Privacy Policy

Last Updated: 27/09/2022

Falbrock OÜ DBA Suppama (“We”, “Us”, “Our”) takes User and/or Client (“You” or “Your”) privacy seriously and provides this Privacy Policy to clarify best practices since they relate to information collected through our website, www.suppama.com (“Site”) and or App (the “App”) and/or any of the following subdomains such as https://app.suppama.com, https://courses.suppama.com owned by the Company and linked to Services and/or Goods offered by Us.


This Privacy Policy (the “Privacy Policy”) explains what information we collect from you, why we collect the data and the way we handle the data we receive from you.

The Privacy Policy is construed in accordance with the data protection legislation together with any implementing regulations, that set highest standards of personally identifiable data collection, processing, retention, and deletion.

This Privacy Policy sets out and implements key principles of data protection laws:

  1.   Lawfulness;
  2.   Fairness and transparency;
  3.   Purpose limitation;
  4.   Data minimization;
  5.   Accuracy;
  6.   Storage limitation;
  7.   Integrity and confidentiality (security);
  8.   Accountability.

We only collect the personal data we actually need for our specified purposes.

We periodically review the data we hold and delete anything we don’t need.

We may update this Policy from time to time and we will post updates together with the most recent date of modification. We encourage you to check this Privacy Policy frequently for such updates.


a) Personal Data

Personal Data is any information relating to an identified or identifiable individual; An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural, social identity or in any other manner.

b) Data Processing

  Data processing involves any action performed on a piece of data, automated or otherwise. Data processing includes collecting, compiling, storing, organizing, or sharing data.

c) Data Collector

  Data Controller is natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

d) Data Processor

Data Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

e) Pseudonymization

Pseudonymization means replacing any information which could be used to identify an individual with a pseudonym, or, in other words, a value which does not allow the individual to be directly identified.

f) Consent

Consent of the data subject means any freely given, specific informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

g) Personal Data Breach

A breach of security that caused accidental or intentional loss, destruction, disclosure or access to processed or transmitted personal data.

h) Third Party

A natural or legal person that is not the controller or the processor, but who is  authorized by them to process personal data.


i) Profiling

Any automated processing that uses personal data to evaluate personal aspects and predict future actions and aspects.


  1. Collection of your Personal Information 

When you register, we collect the following information:

a) First Name and Family Name

b) Email address

c) Phone number

d) Geographic Location/Country and Zip Code

e) Customer ID for Stripe/Payment processing Purposes

f)   Last four digits of Credit Card

We may collect additional information in reference to your use of the Site and/or App.

For Service Fee (“Fee”) purposes, you provide your Payment Card information directly to the Payment Processor “Stripe”, which processes payments on our behalf.

Stripe uses this payment information in accordance with its Privacy Policy.  Additionally, Stripe provides us with some limited data associated with you, which we may use to handle operational issues.

We recommend and encourage you to consider carefully the data you disclose.

Please don’t share sensitive information (such as national identity numbers, religious denomination, health details, etc.) and/or when shared, please consider disclosing such an information carefully.

  1. Information Use and Processing

We use personally identifiable information (the “Personal Information”) so as to confirm that our Users receive quality services.

We collect Personal Information via the Site and/or App only to the extent that such information is provided by Users who voluntarily make a submission, subscribe and use our Services and/or Goods.

We may use your Information to:

a) Contact you;

b) Offer our services, products and new features;

c) Conduct research, develop or fix Site and/or App for the User experience enhancement purposes;

d) Personalize the Site and/or App for you;

e) Protect our legal rights and enforce our policies.

f)   Respond to your inquiries and communicate with you.

g) Confirm your eligibility to use our Site and/or App;

h) Provide technical support to Users and make sure that the Site and/or App is secure for the users;

i)   Verify Users’ identity to restrict unauthorized and fraudulent use of our Services and/or Goods.

j)   Accept and administer payments/fees from users or to send you transaction receipts for your use of the Site and/or App.

k) Prevent breaches of our terms and policies or to restrict harmful or illegal activity;

We may additionally use your Personal Information in other ways naturally related to the circumstances during which you provided the information.

