Privacy Policy

1. Introduction

This Privacy Policy explains how Lubera OÜ, a private limited company established in the Republic of Estonia ("Lubera", "we", "us"), processes personal data in connection with the Tervita platform, also marketed as "Pestarzt", and the website tervita.ee (the "Platform").

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act. This policy describes what data we process, why, on what legal basis, with whom we share it and what rights you have.

2. Our Role: Controller and Processor

We act in two different roles depending on the data:

  • Controller. For personal data of account holders, Authorised Users and website visitors — such as registration details, billing information and usage data — Lubera is the data controller.
  • Processor. When a business customer (a clinic, salon or other service business) uses the Platform to manage its own clients, that business is the controller of its clients' ("End Clients'") personal data, and Lubera acts as its processor. We process such data only on the documented instructions of the business customer in order to provide the Platform. If you are an End Client, please direct privacy requests to the business you booked with; we will assist that business as its processor.

3. Personal Data We Process

Depending on how the Platform is used, we may process:

  • Account data: name, email address, phone number, organisation, role and login credentials of account holders and Authorised Users.
  • Booking data entered by business customers about their End Clients: name, contact details, appointment date and time, selected services and any notes the business chooses to record.
  • Billing data: subscription plan, invoicing details and payment status (card details are handled by our payment providers, not stored by us).
  • Communications: messages you send us, support requests and booking notifications.
  • Technical and usage data: IP address, device and browser information, log data and cookie identifiers (see our Cookie Policy).

The Platform does not require special-category (e.g. health) data to function. Any such data that a business customer chooses to record about its End Clients is entered under that business's own responsibility as controller.

4. Purposes and Legal Bases

As controller, we process personal data for the following purposes and legal bases:

  • To provide, operate and maintain the Platform and your account — performance of a contract.
  • To secure the Platform, prevent fraud and abuse, and keep records — our legitimate interests and, where applicable, legal obligations.
  • To communicate with you about your account, service changes and support — performance of a contract and legitimate interests.
  • To comply with legal, accounting and tax obligations — compliance with a legal obligation.
  • To improve and develop the Platform — our legitimate interests, using data in an aggregated or minimised form where possible.
  • To send optional product updates or marketing to account holders — consent or legitimate interests, and you can opt out at any time.

Where we act as processor for a business customer's End Client data, we process that data only to provide the Platform and on the business customer's documented instructions.

5. Cookies

We use strictly necessary cookies to keep you signed in and to remember your language preference, and limited functional cookies. We do not use advertising cookies. For details, see our Cookie Policy.

6. Sharing and Sub-Processors

We do not sell personal data. We share personal data only with service providers who process it on our behalf under a contract, and where required by law. Our main categories of sub-processors are:

  • Cloud hosting and database infrastructure (to store and serve Platform data);
  • Content delivery and edge networking (to deliver the Platform securely and reliably);
  • Email delivery (to send booking confirmations and account notifications);
  • SMS and payment providers, where those features are enabled by a business customer.

We may also disclose personal data where necessary to comply with the law, enforce our agreements, or protect the rights, safety and security of Lubera, our customers or others.

7. International Data Transfers

We aim to process personal data within the European Union / European Economic Area. Where a sub-processor processes data outside the EEA, we ensure appropriate safeguards are in place, such as an adequacy decision of the European Commission or the EU Standard Contractual Clauses.

8. Data Retention

We keep account and related personal data for as long as your account is active and as needed to provide the Platform. After an account is closed, we delete or anonymise personal data within a reasonable period, except where we must retain certain data to comply with legal obligations (for example, accounting records, which Estonian law generally requires to be kept for seven years).

End Client data entered by a business customer is retained in accordance with that customer's instructions and settings, and deleted or anonymised when no longer needed or on the customer's request.

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption of data at rest, role- and row-level access controls, least-privilege access and monitoring. No system is completely secure; if a personal-data breach affects your data, we will act and notify affected parties and authorities as required by law.

10. Your Rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time, where processing is based on consent.

To exercise these rights in relation to data for which we are the controller, contact us at privacy@tervita.ee. If your data was entered into the Platform by a business customer (as its End Client), please contact that business, which is the controller; we will support it as processor. You also have the right to lodge a complaint with a supervisory authority — in Estonia, the Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee).

11. Children

The Platform is intended for use by businesses and is not directed to children. Where a business customer records data about a minor End Client, that business is responsible for obtaining any consent required from a parent or guardian under applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, for example by posting the updated policy on the Platform and updating the "last updated" date below.

13. Contact

For questions about this Privacy Policy or about how we handle personal data, contact the controller:

  • Lubera OÜ (Republic of Estonia)
  • Email: privacy@tervita.ee

Last updated: 10/07/2026