Vetedveted.eu

Privacy

Privacy Policy

Last updated: 2026-05-08

This Privacy Policy describes how Apraiz Europe OÜ ("Veted", "we", "us") collects, uses, and protects personal data when you use Veted.eu. We comply with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Estonian Personal Data Protection Act.

1. Data controller

The data controller responsible for your personal data under this policy is:

  • Apraiz Europe OÜ
  • Registered in Estonia
  • Tallinn, Estonia, European Union
  • Contact: privacy@veted.eu

2. What we collect

We collect the following categories of personal data, only to the extent needed for the purposes listed in section 3:

  • Account / contractor application data, name, business name, email, phone, address, licence number, insurance status, declared years in business.
  • Contact form data, name, email, subject, message body.
  • Public business data sourced from Google Places, business name, address, phone, website, photos, aggregate rating, and individual public reviews. We process this data as a controller for the purpose of operating the directory.
  • Server logs, IP address, user-agent, request path, timestamp. Held for 30 days for security and abuse prevention.
  • Analytics, aggregated, non-identifying page-view counts. We do not deploy advertising trackers.

3. How we use your data

  • Operate the directory, display verified contractor listings, search results, and AI-summarised reviews.
  • Vet contractor applications, verify licences against national registries, confirm insurance, summarise public reviews.
  • Respond to enquiries, process messages submitted via the contact form.
  • Service operations, security, abuse prevention, debugging.
  • Legal compliance, meet our obligations under EU and Estonian law.

We do not sell, rent, or share your personal data with advertisers or data brokers.

4. Legal bases (GDPR Art. 6)

  • Consent, for non-essential cookies and direct marketing.
  • Contract, for processing required to provide a paid contractor listing.
  • Legitimate interests, for operating the public directory, including processing of publicly-available business data sourced from Google, and for security logging. You can object at any time.
  • Legal obligation, for accounting, tax, and regulatory record-keeping.

5. Google Places data

Veted's directory pulls publicly-available business data and public reviews from the Google Places API. This includes the business name, address, phone, website, photos, aggregate rating, and review text and authors. We re-summarise reviews using AI, but we do not edit, hide, or fabricate review content.

If you are a business owner and want a Veted listing removed or corrected, write to privacy@veted.eu and we will action your request within 30 days. To remove the underlying Google data, you must also contact Google directly via your Google Business Profile.

6. Cookies

We use the smallest possible set of cookies:

  • Strictly necessary, session cookies for authenticated contractor accounts. No consent required.
  • Preferences, a localStorage entry recording your cookie-consent choice. No identifier sent off-device.
  • Analytics, only loaded after you consent. Aggregated, non-identifying.

You can withdraw consent at any time by clearing the "veted-cookie-consent" entry from your browser's storage.

7. Data retention

  • Active contractor accounts, retained while your listing is live and for 24 months after cancellation, then deleted unless legally required.
  • Contact-form messages, retained for 12 months.
  • Server logs, 30 days.
  • Aggregated, non-identifying analytics, indefinite.

8. Sub-processors

We use a small number of EU-aligned sub-processors to operate the service:

  • Railway (United States), application hosting and Postgres database. Standard Contractual Clauses in place.
  • Resend (United States), transactional email delivery.
  • Google LLC (Ireland for EU users), Places API for sourcing public business data.
  • Anthropic PBC (United States), AI summarisation of public Google reviews. Inputs are public review text only; no personal account data is shared.

9. Your rights (GDPR Art. 15-22)

You have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request erasure ("right to be forgotten");
  • Restrict or object to processing;
  • Data portability, receive your data in a structured, machine-readable format;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with your supervisory authority.

To exercise any of these rights, write to privacy@veted.eu or use the GDPR rights page. We respond within 30 days.

10. Supervisory authority

The supervisory authority for our processing in Estonia is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI):

If you are based in another EU member state, you may also lodge a complaint with your local data protection authority.

11. Changes to this policy

We update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent change. Material changes will be highlighted on the home page for 14 days.

12. Contact

For any privacy question, write to privacy@veted.eu.