Privacy & Cookie Policy
Last updated: June 2026
Effective date: June 2026
1. Introduction
At ChillaxGroup OÜ, operating as Hallpeer, we handle personal data with the same discretion we apply to everything else — carefully, deliberately, and only when necessary.
This Policy explains how we collect, use and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian data protection law.
Registered Office: ChillaxGroup OÜ Lasnamäe linnaosa, Lõõtsa tn 2a, 11415 Tallinn, Estonia Data enquiries: chillaxgr@gmail.com
2. Data We Collect
We collect only what is necessary to deliver our services and meet our legal obligations.
This may include identification data such as name and date of birth, contact information including address, email and phone number, payment information processed securely through third-party payment providers, service preferences and communication history, and technical data such as IP address and browsing behaviour on our website.
Where strictly necessary for event access, we may also collect sensitive data including nationality or medical conditions relevant to hospitality arrangements. This is always handled with explicit consent.
3. How We Collect Your Information
We collect personal data when you contact us directly by email, phone or through the website, engage us to source event access or hospitality, communicate with us regarding a booking, browse our website through standard analytics tools, or subscribe to receive communications from us.
We do not purchase data from third parties or use data brokers.
4. How We Use Your Data
We use your data to fulfil the services you have requested, process payments and manage bookings, meet our legal and tax obligations, improve our service based on legitimate interest, and send relevant communications where you have given consent.
We do not sell your data. We do not use your data for automated decision-making or profiling.
5. Legal Basis for Processing
We process your data on the following legal bases — contractual necessity when fulfilling a booking, legal obligation for tax and compliance purposes, consent for marketing communications and sensitive data, and legitimate interest for fraud prevention and service improvement.
6. Your Rights
Under GDPR you have the right to access your personal data, correct inaccurate information, request deletion where no legal obligation requires retention, restrict or object to processing, receive your data in a portable format, and withdraw consent at any time without affecting prior processing.
To exercise any of these rights, contact chillaxgr@gmail.com. We may request proof of identity before actioning your request.
7. Sharing Your Data
We share your data only where necessary — with event venues for guest list and access requirements, with hospitality and accommodation providers to fulfil your package, with payment processors operating under their own GDPR-compliant frameworks, and with professional services including legal and accounting advisors under confidentiality obligations.
We do not share your data with marketing agencies without explicit consent. In the event of a business transition, data may be transferred under strict contractual protections.
8. International Transfers
Where data is transferred outside the European Economic Area, appropriate safeguards are in place including Standard Contractual Clauses approved by the European Commission.
9. Data Retention
We retain personal data for as long as necessary to fulfil contractual and legal obligations — a minimum of six years for financial records in accordance with Estonian tax law. After this period, data is securely deleted or anonymised.
10. Cookies
Our website uses cookies to maintain basic functionality, understand how visitors navigate the site, and improve performance. We do not use aggressive advertising cookies or third-party tracking without your consent.
You can manage cookie preferences through your browser settings at any time. A cookie consent mechanism is presented on your first visit to the site.
For the full list of cookies and their purposes, see our Cookie Policy.
11. Data Security
We apply appropriate technical and organisational measures to protect your data, including SSL encryption for all data transmission and restricted access controls on all systems holding personal information.
Please note that email is not a secure channel for transmitting sensitive payment information.
12. Supervisory Authority
If you have concerns about how we handle your data, you may contact the Estonian Data Protection Inspectorate:
- Tatari 39, 10134 Tallinn
- info@aki.ee
- +372 627 4135
You may also use the EU's Online Dispute Resolution platform at ec.europa.eu/consumers/odr.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated via the website. Continued use of our services constitutes acceptance of the revised Policy.