kohego

Privaatsuspoliitika

Privaatsuspoliitika

Viimati uuendatud: aprill 2026

Opiesti OÜ ("Kohego", "we", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Kohego platform, in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.

1. Vastutav töötleja

Opiesti OÜ
Tallinn, Estonia
Email: privacy@kohego.com

For data protection enquiries, please contact our Data Protection Officer at privacy@kohego.com.

2. Kogutavad andmed

We collect the following categories of personal data:

Account and Identity Data

  • Full name
  • Email address
  • Phone number (optional, used for booking notifications)
  • Profile photograph
  • Spoken languages
  • Self-written profile biography

Identity Verification Data (Providers)

  • Photo ID and selfie verification result (processed by our trusted identity verification partner, Didit). We receive a confirmation of identity; we do not store copies of your ID documents on our servers.
  • Criminal record extract (for babysitters and childcare providers, submitted by the Provider, retained for the duration of active service listings plus 1 year).

Service and Booking Data

  • Service categories and descriptions (Providers)
  • Booking details: dates, times, duration, service address, special instructions
  • Booking history and status
  • Reviews and ratings you give or receive

Payment Data

  • Payment card details are collected and processed directly by Stripe, Inc. We do not store raw card numbers. We retain a Stripe customer ID and the last 4 digits of your card for display purposes.
  • For Providers: bank account details collected by Stripe Connect for payouts (we do not store these details).
  • Transaction amounts, timestamps, and payout records.

Communication Data

  • Messages exchanged between Clients and Providers via the in-platform chat.
  • Support correspondence with Kohego.

Technical and Usage Data

  • IP address and approximate geolocation (derived from IP)
  • Device type, browser, and operating system
  • Pages visited, features used, and interaction timestamps
  • Authentication session tokens

Location Data

  • Approximate location (city / district level) used to display nearby Providers. Precise GPS coordinates are only used if you explicitly grant location permission in your browser.

3. Töötlemise õiguslik alus

We process your personal data on the following legal bases (GDPR Art. 6):

  • Performance of a contract (Art. 6(1)(b)): Processing necessary to provide you with platform access, facilitate bookings, process payments, and send booking-related communications.
  • Legitimate interests (Art. 6(1)(f)): Fraud prevention, platform safety, improving our services, detecting and preventing bypass of platform payment obligations, and sending relevant service updates.
  • Legal obligation (Art. 6(1)(c)): Retaining financial records for 7 years as required by Estonian accounting law (Raamatupidamise seadus).
  • Consent (Art. 6(1)(a)): Marketing emails (you may withdraw consent at any time), optional precise location sharing.

4. Kuidas kasutame teie andmeid

We use your data to:

  • Create and manage your account
  • Match Clients with suitable Providers
  • Process bookings and payments
  • Verify Provider identities and conduct background checks
  • Detect and prevent fraud, including attempts to bypass platform payment systems
  • Send transactional emails (booking confirmations, receipts, reminders)
  • Provide customer support
  • Improve the platform and develop new features
  • Comply with legal obligations

5. Andmete jagamine

We share data with the following third-party processors:

  • Stripe, Inc. (United States) — payment processing and Provider payouts. Stripe processes payment card and bank account data under its own privacy policy and is PCI DSS compliant. Transfers to the US are covered by Stripe's Standard Contractual Clauses.
  • Supabase, Inc. (United States) — database and authentication infrastructure hosting. Data is hosted in the EU (Frankfurt, Germany) region.
  • Resend, Inc. — transactional email delivery (booking confirmations, account notifications).
  • Didit — identity verification partner (photo ID and selfie verification). Your documents are processed securely and never stored on our servers.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We may share data with law enforcement or regulatory authorities when required by applicable law.

6. Andmete säilitamine

  • Account data: Retained for the lifetime of your active account. Upon account deletion, personal identifiers are removed within 30 days, except where longer retention is legally required.
  • Booking and payment records: Retained for 7 years from the transaction date, as required by Estonian accounting legislation.
  • Identity verification results: Retained for the duration of your active Provider account plus 1 year after account closure.
  • Chat messages: Retained for 2 years from the date of the relevant booking, then deleted.
  • Technical logs: Retained for 90 days.

7. Teie õigused (GDPR)

Under the GDPR (Articles 15–22), you have the following rights regarding your personal data:

  • Right of access (Art. 15): You may request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): You may correct inaccurate or incomplete data at any time via your profile settings or by contacting us.
  • Right to erasure / "right to be forgotten" (Art. 17): You may request deletion of your personal data where we no longer have a legal basis to retain it.
  • Right to restriction of processing (Art. 18): You may ask us to restrict how we use your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@kohego.com. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee).

8. Küpsised

We use cookies and similar technologies. For full details, see our Cookie Policy. In summary:

  • Essential cookies are used to maintain your authentication session and locale preference. These cannot be disabled without affecting platform functionality.
  • We do not use third-party advertising or tracking cookies without your explicit consent.

9. Rahvusvahelised edastused

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States (Stripe, Resend). Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an adequate level of protection for your data.

10. Andmekaitseametnik

Our Data Protection Officer can be contacted at:

Data Protection Officer
Opiesti OÜ, Tallinn, Estonia
Email: privacy@kohego.com

11. Poliitika uuendused

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a prominent notice on the platform at least 14 days before the changes take effect. The date of the most recent revision is shown at the top of this page.

Continued use of Kohego after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms.

Privaatsuspoliitika | Kohego