Log in Free trial Watch a demo
In EnglishAuf DeutschEn Français
ENG
In English Auf Deutsch En Français

Last updated: 25.11.2025

This Privacy Policy explains how Scanbro OÜ (“we”, “us”, “our”), operating under the brand Invendor, processes personal data when you visit our website, interact with our content, or otherwise engage with us online.

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and applicable Estonian, EU, and UK data protection laws.

For customers using our software services, processing of personal data is further governed by the Data Processing Agreement (Annex 2 to our Terms of Service).

1. Controller

Scanbro OÜ
Registration number: 14224588
Address: Loomäe tee 1, 75306 Lehmja, Harju county, Estonia
Email: info@invendor.com

Data Protection Officer (DPO):
Joonas Püvi
Contact via: info@invendor.com

2. Personal Data We Collect

2.1. When you browse our website

Automatically collected via cookies and analytics tools:

  • IP address (anonymised when possible)
  • Device and browser information
  • Interaction data (pages visited, clicks, time spent)
  • Country/region estimation
  • Referring source

2.2. When you submit forms

  • Name
  • Email address
  • Company
  • Message content
  • Submission metadata

2.3. When you subscribe to our newsletter

  • Name
  • Email address
  • Company
  • Email engagement metrics (opens, clicks)

2.4. When you schedule a call via Calendly

  • Name
  • Email
  • Timezone
  • Message content
  • Calendly’s technical logs

2.5. When viewing embedded content

  • YouTube videos may set cookies or track user behaviour.

3. Purposes of Processing

3.1. Website operation and analytics

  • Running the website
  • Understanding user behaviour
  • Improving performance and content

3.2. Responding to inquiries

  • Handling messages or questions submitted via forms

3.3. Marketing communications

  • Sending newsletters via Mailchimp
  • Managing contacts in Pipedrive
  • Measuring campaign effectiveness

3.4. Scheduling calls

  • Allowing users to book meetings through Calendly

3.5. Compliance and security

  • Server logs
  • Preventing misuse
  • Ensuring platform integrity

4. Legal Bases (GDPR & UK GDPR)
Purpose and Legal basis:

  • Analytics & cookies: Consent
  • Newsletters: Consent
  • Responding to inquiries: Legitimate interest
  • Calendly booking: Consent
  • Security logging: Legitimate interest
  • Sales discussions or contracts: Performance of a contract

5. Cookies

The website uses Complianz | GDPR/CCPA Cookie Consent to manage cookie consent and scanning.

Cookies may originate from:

  • Google Analytics 4
  • Google Tag Manager
  • Hotjar
  • YouTube embeds
  • WordPress.com
  • Calendly

Users can withdraw or adjust consent at any time.

6. Data Sharing & Processors

6.1. Website hosting & base infrastructure

  • WordPress.com / Automattic – hosting, platform-level analytics
  • Complianz – cookie consent management

6.2. Analytics & behavioural tools

  • Google Analytics 4
  • Google Tag Manager
  • Hotjar
  • YouTube (Google LLC)

6.3. Marketing & CRM

  • Pipedrive OÜ – CRM storing contacts first
  • Mailchimp (Intuit Inc.) – newsletter distribution and analytics

Workflow:
Form submission → stored in Pipedrive → synced to Mailchimp → campaigns sent from Mailchimp.

6.4. Meeting scheduling

  • Calendly LLC

6.5. Email delivery

  • Your email service provider (e.g., Google Workspace) processes inbound form messages.

6.6. Software service users

  • For customers using Invendor products, processing is governed by the DPA (Annex 2) of the Terms of Service.

7. International Data Transfers

Some of our processors may transfer data outside the European Economic Area (EEA) or the United Kingdom.

We ensure compliance through:

  • EU Standard Contractual Clauses (SCCs)
  • UK-approved transfer mechanisms

Additional UK GDPR-compliant wording

For visitors from the United Kingdom, international data transfers are carried out in accordance with the UK GDPR and the UK’s approved transfer mechanisms, including the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as required by the Information Commissioner’s Office (ICO). Additional safeguards are applied when necessary.

No unlawful transfers are made.

8. Data Retention
Data type & Retention
Contact form submissions: Up to 24 months
CRM (Pipedrive) records: Duration of business relationship + 3 years
Newsletter subscribers: Until unsubscribed
Analytics data: Up to 26 months
Server logs: Up to 12 months
Calendly booking data: As per Calendly retention rules

9. Your Rights (EU & UK GDPR)

You may request:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of data (“right to be forgotten”)
  • Restriction of processing
  • Objection to processing
  • Withdrawal of consent
  • Data portability
  • Complaint to a supervisory authority

Supervisory authorities:

Contact: info@invendor.com

10. Security

We apply appropriate technical and organisational measures, including:

  • HTTPS encryption
  • Access controls
  • System monitoring
  • Security measures provided by WordPress.com and other processors

11. External Links

Our website may include links to external services. We are not responsible for their privacy practices.

12. Changes

We may update this Privacy Policy occasionally. Updated versions will appear on this page.