Privacy Policy

Last updated: 2 May 2026

This Privacy Policy explains how Kialvo OÜ ("we", "us"), trading as Menford, processes personal data of visitors and users of menford.com (the "Site"), in accordance with Regulation (EU) 2016/679 ("GDPR") and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

1. Data Controller

  • Kialvo OÜ (trading as Menford)
  • Registered address: Sepapaja tn 6, 15551 Tallinn, Estonia
  • VAT code: EE102265251
  • Data Protection contact: info@menford.com

2. Personal Data We Collect

Proposal request form: name, company, email, website (optional), and message content.

Automatically collected via server logs: IP address, browser user-agent, referring URL, timestamp of visit.

Analytics (only if you accept analytics cookies): pseudonymised identifiers, pages visited, events, device category, and approximate location derived from IP (the full IP is not stored by Google Analytics 4).

3. Purposes and Legal Bases

  • Responding to proposal requests and other inquiries β€” Art. 6(1)(b) GDPR: performance of a contract or pre-contract measures.
  • Measuring Site usage via analytics β€” Art. 6(1)(a) GDPR: consent collected via the cookie banner.
  • Maintaining security and preventing abuse β€” Art. 6(1)(f) GDPR: legitimate interest.
  • Meeting legal, accounting, and tax obligations β€” Art. 6(1)(c) GDPR: legal obligation.

4. Recipients and Processors

We rely on the following processors under Art. 28 GDPR:

  • Vercel Inc. β€” website hosting (United States; EU-US Data Privacy Framework).
  • Cloudflare, Inc. β€” CDN and edge routing (United States; Standard Contractual Clauses).
  • Resend, Inc. β€” transactional email for the proposal request form (United States; Standard Contractual Clauses β€” Resend is not certified under the EU-US Data Privacy Framework).
  • Google Ireland Limited β€” Google Analytics 4 and Google Tag Manager (EU data centre; onward transfers to the US covered by the EU-US Data Privacy Framework).
  • Consently (consently.net) β€” cookie consent management.
  • n8n GmbH β€” workflow automation for post-submission processing of proposal requests (EU-hosted).

We do not sell personal data and we do not share data with third parties for their own marketing purposes.

5. International Transfers

Some processors are located outside the European Economic Area, primarily in the United States. Transfers rely on the EU-US Data Privacy Framework where the processor is certified, or on Standard Contractual Clauses approved by the European Commission.

6. Retention

  • Proposal request submissions: 24 months from the last contact, then deleted unless an active engagement is ongoing.
  • Server logs: up to 30 days.
  • Analytics data: 14 months (Google Analytics 4 default).
  • Accounting and tax records: for the period required by Estonian law (currently 7 years).

7. Your Rights

Under GDPR you have the right to:

  • Access your personal data (Art. 15).
  • Correct inaccurate data (Art. 16).
  • Request erasure (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time, without affecting prior processing.

To exercise any right, email info@menford.com. We respond within one month.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI), Tatari 39, 10134 Tallinn β€” www.aki.ee.

8. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

9. Children

The Site is not directed to children under 16 and we do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this policy to reflect changes in our services or applicable law. The "Last updated" date at the top reflects the most recent revision.