We require users to verify their accounts and might request additional data. We collect and use such data on the basis of our legitimate interests to identify you as a person at least 18 years old and to ensure that your account details are kept up to date.

We will only process your personal information where we have legitimate legal grounds for doing so i.e. your prior consent.

We might process data based on your consent/permission (for instance, where you provide us with marketing consents), which can be withdrawn at any time by contacting us at the email address: info@suppama.com

We work hard to enhance the Site and/or App and add functionality, which we think will make it safer and more useful. New features may involve similar uses of your data to those determined above.

We regularly review data processing practices and will keep you updated if we decide to change anything. 

  1. Notifications

We may send you information we think you may find useful including newsletters or instructional content related to the services we provide to you.

You can opt-out of receiving further notifications or emails if you wish and please contact us regarding this matter at the following email: info@suppama.com

  1. Information Collected Automatically

When you visit our Site and/or App, our servers may automatically record information that your device sends whenever you visit the Site and/or App (“Log Data”). This Log Data may include information such as computer’s/device’s Internet Protocol (the “IP”) address, browser type, access times and dates, and other statistics. We may use this information to monitor and analyze the Site and/or App and to increase our Site’s and/or App’s functionality and user-friendliness, hence to better tailor them to our users’ needs. 

We do not treat Log Data as Personal Information or use it in association with it, though we may aggregate, analyze and evaluate such Information. 

Each time you open the Site and/or App, we collect information about how and when you use it (such as the time and dates, searches, features and results you select, pages visited, Site and/or App crashes, length of visit, buttons and links you click on and other system activity). We use this information to improve the Site and/or App. 

  1. Who Controls Your Personal Information?

Falbrock OÜ DBA Suppama with a registration code 12026140, address: Tammepõllu tee 17-17, 74001, Haabneeme, e-mail: info@suppama.com, is a Controller of all personal data collected and used for the purposes of providing Site and/or App for any other purposes set out in this Privacy Policy. This means that We are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely. 

  1. How We Share Information

We will not share, sell, distribute or otherwise disclose any of the Personal Information collected through the Site and/or App, except as described in this Privacy Policy or with your consent. 

We may engage third party companies and individuals to perform services on our behalf, including without limitation, to facilitate our Site and/or App and perform Site-related services (e.g., without limitation, maintenance services, database management, analytics and improvement of the features) or to assist us in analyzing how our Site and/or App is used. These third parties may have access to your Personal Information. We do not authorize these third parties to use your information for any purpose other than to provide the above services. 

We may also disclose information about you that we have collected to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Suppama or any third parties, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being illegal or unethical.

Where there is an investigation into alleged criminal behavior or to protect the vital interests of a person, we will cooperate with law enforcement enquiries. This may include preserving or disclosing any of your information, if we believe in good faith that it is necessary to comply with laws or regulations, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, request, etc.

We reserve the right to transfer information we have about you and that we have collected via the Site and/or App in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to try to require that the transferee use Personal Information you have provided through our Site in a manner that is consistent with this Privacy Policy.

In the event that Suppama undergoes a business transition or change of ownership, such as a merger or acquisition by another company, or in the event of insolvency, we may be required to disclose your personal data. Any changes to this Privacy Policy during the process will be communicated with you through email.


  1. Third Parties

From time to time, we may share information with third parties to improve the Site and/or App and enhance user experience.

We may link our Site and/or App to third party sites. We are not responsible for the content, privacy practices or products offered on any such third-party Sites. Please note that we do not and cannot monitor the privacy practices of these third-party Sites and that this privacy policy applies solely to information which we collect through our Site and/or App. You should review the privacy policy of any third-party site you visit through a link on our Site and/or App before using that third party Site. Contrary, we take reasonable measures to select trustworthy third parties or processors. 

