Last updated: 9 June 2025
This Privacy Policy explains how Qlanq OÜ (registry code 17226837, J. Vilmsi tn 47, 10115 Tallinn, Estonia) (“Qlanq”, “we”, “our”, “us”) collects, uses, stores and protects your personal data when you visit farlango.com (the “Site”) or book any speaking or writing session (together, the “Service”).
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable laws.
If you have questions, you can reach us at [email protected] or the postal address above.
1. What data we collect
| Category | Typical examples | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account & Identity Data | Name, email, password hash, preferred language, timezone | Contract performance (Art 6 (1)(b)) |
| Booking & Session Data | Chosen language level, session topic, date/time, facilitator name, meeting links; optional session recordings | Contract performance; Legitimate interest to improve the Service (Art 6 (1)(f)) |
| Payment Data | Transaction ID, last four digits of card, billing address (handled by payment processor e.g. Stripe) | Contract performance; Legal obligation for accounting (Art 6 (1)(c)) |
| Communications | Emails, chat messages, support tickets, feedback forms | Legitimate interest to reply & improve (Art 6 (1)(f)) |
| Usage & Device Data | IP address, browser type, device ID, pages visited, session duration, clicks | Legitimate interest for security & analytics (Art 6 (1)(f)) |
| Marketing Preferences | Your opt-in/opt-out choices for newsletters | Consent (Art 6 (1)(a)) |
We do not intentionally collect special-category data (Art 9 GDPR). Please avoid sharing sensitive information during sessions unless strictly necessary.
2. Why we use your data
- Provide the Service – create your account, schedule sessions, connect you with facilitators and send confirmations.
- Process payments – handle invoices, VAT calculations and fraud prevention.
- Improve & secure – monitor performance, analyse aggregated usage and prevent misuse.
- Customer support – answer questions, resolve issues and record quality-assurance calls.
- Marketing – send optional product updates or promotions (you can unsubscribe at any time).
- Legal compliance – fulfil tax, bookkeeping and other statutory obligations.
We never sell your personal data.
3. Cookies & analytics
The Site uses:
- Essential cookies – required for log-in, session routing, and security.
- Analytics cookies (e.g. Plausible or Google Analytics) – set only when you give consent via our cookie banner. They help us understand visit patterns in anonymised form.
You can delete cookies in your browser or adjust your preferences in the banner at any time.
4. Sharing & processors
We share data only with trusted third parties that act as processors under written agreements:
| Processor | Purpose | Safeguards |
|---|---|---|
| Stripe / PayPal | Payment processing | GDPR-compliant SCCs, PCI-DSS certified |
| Amazon Web Services | Cloud hosting | EU data centres, ISO 27001 |
| Jitsi / Zoom / Google Meet / Microsoft Teams | Video conferencing | EU routing where possible, end-to-end encryption options |
| Help Scout / Intercom | Customer support | EU–US Data Privacy Framework or SCCs |
| Email delivery (Postmark, SendGrid) | Transactional emails | SCCs & ISO 27001 |
If we transmit data outside the EEA, we rely on (i) an adequacy decision, (ii) Standard Contractual Clauses, or (iii) the EU–US Data Privacy Framework.
We may also disclose data when required by law or to protect our rights.
5. Retention
- Account data – kept while your account is active. If you delete the account, we erase or anonymise data within 30 days unless legal retention (e.g. tax rules) requires longer.
- Payment records – stored for 7 years under Estonian accounting law.
- Session recordings – retained for up to 90 days (or shorter if you request deletion sooner) for quality assurance and dispute resolution.
- Marketing opt-out lists – kept indefinitely to honour your choice.
6. Your rights
You may exercise the following rights at any time (free of charge, within one month):
- Access – obtain a copy of the personal data we hold about you.
- Rectification – correct inaccurate or incomplete data.
- Erasure (“right to be forgotten”) – delete your data when no longer needed or if processing is unlawful.
- Restriction – pause processing while a complaint is investigated.
- Portability – receive data in a machine-readable format or have it sent to another controller.
- Object – object to processing based on legitimate interest or direct marketing.
- Withdraw consent – where processing relies on consent (e.g. analytics cookies).
To exercise any right, email [email protected].
If you believe your data is mishandled, you can lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.
7. Children’s data
Farlango is not directed at children under 16. If we learn that we have inadvertently collected personal data from a child, we will delete it promptly.
8. Security
We use industry-standard safeguards: encryption in transit (TLS 1.2+), hashed passwords (bcrypt), least-privilege access controls, and regular penetration tests. No system is 100 % secure, but we work continuously to protect your data.
9. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
10. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be announced at least 14 days in advance by email or prominent notice on the Site. Continued use after the effective date constitutes acceptance.
11. Contact
Qlanq OÜ
J. Vilmsi tn 47, 10115 Tallinn, Estonia
Email: [email protected]