

Our systems use IP address to protect our servers from DDoS or other intrusions.

Where you sign up for our newsletter, or for information about our product and services.

Understand which pages users visit, when, on which device and identify those where engagement may be poor.

Keeping our records up to date, handling our client contact information efficiently and working out which of our products and services may interest you/keeping you informed. Handling payments and invoicing and other account management tasks.



We restrict and control all of our information assets against unauthorized access, damage, loss, or destruction; whether physical or electronic. Together with your help, we try our utmost to maintain the accuracy of your personal data.



Caspar de Roij OÜ works with a small number of trusted suppliers, agencies, and businesses in order to provide you the services you request from us.

We limit the personal data collected only to what is fit for the purpose as described above.



Our employees (who are data privacy trained) so that they may help us to provide you with the products, services, and information you have requested or which we believe is of interest to you;
third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions, and transaction beneficiaries;

third parties where you have a relationship with that third party and you have consented to us sending information (for example social media sites)
third parties for marketing purposes or who help us manage our electronic communications with you (e.g. email marketing platform providers like MailChimp. MailChimp has its own comprehensive international data privacy policies which can be read here).

credit reference and fraud prevention agencies;
regulators to meet our legal and regulatory obligations;
law enforcement agencies;

any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;

Caspar de Roij OÜ may share non-personally identifiable information about the use of our website, products, and services publicly or with third parties but this will not include information that can be used to identify you in any way.



We will retain your personal information for the duration of our business relationship and afterward for as long as is necessary and relevant for our legitimate business purposes (for marketing purposes this would be usually two years).

The only exceptions to this policy are where:
the law requires us to hold your personal information for a longer period, or delete it sooner;

you exercise your right to have the information erased (where it applies); and the law does not prevent us from erasure;

we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.



We want to keep you up to date with information about new products, services, and key information about our business. When you sign up via a form on our website we will subscribe you to receive email updates from us. You can opt-out of marketing communications at any time and manage your profile via links at the bottom of every email you receive from Caspar de Roij OÜ.

If you decide you do not want to receive further correspondence from Prospect Knight in any form (telephone, email, and direct mail), you can request that we stop by writing to the Data Protection Officer at the address provided above or by emailing us.

You may continue to receive marketing mailings for a short period while your request is dealt with (max five working days).



You have key rights over how your data is used and stored by us. These are known as your ‘Data Subject Rights’. You can read more about them on the Information Commissioner’s website –

In summary, your rights include:

  • Right of access – to request access to your personal information and information about how we process it
  • Right to rectification – to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased
  • Right to restriction of processing – to restrict processing of your personal information
  • Right to data portability – to electronically move, copy or transfer your personal information in a standard form
  • Right to object – to object to the processing of your personal information
  • Rights with regards to automated individual decision making, including profiling
  • Right to complain – the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live in, or where you feel your legal rights have been infringed.

We encourage you to contact us first if you have a complaint regarding how your data has been used. Wherever possible we will seek to resolve your issues directly and promptly.

If you have any general questions about your rights or want to exercise your data rights, please contact the Information Commissioner’s Office (ICO), (the data protection regulator in the UK) via –
If you withdraw your consent to the use of your personal information for purposes set out in our privacy notice here, we may not be able to provide you with access to all or parts of our website, products, and services.



Your usage of our website is your responsibility and we assume you are completing information that is your own. We’d prefer you did not complete information on someone else’s behalf but if you do please ensure you have obtained explicit permission to share it.

Ultimately, if you provide us with personal information about someone else, you are responsible for ensuring that you comply with any legal obligations and consent requirements relating to the disclosure under applicable data protection law. You should also direct them to read this privacy notice personally.



Our website links to other social media platforms like Whatsapp, Facebook, Twitter, LinkedIn and Instagram. If you follow a link from our website to another site or service or allow them to post content on your behalf from our website, this privacy notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services.

Where you respond to communications we post on third-party platforms, or post content yourself – we and the third-party may be able to see and retain certain information (like the content you have viewed). Your information can then be used by the third-party platform provider to identify your account and serve tailored advertisements to you. Should you prefer not to let this happen you can control what advertisements you receive via the privacy settings on the relevant provider’s platform or we recommend consulting the third party’s help centre for more information.



We may change this privacy notice from time to time. However, we will not reduce your rights. We will always update this notice on our website, so please try to read it when you visit the website (the ‘last updated’ reference tells you when we last updated it).



If you have any queries about how we treat your personal data, the contents of this privacy notice, how to update your records or how to obtain a copy of the information that we hold about you, please write to our Data Protection Officer at:

Data Protection Officer, Caspar de Roij OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia.

Or contact us by email quoting ‘Data Privacy Enquiry’. Please allow 3 working days for a response.