To the extent possible, we pseudonymize (remove information that identifies you) and minimize the data we send to them. 

  1. Children’s Information

We do not knowingly collect Personal Information from children under age 18. If a parent or guardian becomes aware that his or her child has provided us with such information without their consent, he or she should contact us at info@suppama.com and upon receiving such an email we will remove data and terminate the child’s account.

If you are under 18, do not enter information on our Site and/or App. Thus, we encourage parents and legal guardians to monitor their children’s internet use and to help enforce our Privacy Policy by instructing their children never to provide personal information on our Site without their permission. 

We do not specifically market to children under 13.

  1. Information Security

We maintain administrative, technical, and physical safeguards for the Site and/or App designed to protect against loss, misuse, or unauthorized access, disclosure, alteration or destruction of the Personal Information we collect through the Site and/or App. However, we cannot guarantee that any information collected is perfectly secure. While we perform reasonable due diligence in selecting third party providers associated to processing and data handling.

Regardless of where you are located, Suppama collects information, and processes and stores that information in databases stored on servers located in the European Economic Area.

We place great importance on the security of all information associated with our users and store such information securely with SSL Security mechanism. 

Keep in mind that submission of information over the internet and mobile networks is never entirely secure. We cannot guarantee the security of information you submit via the Site and/or App whilst it is in transit over the internet or mobile networks and any such submission is at your own risk. But we recommend the following:

a) Don’t share credit card details, social media passwords or any other details with anyone else.

b) Make sure you log out of the Site and/or App when you stop using it. 

c) If you ever think someone has had access to your account, please report it to us and change password immediately.

  1. How Long We Keep Your Information

By providing you with products or services, we create records that contain your information, such as customer account records, payment and activity records. We manage our records to help us to serve our users in an efficient way and to comply with legal and regulatory requirements.

How long we keep records depends on the type of record, the nature of the activity, product or service and the applicable legal and regulatory requirements. How long we retain your information may change based on business or legal and regulatory requirements. If you are our Site and/or App User, we keep most of your data as long as you’re using the Site and/or App and for six years after that to comply with the law and/or if we face a legal challenge. In some circumstances, we may keep data longer if we need to due to our legitimate interests and/or if the law requires. 

Unless a longer retention period is required or permitted by law, we will only hold your Personal Information on our systems for the period necessary to fulfill the purposes outlined in this Policy, or until you request that the information be deleted in accordance with your right of erasure. 

Even if we delete your Personal Information, we reserve the right to maintain a copy for legal, tax or regulatory purposes, but in such an event, we will do so only as long as necessary to fulfil those purposes. Please contact us via info@suppama.com for more information.

Information that you submit via the Site and/or App is sent to and stored on secure servers located in the European Economic Area (EEA). Information submitted by you may be transferred by us to the third parties in the circumstances, which may be situated outside the EEA (for instance United Kingdom, United States, etc.) for Site maintenance purposes.

We keep your personal information as long as we need it for legitimate purposes and as permitted by applicable law. We delete or pseudonymize (remove information that identifies you) your information upon deletion of your account (following the safety retention window), unless: 

a) We must keep it to comply with applicable law (for instance: “traffic data” retention period is 1 year)

b) We must keep it to evidence our compliance with applicable law (for instance, records of consents to our Terms, Privacy Policy and other similar consents are kept for six years)

c) There is an issue, claim or dispute requiring us to keep the relevant information until it is resolved.

  1. Legal Rights

Legal basis of processing Personally Identifiable Information is the Consent of the User.

When you are using our Site and/or App you have the following rights:

Right to be informed: what personal data an organization is processing and why (we provide this information to you in this Privacy Policy).

