1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Legal Basis for Processing Personal Data
5. Data Retention
6. Your Rights
7. Data Security
8. Third-Party Services
9. Cookies and Tracking Technologies
10. International Data Transfers
11. Changes to This Privacy Policy
12. Contact Us

1. Introduction

Welcome to the Privacy Policy for 77List, operated by OÜ Webnest. This policy explains how we handle your personal data when you visit, register, or use our classified ads platform. 77List is a website where users can post and browse advertisements for various goods and services, and we collect certain information to provide and improve our services.We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable EU laws. This means we process your personal data fairly, lawfully, and transparently. By using 77List, you agree to the collection and use of your information as described in this policy.If you have any questions or concerns about this Privacy Policy or our data practices, please contact us using the details provided in the “Contact Us” section.

2. Information We Collect

We collect various types of information to operate 77List effectively and provide a safe, user-friendly experience. This includes data you provide directly, data we collect automatically, and data from third parties. We only collect data that is necessary for our services, in line with GDPR principles of data minimization and purpose limitation.

2.1 Personal Information

Personal information is data that can identify you directly or indirectly. We collect this when you create an account, post an ad, or interact with our site. Examples include:

• Account Information: When you register, we may ask for your name, email address, phone number, and password. This helps us verify your identity and manage your account.
• Ad Posting Data: If you post a classified ad, you might provide details like your location, contact information, or descriptions of items. For instance, selling a car might involve sharing your email for buyer inquiries.
• User Communications: Data from messages or interactions on the site, such as chat logs or feedback forms, which may include your email or phone number.
• Payment Information: If you use our payment features for transactions, we collect details like billing addresses, but we do not store full payment card details; instead, we use secure third-party processors.

2.2 Non-Personal Information

We also collect non-personal information that cannot identify you alone but may be combined with other data. This helps us improve our site and understand user behavior.

• Usage Data: Information about how you use 77List, such as pages visited, time spent on the site, and search queries. This is collected via logs and analytics tools.
• Device Information: Data like your IP address, browser type, operating system, and device identifiers. For example, we track IP addresses to detect and prevent fraudulent activity.
• Aggregated Data: Anonymous statistics, such as the number of users in a certain region, which we use for site improvements but do not link to individuals.

We may collect this information through forms, cookies, or automated systems. You can choose not to provide certain personal data, but this might limit your ability to use some features of 77List.

3. How We Use Your Information

We use the information we collect to deliver our classified ads services, enhance user experience, and ensure the site’s security. Our use of your data is guided by GDPR requirements for specificity and transparency in processing purposes.

• To Provide and Improve Services: We use your data to create and manage your account, process ad postings, and facilitate communication between buyers and sellers. For example, we might use your email to send notifications about ad responses or account updates.
• To Personalize Your Experience: Based on your usage data, we may recommend relevant ads or categories, such as suggesting job listings if you’ve browsed employment ads.
• For Security and Fraud Prevention: We analyze IP addresses and device data to detect suspicious activity, like multiple accounts from the same device, to protect against scams or unauthorized access.
• Marketing and Communications: With your consent, we may send promotional emails about new features or special offers on 77List. You can opt out of marketing at any time.
• Legal Compliance and Support: We use data to comply with legal obligations, such as responding to court orders, or to resolve disputes, like investigating reports of misleading ads.
• Analytics and Research: Non-personal data helps us improve site performance, such as by analyzing popular ad categories to enhance search functionality.

We do not sell your personal data to third parties. All uses are limited to the purposes stated here, and we ensure data minimization by only processing what’s necessary.

4. Legal Basis for Processing Personal Data

Under GDPR, we must have a valid legal basis for processing your personal data. We are transparent about these bases to ensure fairness and accountability.

• Consent: For activities like marketing emails or optional features, we process data based on your explicit consent. For example, if you agree to receive newsletters, we rely on this basis.
• Performance of a Contract: When you create an account or post an ad, processing your data is necessary to fulfill our agreement with you, such as displaying your ad or handling transactions.
• Legitimate Interests: We use this basis for activities that benefit both you and us, balanced against your rights. For instance, we may analyze usage data to improve site security or personalize content, ensuring it doesn’t overly intrude on your privacy.
• Legal Obligation: We process data to comply with EU laws, such as retaining records for tax purposes or responding to law enforcement requests.
• Vital Interests: In rare cases, such as emergencies involving user safety, we might process data to protect individuals.

If we rely on legitimate interests, we conduct an assessment to ensure it’s proportionate. You have the right to object to processing based on legitimate interests, as detailed in the “Your Rights” section.

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, in accordance with GDPR’s storage limitation principle. This helps minimize risks and respects your privacy.

• Account Data: We keep information like your name and email while your account is active. If you delete your account, we retain data for up to 6 months to handle any ongoing issues, such as disputes over ads, before permanently deleting it.
• Ad Posting Data: Information from ads is retained for the duration the ad is live, plus a short period (e.g., 30 days) after removal to allow for follow-up communications. For example, if an ad is reported, we may hold data longer to investigate.
• Log and Usage Data: Non-personal data like IP addresses is retained for up to 12 months for security and analytics, after which it is anonymized or deleted.
• Legal Requirements: Certain data may be kept longer if required by law, such as financial records for 7 years under EU tax regulations. We review retention periods regularly and delete data when no longer needed.

Our retention criteria are based on the type of data, purpose, and legal obligations. If you have questions about specific retention periods, contact us as outlined in the “Contact Us” section.

6. Your Rights

GDPR grants you specific rights regarding your personal data. We respect these rights and provide ways for you to exercise them easily and free of charge.

