Skip to content
My DigiLa
Log out

DigiLa Privacy Notice

Last update 02.04.2026

This privacy notice explains how DigiLa OÜ processes personal data in situations where DigiLa acts as the data controller.

If DigiLa processes personal data as a processor on behalf of its client, the main information about the purposes of that processing, the legal bases, and the rights of the data subject is provided in the DigiLa client's privacy notice. DigiLa's client may, for example, be a kindergarten, childcare provider, or another educational institution.

Data Controller

DigiLa OÜ
Registry code: 16942879
Address: Tuukri tn 11, 10120 Tallinn
Email: info@digila.eu
Website: www.digila.eu

When DigiLa acts as the controller

DigiLa acts as the controller primarily in the following situations:

  • when managing DigiLa's website or application;
  • when responding to contact inquiries;
  • when sending informational emails or newsletters;
  • when providing DigiLa's service directly to private customers.

If DigiLa processes data on behalf of a client, such as a kindergarten or childcare provider, and under that client's instructions, DigiLa acts as a processor.

Whose personal data DigiLa processes as controller

In its role as controller, DigiLa may process the personal data of the following persons:

  • visitors to the website or application;
  • persons contacting DigiLa via the contact form or email;
  • recipients of newsletters or informational emails;
  • representatives of business clients;
  • private customers who use DigiLa's service directly (including parents) and their children to the extent that the parent enters the data into DigiLa's system through their account.

What personal data DigiLa processes

Depending on how the service is used, DigiLa may process the following personal data:

  • name;
  • email address;
  • account details and login-related information;
  • child's name;
  • child's age;
  • child development assessment data entered into the system by the user;
  • content of communications;
  • IP address;
  • system usage logs;
  • technical data about the device and browser.

Sources of personal data

DigiLa obtains personal data:

  • directly from the data subject;
  • from the parent who creates an account and enters data into the system;
  • automatically during the use of DigiLa's website or application;
  • from the client if DigiLa acts as a processor when providing the service.

If DigiLa obtains personal data other than directly from the data subject, DigiLa will, where necessary, also provide information about the source of the data in accordance with Article 14 of the GDPR.

Purposes and legal bases for processing personal data

Creating an account and providing the service to a private customer

Purpose: to create a user account, enable the use of DigiLa's service, and store the data entered by the user.
Data: parent's name, email address, account details, child's name, child's age, child development assessment data.
Legal basis: GDPR Article 6(1)(b) (performance of a contract).

User support related to the performance of the contract

Purpose: to answer questions related to the user account or use of the service and to resolve issues arising during the provision of the service.
Data: name, email address, account details, content of the inquiry, and other necessary information.
Legal basis: GDPR Article 6(1)(b) (performance of a contract).

Responding to general inquiries

Purpose: to respond to general questions, cooperation requests, or sales inquiries.
Data: name, email address, content of the inquiry, and other necessary information.
Legal basis: GDPR Article 6(1)(f) (legitimate interest).

Explanation of legitimate interest: DigiLa's legitimate interest is to manage its business communications and respond to inquiries addressed to the organization.

Reliability and security of the website and system

Purpose: to ensure the security and reliability of the systems, detect faults, and prevent misuse.
Data: IP address, logs, and technical data relating to the device and browser.
Legal basis: GDPR Article 6(1)(f) (legitimate interest).

Explanation of legitimate interest: DigiLa's legitimate interest is to protect its services, systems, and users against security risks and technical issues.

Informational emails and newsletters

Purpose: to send users or clients information about DigiLa's services, updates, and opportunities.
Data: name, email address, and information about the customer relationship or the consent given.
Legal basis: GDPR Article 6(1)(a) (consent) or Article 6(1)(f) (legitimate interest), where permitted by law.

The recipient may unsubscribe from receiving informational emails at any time.

With whom DigiLa shares personal data

DigiLa may share personal data, only to the extent necessary, with the following parties:

  • server and hosting service providers;
  • authentication service providers;
  • technical service providers;
  • legal advisers and supervisory authorities where necessary.

Transfers to third countries

When using DigiLa's service, third-party authentication solutions may be used, such as Google or Facebook sign-in. Where such services are used, the relevant service providers may process the personal data necessary for authentication in their own systems in accordance with their own terms and privacy policies.

The use of these services may mean that some personal data is processed outside the European Economic Area or made accessible from outside the European Economic Area. In such cases, DigiLa ensures that personal data is transferred using data transfer mechanisms and appropriate safeguards that comply with applicable law.

DigiLa's other databases and servers are located within the European Economic Area.

How long DigiLa retains personal data

DigiLa retains personal data only for as long as necessary to fulfil the purpose of the processing or to comply with obligations arising from applicable law.

For example:

  • contact inquiries are generally retained for up to 2 years after the last communication;
  • data related to newsletters or informational emails is retained until consent is withdrawn or the person unsubscribes;
  • technical logs are retained for a limited period to ensure security and reliability;
  • data related to customer communication is retained for as long as necessary to manage the relationship and defend against potential claims;
  • data processed as a processor is retained in accordance with the client agreement, data processing agreement, and the controller's instructions.

The exact retention periods are set out in DigiLa's internal overview of processing activities. If necessary, additional information may be requested at digila@digila.eu.

Rights of the data subject

The data subject has the right to:

  • receive information about the processing of their personal data;
  • request access to their personal data;
  • request the correction of inaccurate data;
  • request the erasure of data where there is a legal basis for doing so;
  • restrict the processing of data;
  • object to processing based on legitimate interest;
  • withdraw consent if the processing is based on consent;
  • receive the data in a structured format where this right applies;
  • lodge a complaint with the Estonian Data Protection Inspectorate.

If DigiLa acts as a processor on behalf of a client, DigiLa may direct any request to exercise rights to the relevant controller.

How DigiLa protects personal data

DigiLa applies appropriate technical and organizational security measures, including:

  • encrypted data transmission;
  • role-based access;
  • logging and monitoring;
  • pseudonymization where appropriate;
  • restricting access to authorized persons only.

DigiLa as processor

If DigiLa provides services to a kindergarten, childcare provider, or another legal entity, DigiLa processes personal data on behalf of that client and under that client's instructions in its capacity as processor.

In such a case:

  • the client determines the purposes and legal bases of processing;
  • DigiLa processes data only within the scope of the client's instructions;
  • the main information about such processing is provided in the client's privacy notice.

If an AI-assisted draft generation feature is used as part of DigiLa's client's service, the related processing is generally carried out on behalf of and under the instructions of DigiLa's client as controller. In such cases, DigiLa uses pseudonymized data, and the AI output is only a draft whose final content is reviewed and approved by a human.

Changes to the privacy notice

DigiLa may update this privacy notice from time to time if legislation, the service, or the organization of data processing changes. The current version will be published on DigiLa's website or otherwise made available to users in an appropriate manner.