Privacy Policy

Last updated: March 10, 2026

1. Introduction

This Privacy Policy describes how Zenithal OÜ (registry code: 17392984), operating under the brand name Whitegallo("Company", "We", "Us", or "Our"), collects, uses, stores, shares, and protects personal data when You ("You", "Your", or "User") visit or use the website located at https://whitegallo.com (the "Website"). We are committed to protecting Your privacy and processing Your personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the "General Data Protection Regulation" or "GDPR") and all other applicable data protection laws. By accessing or using the Website, You acknowledge that You have read and understood this Privacy Policy. If You do not agree with this Privacy Policy, please do not use the Website. This Privacy Policy applies only to data collected through the Website. If You use our payment gateway services under a separate service agreement, additional privacy terms specific to those services may apply as set out in that agreement.

2. Data Controller

The data controller responsible for Your personal data is: Zenithal OÜ Ahtri tn 12, Kesklinna linnaosa, Tallinn, Harju maakond, 10151, Estonia Registration No: 17392984 VAT No: EE102961380 Email: gdpr@whitegallo.com For all data protection related inquiries, You may contact us at gdpr@whitegallo.com.

3. Personal Data We collect

We may collect and process the following categories of personal data:

  • Information You Provide Directly When You contact us, submit forms, request information, or otherwise interact with the Website, we may collect Your name, email address, phone number, company name, job title, and the content of Your message or inquiry.
  • Information Collected Automatically When You visit the Website, we automatically collect certain technical and usage data, including Your IP address, browser type and version, operating system, device type, screen resolution, referring website URL, pages visited on the Website, date and time of Your visit, duration of Your visit, and clickstream data.
  • Cookies and Similar Technologies We use cookies and similar tracking technologies to collect certain information automatically. Please refer to our Cookie Policy for detailed information about the cookies we use and how to manage Your preferences.

4. Purposes and Legal Bases for Processing

We process Your personal data for the following purposes and on the following legal bases under Article 6(1) of the GDPR:

  • To respond to Your inquiries and requests These cookies are necessary for the website to function properly. They enable core features such as page navigation, security, and access to protected areas of the website. We process Your contact information and message content to respond to questions, provide information about our services, and communicate with You. The legal basis is our legitimate interest in responding to inquiries (Article 6(1)(f) GDPR), or performance of precontractual measures at Your request (Article 6(1)(b) GDPR).
  • To operate and improve the Website These cookies help us understand how visitors interact with our website by collecting anonymous usage data. We process technical and usage data to ensure the proper functioning, security, and performance of the Website, to analyse usage patterns, and to improve user experience. The legal basis is our legitimate interest in maintaining and improving the Website (Article 6(1)(f) GDPR).
  • To ensure security We process technical data to detect and prevent fraud, unauthorised access, and other security threats. The legal basis is our legitimate interest in protecting the Website and its users (Article 6(1)(f) GDPR).
  • To comply with legal obligations Security cookies help detect suspicious activities, prevent fraud, and protect the integrity of our platform. We may process Your data where required by applicable law, regulation, or legal process. The legal basis is compliance with a legal obligation (Article 6(1)(c) GDPR).
  • To send marketing communications Where You have given Your explicit consent, we may send You newsletters, promotional materials, or information about our services. The legal basis is Your consent (Article 6(1)(a) GDPR). You may withdraw Your consent at any time by contacting us at gdpr@whitegallo.com or using the unsubscribe link in any marketing email.

5. Data Sharing and Recipients

We do not sell Your personal data. We may share Your personal data with the following categories of recipients only to the extent necessary for the purposes described in this Privacy Policy:

  • Service providers and processors Third-party companies that provide services on our behalf, such as website hosting, analytics, email delivery, and IT support. These providers are contractually obligated to process Your data only on our instructions and in accordance with applicable data protection laws.
  • Professional advisors Lawyers, auditors, accountants, and other professional advisors where necessary for the exercise or defence of legal claims or for compliance purposes.
  • Authorities and regulators Government authorities, law enforcement agencies, or regulators where required by applicable law, regulation, or legal process.
  • Business transfers In the event of a merger, acquisition, reorganisation, or sale of assets, Your personal data may be transferred to the successor entity, subject to the same privacy protections described in this Privacy Policy.

6. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place in accordance with the GDPR, such as Standard Contractual Clauses approved by the European Commission (Article 46(2)(c) GDPR), an adequacy decision by the European Commission (Article 45 GDPR), or other appropriate safeguards as permitted under applicable law. You may request further information about the safeguards in place by contacting us at gdpr@whitegallo.com.

7. Data Retention

We retain Your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and applicable legal requirements. In general, contact inquiry data is retained for up to 2 years from the date of the last communication; technical and usage data is retained for up to 12 months; and marketing consent records are retained for the duration of the consent plus 1 year after withdrawal. When personal data is no longer required, we will securely delete or anonymise it.

8. Data Security

We implement appropriate technical and organisational measures to protect Your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), access controls and authentication mechanisms, regular security assessments, and staff training on data protection. While we strive to protect Your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

9. Your Rights

Under the GDPR, You have the following rights with respect to Your personal data:

  • Right of access (Article 15 GDPR) You have the right to request confirmation of whether we process Your personal data and to obtain a copy of that data.
  • Right to rectification (Article 16 GDPR) You have the right to request the correction of inaccurate personal data or the completion of incomplete data.
  • Right to erasure (Article 17 GDPR) You have the right to request the deletion of Your personal data where there is no compelling reason for its continued processing.
  • Right to restriction of processing (Article 18 GDPR) You have the right to request that we restrict the processing of Your personal data in certain circumstances.
  • Right to data portability (Article 20 GDPR) You have the right to receive Your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to object (Article 21 GDPR) You have the right to object to processing based on legitimate interests, including profiling. You also have the right to object to processing for direct marketing purposes at any time.
  • Right to withdraw consent (Article 7(3) GDPR) Where processing is based on Your consent, You have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
  • Right to lodge a complaint You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority in Estonia is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia, website: www.aki.ee.

To exercise any of Your rights, please contact us at gdpr@whitegallo.com. We will respond to Your request within one (1) month of receipt. This period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests.

10. Children's Privacy

The Website is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without appropriate consent, we will take steps to delete such data promptly. If You believe that we may have collected data from a child, please contact us at gdpr@whitegallo.com.

11. Third-Party Links

The Website may contain links to third-party websites. This Privacy Policy does not apply to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage You to read the privacy policies of any third-party website You visit.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last updated" date. We encourage You to review this Privacy Policy periodically. Your continued use of the Website following the posting of changes constitutes Your acceptance of those changes. Where required by applicable law, we will notify You of material changes before they take effect.

13. Contact Us

If You have any questions, concerns, or requests regarding this Privacy Policy or the processing of Your personal data, please contact us at: Zenithal OÜ Ahtri tn 12, Kesklinna linnaosa, Tallinn, Harju maakond, 10151, Estonia Email: gdpr@whitegallo.com