Mardi Farm
Theme Park & Accommodation
Book Now

Privacy Policy

1. Controller

The Privacy Policy governs the processing of personal data, the controller of which is Kamm Ettevõtmiste OÜ (commercial register code: 10526364, address: Mardi talu, Karala village, Saaremaa). In case of questions or complaints, please contact us at the e-mail address mart.maastik@gmail.com.

2. Personal data collected

Our website and services involve the processing of certain personal data, including, but not limited to:

name and contact details (telephone, e-mail), which are necessary to manage reservations and inquiries;

place of residence (if necessary for issuing an invoice);

payment and billing details related to the provision of accommodation services;

additional information provided during the reservation or inquiry (such as wishes or special requests).

In addition, our website automatically collects certain information about your visit (e.g. IP address, browser type, time of visit, pages used), which helps to improve the functionality and user experience of the site.

3. Purposes of data processing

Personal data is used for the following purposes:

Management of reservations and inquiries – to conclude and fulfill contracts for accommodation or additional services;

Billing and fulfillment of legal obligations – to issue invoices and meet accounting requirements;

Customer service – to answer questions, confirm reservations and provide service-related information;

Marketing (e.g. newsletters) – only based on the consent of customers, which can be withdrawn at any time;

Analysis and improvement of the website – to monitor usage statistics, optimize content and improve the user experience (including the use of cookies).

4. Legal basis

We process personal data in accordance with the European Union General Data Protection Regulation (GDPR) as follows:

For the performance of a contract (art. 6(1)(b)) – data necessary for the provision of services;

Based on legitimate interest (art. 6(1)(f)) – to ensure the security and analysis of the website;

For the performance of a legal obligation (art. 6(1)(c)) – for example, accounting obligations;

Based on consent (art. 6(1)(a)) – to send marketing materials.

5. Data retention and security

We retain personal data for as long as necessary to fulfill the purposes or to comply with legal obligations. We implement reasonable technical and organizational measures to protect personal data from unauthorized access and processing. We only transfer data to third parties if this is necessary for the performance of contracts (e.g. payment service providers) or if required by law.

6. Data subject rights

You have the right to:

request access to your personal data and rectify inaccurate data;

request the deletion of data (“right to be forgotten”), if there is no other legal basis for the processing;

restrict the processing of data in certain cases;

receive your data in a structured and machine-readable format and transmit it to another service provider;

object to the processing of personal data based on legitimate interest;

withdraw your consent if the data is processed on the basis of consent.

We will respond to all inquiries and requests within 30 days. If you find that our activities violate your privacy rights, you have the right to contact the Data Protection Inspectorate.

7. Use of cookies

The website may use cookies to provide a more user-friendly service and to analyze the use of the website. Cookies are small text files that are stored on the user’s device. If you do not want to save cookies, you can disable the use of cookies in your browser settings. In this case, some of the website’s functions may be limited.

8. Changes to Privacy Policy

We reserve the right to change this Privacy Policy. The latest version of the policy always applies when using the website. Updates will be published on this page and we will also inform customers of significant changes in other ways (e.g. by email).