Privacy Policy

Fenestra’s privacy policy is hereby established and constitutes an integral part of any contracts concluded between you and Fenestra.

This privacy policy describe how Fenestra processes (incl. collection, use, disclosure, retaining, transfer, deletion, etc.) your personal data and informs you of your rights as a data subject.

Fenestra processes personal data in accordance with applicable legislation, incl. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation, GDPR). In matters not regulated by this privacy policy, Fenestra is guided by the legislation in force.

Please thoroughly examine the privacy terms before providing data to Fenestra, using the services or entering into contracts.

Processing personal data in Fenestra

The data controller is FENESTRA AS (registry code 10333205), registered office at Kaabli 23 a, 10112 Peetri small town, Rae rural municipality, Harju county, telephone +372 606 3260, e-mail:

What personal data is processed?

For what purpose are data processed?

Legal grounds for processing personal data

Personal data are processed for the purpose of performing a contract entered into with the customer. It is also necessary for performing legal obligations (such as accounting and the resolution of consumer complaints).

The processing of information takes place with the consent of the customer to send newsletters and information on customer surveys and/or offers.

To whom is personal data forwarded?

Personal data is forwarded to customer support to manage purchases and purchase history and to resolve any problems that customers may have.

The name, telephone number, delivery address and e-mail address are forwarded to the provider of transport and installation services.

If an outside service provider handles the accounting, the personal data is forwarded to that service provider to perform the accounting operations.

Personal data may be forwarded to IT service providers if this is needed to ensure the functionality of the website or to host data.

Security and access to data

Personal data is stored in Fenestra’s servers, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to countries whose data protection levels have been assessed as adequate by the European Commission and to companies in the United States that have joined the Privacy Shield framework.

Personal data can be accessed by Fenestra’s employees in order to resolve technical issues related to the use of the website and to provide customer support.

Fenestra takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.

Personal data are forwarded to Fenestra’s data processors (such as the providers of installation and data hosting services) and processed under contracts entered into between Fenestra and the processors. The processers must ensure appropriate safeguards when processing personal data.

Access to and rectification of your own personal data

You can access your personal data through customer support and send proposed modifications to

Withdrawal of consent

If personal data are processed on the basis of the customer’s consent, the customer has the right to withdraw their consent. To do this, send an e-mail to customer support

Retention of personal data

Proceeding from legislation, Fenestra has both the right and obligation to retain collected personal data. Fenestra never retains personal data for longer than necessary to meet its obligations, unless you have consented to further retainment and processing of your data. Fenestra generally retains your personal data for up to 10 years. Data in accounting documents are retained for seven years as required by law.

Deletion of personal data

Personal data deletion requests submitted by e-mail are responded to within no later than one month. Customer support identifies the person and indicates which personal data is to be deleted.

Transfer of personal data

Personal data portability requests submitted by e-mail are responded to within no later than one month. Customer support identifies the person and indicates which personal data is to be transferred.

Direct marketing messages

The e-mail address and telephone number are used for sending direct marketing messages if the customer has consented to receiving such messages.

If the customer no longer wants to receive direct marketing messages, the customer should contact customer service:

Where personal data is processed for the purposes of direct marketing (profiling), the customer has the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time. To do this, send an e-mail to customer support:

Dispute resolution

Disputes concerning the processing of personal data are settled through customer support by writing to

The supervisory authority is the Estonian Data Protection Inspectorate (

Links to other websites

Fenestra’s website includes links to websites of other companies or organisations, but Fenestra takes no liability for the contents of or the privacy and security measures implemented on such websites.

Acceptance of Fenestra’s Privacy Policy by customers

By using Fenestra’s services, customers confirm that they have examined our Privacy Policy and accept its terms and conditions.

If you have any comments and proposals about Fenestra’s Privacy Policy, please e-mail them to