• Right to Access: You can request a copy of your personal data we hold. This includes details on how we use it and who we share it with.
• Right to Rectification: If your information is inaccurate or incomplete, you can ask us to correct it. For example, update your phone number in your account settings.
• Right to Erasure (Right to be Forgotten): You may request deletion of your data under certain conditions, such as if it’s no longer necessary for the original purpose. Note that we may not delete data if we have a legal obligation to retain it.
• Right to Restrict Processing: You can ask us to limit how we use your data, for instance, if you dispute its accuracy or object to processing.
• Right to Data Portability: We can provide your data in a structured, commonly used format (like CSV) for transfer to another service, such as exporting your ad history.
• Right to Object: You can object to processing based on legitimate interests or direct marketing. For example, opt out of personalized ads.
• Right to Withdraw Consent: If we process your data based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Right to Complain: If you believe we are not handling your data correctly, you can lodge a complaint with a supervisory authority, such as the Estonian Data Protection Inspectorate.

To exercise these rights, contact us via the details in the “Contact Us” section. We will respond to your request within one month, or longer if complex, and verify your identity to protect your data.

7. Data Security

Protecting your personal data is a top priority for OÜ Webnest. We implement appropriate technical and organizational measures to safeguard against unauthorized access, loss, or breach, as required by GDPR.

• Encryption and Access Controls: We use encryption for data in transit and at rest, such as HTTPS for website connections and secure storage for sensitive information. Access to data is restricted to authorized personnel only, with role-based permissions.
• Security Measures: Regular security audits and penetration testing are conducted to identify vulnerabilities. We also use firewalls, intrusion detection systems, and multi-factor authentication for staff access.
• Breach Response: In the event of a data breach, we follow GDPR protocols, notifying you and relevant authorities within 72 hours if it poses a high risk to your rights. We have a dedicated incident response plan.
• Employee Training: All staff are trained on data protection best practices, and we enforce strict policies on data handling.

While we strive to protect your data, no method is foolproof. We encourage you to use strong passwords and be cautious with the information you share in ads.

8. Third-Party Services

We may share your data with trusted third-party services to operate 77List effectively. All sharing is done under contracts that ensure GDPR compliance, such as data processing agreements with appropriate safeguards.

• Service Providers: We use companies for specific functions, like hosting (e.g., cloud storage providers), analytics (e.g., Google Analytics), or payment processing (e.g., Stripe). For instance, an analytics provider might receive anonymized data to help us understand site traffic.
• Advertising Partners: If we use ad networks, they may receive non-personal data for targeted advertising, but only with your consent. We do not share personal identifiers without a legal basis.
• Legal Disclosures: We may disclose data to law enforcement or regulators if required by law, such as in response to a court order.
• Business Transfers: In the event of a merger or acquisition, your data might be transferred, but we will inform you in advance and ensure continued protection.

All third parties are bound by confidentiality and must process data only for specified purposes. We conduct due diligence to ensure they comply with GDPR.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on 77List and comply with EU laws, including the ePrivacy Directive. Cookies are small files stored on your device that help us recognize you and improve functionality.

• Types of Cookies:
  
  • Essential Cookies: Necessary for the site to work, such as maintaining your session while browsing ads. These do not require consent.
  • Functional Cookies: Used to remember your preferences, like language settings, to provide a better user experience.
  • Analytics Cookies: Help us track site usage and performance, such as page views or click rates, using tools like Google Analytics.
  • Advertising Cookies: May be used for targeted ads, but only with your consent. For example, showing ads based on your search history.
• How We Manage Cookies: Upon your first visit, we provide a cookie consent banner where you can accept or decline non-essential cookies. You can also manage cookies through your browser settings. Our cookie policy is integrated here for transparency.

We do not use tracking technologies for purposes beyond those stated, and we respect your choices regarding consent.

10. International Data Transfers

As OÜ Webnest is based in Estonia (within the EU), most data processing occurs within the European Economic Area (EEA), where GDPR protections apply. However, we may transfer data to countries outside the EEA for certain services.

• Transfer Mechanisms: If data is transferred, we use appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on adequacy decisions for countries like the UK.
• Examples of Transfers: Data might be stored on servers in the US with providers like AWS, which participate in the EU-US Data Privacy Framework. We ensure that all transfers include robust security measures.
• Your Rights: We assess all transfers for risks and provide the same level of protection as under GDPR. If you have concerns, you can exercise your rights as described in the “Your Rights” section.

We do not transfer data to countries without adequate protection unless necessary and safeguarded.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or operational needs. We are committed to maintaining transparency under GDPR.

• Notification of Changes: Significant updates will be communicated via email (if we have your contact details) or a prominent notice on the 77List website. Minor changes may be posted without additional notice.
• Review Period: Check this policy regularly, as your continued use of the site after changes indicates acceptance. The “Last Updated” date will be indicated at the top.
• Current Version: This policy was last updated on April 26, 2025.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. OÜ Webnest has a designated Data Protection Officer (DPO) to handle such matters.

• Contact Details:
  
  • Email: privacy@77list.ee
  • Postal Address: OÜ Webnest, Data Protection Officer, Sinilille Tee 8, Klooga, 76703, Estonia
  • Phone: +372-5457-1516
  • Business hours,  Mon-Thu: 10:00-17:00, Fri 10:00-15:00, Sat: Closed, Sun: Closed, Public holidays: Closed

For data protection inquiries, we aim to respond within 30 days. If you are in the EU, you can also contact the relevant supervisory authority, such as the Estonian Data Protection Inspectorate.