Privacy Policy

Karagateway OÜ ("Karagateway", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you visit our website, contact us, or use our trade facilitation and advisory services, and it describes your rights under applicable data-protection law, including the EU General Data Protection Regulation (GDPR).

We are the data controller responsible for your personal data.

Company: Karagateway OÜ
Registration: Estonian Registry Code 17421728
Registered address: Ehitajate tee 60-11
Privacy contact: info@karagateway.com

1. Who this policy applies to

This policy applies to:

• Visitors to our website.
• Prospective and existing clients, and their representatives.
• Suppliers, buyers, distributors, and other trade counterparties we assess or introduce.
• Partners and service providers in our network, and their representatives.
• Anyone who contacts us through our forms, email, or other channels.

2. The personal data we collect

We collect only the data we need to provide our services and run our business. Depending on your relationship with us, this may include:

Contact and identity data — name, job title, company name, business email address, phone number, and business address.

Business and engagement data — information you provide about your objectives, products, target markets, transactions, and trade requirements.

Verification and due-diligence data — company registration details, regulatory or licensing information, and identification documents of authorised representatives, collected to verify counterparties and partners (for example, as part of know-your-customer and sanctions screening).

Communications data — the content of your enquiries, correspondence, and records of our interactions with you.

Technical and usage data — limited information about how you use our website, such as IP address, browser type, and pages visited, where applicable and subject to your cookie choices.

We do not intentionally collect special categories of personal data (such as health, race, religion, or political opinions), and we ask that you do not provide such data to us.

3. How we collect personal data

We collect personal data:

• Directly from you, when you complete a form, contact us, or engage our services.
• From the companies and representatives we work with, in the course of an engagement.
• From publicly available and legitimate third-party sources (such as official company registries, regulatory bodies, and sanctions lists) when conducting due diligence and verification.
• Automatically, through our website, subject to your cookie choices.

4. Why we use your personal data, and our legal basis

We process personal data on the following legal bases under the GDPR:

To provide our services (performance of a contract) — delivering trade advisory, partner sourcing and verification, representation, and facilitation services to our clients.

To verify counterparties and partners (legitimate interests and legal obligation) — conducting due diligence, know-your-customer checks, sanctions and country-risk screening, and maintaining the integrity of the trade relationships we facilitate.

To communicate with you (performance of a contract and legitimate interests) — responding to enquiries, managing engagements, and providing information you request.

To comply with legal obligations — meeting our duties under applicable law, including anti-money-laundering, sanctions, tax, and record-keeping requirements.

With your consent — where we rely on consent, for example for certain marketing communications or non-essential cookies. You may withdraw consent at any time.

For our legitimate business interests — improving our services, maintaining security, and protecting our legal rights, provided these interests are not overridden by your rights.

5. How we share personal data

We do not sell your personal data. We share it only where necessary to deliver our services and meet our legal obligations, with:

• Partners and service providers you engage — for example, legal, logistics, customs, inspection, employer-of-record, and payment providers, where relevant to your engagement.
• Counterparties and clients — only to the extent necessary to make an agreed introduction or facilitate a transaction you have requested.
• Our professional advisers — such as accountants, auditors, and legal advisers, under confidentiality obligations.
• Authorities and regulators — where required by law, regulation, or legal process.

We never transmit your personal data to third parties based on instructions received from sources other than you or your authorised representatives, or as required by law. When we share data with third parties, we take reasonable steps to ensure it is handled lawfully and securely.

6. International transfers

Karagateway facilitates trade between Europe, Africa, and other regions. As a result, your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we put in place appropriate safeguards required by law — such as the European Commission's Standard Contractual Clauses or an equivalent lawful transfer mechanism — to ensure your data remains protected. You may contact us for more information about the safeguards we use.

7. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to provide our services, and to meet our legal, accounting, compliance, and record-keeping obligations. Verification and due-diligence records may be retained for the period required by applicable law. When personal data is no longer needed, we securely delete or anonymise it.

8. How we protect personal data

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. Access to sensitive verification and due-diligence records is restricted to those who need it to perform their role. While no system can be guaranteed to be completely secure, we take the security of your data seriously and review our measures regularly.

9. Your rights

Under the GDPR and applicable data-protection law, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data in certain circumstances ("right to be forgotten").
• Restrict or object to our processing in certain circumstances.
• Data portability — receive your data in a structured, commonly used format.
• Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at info@karagateway.com. We will respond within the timeframe required by law. You also have the right to lodge a complaint with a data-protection supervisory authority — in Estonia, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

10. Cookies

Our website may use cookies and similar technologies to function correctly and to understand how the site is used. Essential cookies are necessary for the site to work. Non-essential cookies (for example, analytics) are used only with your consent, which you can manage or withdraw at any time through our cookie settings. For more detail, see our Cookie Policy or contact us.

11. Third-party links

Our website may contain links to third-party websites or services that we do not control. This Privacy Policy does not apply to those sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version, with its "last updated" date, is always available on our website. Where changes are significant, we will take reasonable steps to notify you.

13. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

Karagateway OÜ
Ehitajate tee 60-11
Email: info@karagateway.com

This Privacy Policy is provided for general information and transparency. It should be reviewed by a qualified legal or data-protection adviser before publication to confirm it meets all obligations applicable to your specific operations and jurisdictions.