Information & Security Policy

This Information and Security Policy explains how Relovate OÜ protects personal data, documents and communications while providing relocation, consultation and document support services. The policy reflects our internal practices and the security measures we apply to all client information.

Relovate OÜ
Registry code: 17370391
Email: info@relovate.eu
Website: www.relovate.eu

We may update this policy from time to time. The latest version is always available on our website.

1. Purpose of the Policy

The purpose of this policy is to ensure that all information processed by Relovate OÜ is protected from unauthorized access, loss, misuse, alteration or destruction.

This policy describes the technical and organizational measures used to protect client information in compliance with applicable law, including the GDPR and its requirements for secure processing (Article 32).

2. Devices and Access Security

Relovate OÜ uses secure, password-protected devices to access and process client information.

• Work is performed using a personal laptop and phone.
• Both devices are protected by strong passwords, biometric locks or access codes.
• Devices use full-disk encryption and lock automatically when not in use.
• Security updates are enabled on all devices.
• Windows Defender is used for antivirus and system protection.
• No other individuals, including household members, have access to these devices.
• Only Relovate OÜ has access to client information.

3. Network Security

Client information is accessed only through secure internet connections.

• A private home Wi-Fi network protected by a strong password and WPA2 or WPA3 encryption.
• A secure personal 5G connection when working outside the home.
• Public Wi-Fi networks are never used for work involving client data.
• All cloud platforms are accessed over encrypted HTTPS connections.

4. Storage of Client Information

Client information is stored using secure and reputable cloud systems.

Data may be stored in:
• Trello (Atlassian)
• Google Drive
• Gmail email account

Local device storage is used only temporarily during document preparation or processing. Documents are moved to secure cloud storage as soon as possible.

Relovate OÜ does not store documents on USB sticks, external drives or unencrypted devices.

No physical copies of client documents are printed by Relovate OÜ.

If printed documents are required for appointments, clients handle printing themselves.

5. Encryption and File Protection

The following security measures apply to all stored and transmitted data:

• Google Drive uses industry-standard encryption for data in transit and at rest.
• Local device files are protected by device-level encryption.
• All accounts (Google, Trello, LHV, Squarespace) are protected with strong passwords and two-factor authentication.
• Access logs may be reviewed periodically to detect unusual activity.

6. Access Control

Relovate OÜ operates with strict access control.

• Only Relovate OÜ has access to client data.
• No employees, subcontractors or external individuals have access.
• Information is shared only with government authorities or institutions when required to provide the service.
• Each client case is separated into dedicated folders or Trello cards to maintain clear separation of information.
• Documents shared with PBGB or embassies are transmitted through secure, encrypted email channels.

7. Communication Security

Official communication channels used by Relovate OÜ are:

• Email (Gmail)
• Trello comments and attachments
• Google Meet for video calls
• Phone calls when necessary

Relovate OÜ does not use WhatsApp, Instagram, Facebook Messenger or other social media platforms for document sharing or official communication.

Clients are instructed not to send personal data or documents through social media. If they do, they are redirected to secure channels immediately.

Two-factor authentication is enabled for Google, Trello and banking systems (Smart-ID or Mobile-ID).

Relovate OÜ is not responsible for security failures on external platforms such as Google, Trello or email providers.

Clients are responsible for securing their own email accounts and devices.

8. Website and Hosting Security

The relovate.eu website is hosted on Squarespace, which provides:

• SSL/HTTPS encrypted connections
• Automatic security patches and updates
• Secure server infrastructure
• Access controls for website management
• Built-in DDoS protection

Where possible, administrator access is protected by two-factor authentication.

Squarespace uses essential cookies and may use optional analytics or marketing cookies with user consent.

9. Backups

Client information stored in Google services is automatically backed up through Google’s secure cloud infrastructure.

Google may store backups in the EU or US depending on system architecture.

No offline or physical backups are created outside secure cloud environments.

10. Data Retention and Deletion

Relovate OÜ retains personal data only for as long as necessary.

• Client case files and application documents: stored for up to 3 years after service completion.
• Communication records: stored for up to 3 years.
• Accounting records and invoices: stored for 7 years as required by Estonian law.

After the retention period:

• Digital files are permanently deleted from Google Drive, Trello and Gmail.
• No shadow copies or secondary versions are retained.
• Any temporary printed materials, if ever created, must be securely destroyed.

11. Data Breach and Incident Response

In the event of a suspected or actual data breach, such as unauthorised access or accidental disclosure, Relovate OÜ will:

• Investigate the incident immediately.
• Secure systems and prevent further access.
• Notify affected clients if required.
• Notify the Estonian Data Protection Inspectorate (AKI) within 72 hours if legally required.
• Document the incident and corrective actions taken.

12. International Data Transfers

Some service providers used by Relovate OÜ may store or process personal data outside the European Economic Area, including:

• Trello (Atlassian, USA)
• Google services (EU or USA depending on infrastructure)
• Squarespace (USA)

When international transfers occur, we rely on:
• Standard Contractual Clauses
• Encryption and secure access controls
• Other GDPR-compliant safeguards

Data may also be shared with embassies or visa centres outside the EU if required for the application.

13. Future Personnel or Subcontractors

If Relovate OÜ hires employees or engages subcontractors in the future, they will be required to:

• Follow this Information and Security Policy
• Sign confidentiality agreements
• Complete data protection and security training
• Access only the information necessary for their tasks
• Operate under a Data Processing Agreement when applicable

14. Client Responsibilities

Clients are responsible for:

• Protecting their own devices and email accounts
• Ensuring their communication tools are secure
• Avoiding the use of shared or insecure email accounts
• Not sending personal data through social media or unprotected channels

Relovate OÜ is not responsible for data breaches that occur due to client-side security failures.

15. Contact

For questions related to information security, please contact: info@relovate.eu.

Last updated: 22.12.2025