Access: You have a legal right to request access to a copy of the personal information we have collected. In order to do this, contact us at info@suppama.com

Deletion: We store your personal information for as long as necessary to provide our services and products. You have the right to request deletion of your Personal Information if you believe we no longer need it for the purposes for which it was provided. Note that we might keep a record of your request in order to ensure compliance with legal obligations. In order to request deletion of your account, contact us at info@suppama.com

Right of rectification: if the data held is inaccurate, you have the right to have it corrected. For such requests, contact us at info@suppama.com

Marketing opt-out: You have the right at any time to prevent the use of your Personal Information for direct marketing purposes. If you no longer want to receive marketing messages, please let us know by writing to us at info@suppama.com

Right to object to us processing information: You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing. If you make a request to exercise your right to object, if we have legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data. For such requests, contact us at info@suppama.com

Right to data portability: you can request a copy of your data in a machine-readable form that can be transferred to another service provider. For such requests, contact us at info@suppama.com

Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process. For such requests, contact us at info@suppama.com

California Online Privacy Protection Act


CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. See more at: https://consumercal.org/california-online-privacy-protection-actcaloppa/#sthash.0FdRbT51.dpuf.

According to CalOPPA we agree to the following:

a) Users can visit our site anonymously.

b) Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website and/or App.

c) Our Privacy Policy link includes the word ‘Privacy,’ and can easily be found on the page specified above.

d) Users will be notified of any privacy policy changes on our Privacy Policy Page.

e) Users are able to change their personal information by emailing us and/or by logging into their account.


How does our site handle do-not-track signals? We honor do-not-track signals and do not track, plant cookies, or use advertising when a Do-Not-Track (DNT) browser mechanism is in place.

Fair Information Practices

The Principles of Fair Information Practices form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Principles of Fair Information Practices and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

f) We will notify the users via email within seven (7) business days.

g) We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law.

h) This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.



The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

1) Send information, respond to inquiries, and/or other requests or questions.

2) Process payment related data and to send information and updates pertaining to it.

3) We may also send you additional information related to your product and/or service.

4) Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.


To be in accordance with CAN-SPAM we agree to the following:

5) Not to use false, or misleading subjects or email addresses.

6) Identify the message as an advertisement in some reasonable way.

7) Monitor third-party email marketing services for compliance, if one is used.

8) Honor opt-out/unsubscribe requests quickly and allow users to unsubscribe by using the link at the bottom of each email. If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email, and we will promptly remove you from all correspondence.

  1. Updating Your Information

If you would like to update your Personally Identifiable Information, please contact us by emailing at info@suppama.com

Also, you can request at any time to permanently delete your account. Upon receiving your request, we will deactivate your account and we will take reasonable efforts to make sure it is no longer viewable on the Site and/or App. For up to 30 days, it is still possible to restore your account if it was accidentally or wrongfully deactivated. After 30 days, we begin the process of deleting your account from our systems. 

If you have questions about this Privacy Policy, please email your question or comment and write to us at the following address: info@suppama.com

We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact us at the following address info@suppama.com

If we make a change to this policy, we will notify you via email associated with your account or by posting a notice within the Site and/or App. By continuing to access or use the Site and/or App after those changes become effective, you agree to be bound by the revised Privacy Policy. 

  1. Cookies

We use cookies (the “Cookies”). Cookies are small files, often including unique identifiers that web servers send to browsers. These cookies then can be sent back to the server each time your browser requests a new page. It’s a way for a website and/or App to remember you, your preferences, and your habits online.

Through cookies We provide more user-friendly services that would not be possible without them and hence it helps us to identify users of our Site and/or App.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your browser.

By using our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on our Site for analytics and for marketing purposes.

Before Cookies are placed on your computer or device, you will be shown a banner requesting your consent to accept or reject those Cookies.

Where required, we enable you to reject the use of certain cookies for purposes such as advertising and analytics and research, by visiting your cookie settings, without affecting the lawfulness of processing based on your consent before its withdrawal.

  1. How to Get in Touch with Us

Please submit any questions, concerns or comments you have about this Privacy Policy or any request concerning your personal data by email to info@suppama.com