Privacy Policy


Lalafo takes care of all its Users’ privacy. For this purpose, Lalafo collects and uses personal information only to the extent necessary to provide its Users with the services, websites, and mobile applications (collectively, “the Service”).

This Privacy Policy shall establish the procedure of receipt, storage, processing, usage, disclosure and protection of User’s personal data.

This Privacy Policy shall constitute an integral part of the Web Service User agreement

Personal data Controller shall be Private limited company Yalla Classifieds (YALLA CLASSIFIEDS OÜ), address: Pärnu Road 22, 10141 Tallinn, Estonia.

By using the Web Service, the User fully accepts this Privacy Policy.

  • 1. Data collection
    • 1.1. Personal data means information, which can be used to identify a natural person directly or indirectly. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
    • 1.2. The User shall provide information and personal data when filling out the form to publish Advertisement, or during registration to the Web Service, or when subscribing to receive messages, as well as in other cases of using the Web Service. Information may also be collected during surveys of the Web Service Users.
    • 1.3. The Web Service will collect the following information about Users:
      • Personal information, which represents input by the User, shown or revealed in any other way by him/her to the Web Service when using the Web Service. Such information can include the User’s name and surname (company name), email address and password, phone number, location as well as address. The User needs to provide this information to enable the Web Service to provide User with the services and to provide access to the Web Service and the means for sellers and buyers to trade.
      • Technical information, which is automatically collected by the Web Service when the Web Service is visited. The Web Service collects information from the device and from the application that Users use to access the services. Typically, this is information about User’s IP address, operating system version, device type, system and performance, and the type of browser. If the User accesses the Web Service from a mobile device, the Web Service also gets a universal unique identifier (UUID) for such device. The Web Service may combine this information obtained from the User’s browser or mobile device with other information about the User that the Web Service or its partners collect, including information collected from several devices.
      • When the User logs in using another service profile (for example, Facebook, Google+, vkontakte, etc.), the Web Service may also collect information located in the relevant profile of such service that the User has agreed to make available, including the User’s name, email address, and profile-related information. The User agrees to share this data with the Web Service during the registration process. This permission can be revoked at any time by sending an appropriate request to the Service.
      • The Web Service may collect information regarding the physical location of the User’s device. The individual User’s location may be determined through the IP or Geo-location information obtained from the User’s device. The Web Service can use and store the User’s location information to provide functions and improve and customize services, for example, for internal analytics and performance monitoring or for showing content or provide offers relevant to the User’s location.
      • The Web Service uses “cookies” and similar technologies on its websites. More information about cookies is provided below in the “Cookies, Web Beacons, and Similar Technologies” section.
    • 1.4. The Web Service also uses the The Web Service will not collect or process any “Special categories of data”, for example, the data about racial or ethnic origin, political, religious and ideological beliefs, membership in political parties and professional unions, criminal history, as well as data concerning health, sex life, biometrical or genetic data.
    • 1.5. The Web Service may use third-parties’ payment services to process payments for certain paid services. Personal data may be collected only by such payment services and not by the Web Service. In the relevant cases, the collection and processing of the User’s personal data will be subject to the payment services’ privacy policies rather than this Privacy Policy. The Web Service has no control over and is not responsible for the payment services’ collection, use, and disclosure of the User’s personal data.
    • 1.6. Please note that any information posted by the User on the Web Service (e.g. User’s name and publicly available photos, etc.) will become public and may be available to other Users and the general public. The Web Service urges Users to be very careful when deciding what information to disclose through the Web Service. Personal information posted by Users or disclosed by them to other Users may be collected by other Users and may result in unsolicited messages. The Web Service is not responsible for protecting the information that the User may disclose to third parties through the Web Service.
    • 1.7. In order to facilitate interaction between the Users, the services shall imply restricted access to the contact information of other Users. The User Agreement shall restrict the right to use information provided by other Users.
  • 2. Processing purposes
    • 2.1. Processing of the personal data is any action or combination of actions, such as collection, registration, accumulation, storage, adaptation, alteration, use, distribution (sale, transfer, including transfer abroad), and deletion of the personal data, including application of informational (automated) systems.
    • 2.2. The Web Service uses the personal information collected from Users for a range of different business purposes and according to different lawful bases of processing.

      The Web Service may use the information collected from the Users as follows:

      • To provide and improve its services. Collecting certain data is necessary to enable the Web Service to fulfil its contractual obligations in accordance with the User agreement, to enforce User Agreement, this Privacy Policy or other policies. For example, the Web Service uses the names and phone numbers that its Users provide in their accounts for other Users to identify them and communicate with each other. The Web Service also may use the User’s information to improve, fix, and customize its services and to pursue the Web Service’s legitimate interests of improving the services for the Users. The Web Service is always looking for ways to make the services smarter, faster, secure, integrated, and useful for the Users;
      • To manage the Users’ accounts and provide them with user support. The Web Service uses Users’ information to resolve technical issues, to respond to Users’ requests for assistance, to analyse technical failure information, and to repair and improve the services.
      • To develop, display, send, and track content and advertising adapted to the interests of Users in relation to the Web Service. The Web Service uses contact information and information about how Users use the Service to send notifications that may be of specific interest to the Users. These notifications are aimed at driving engagement and maximizing the benefits derived by the Users from the Web Service, including information about new features, newsletters, and events that may potentially be of interest to the Users. The Web Service also communicates with the Users about new product offers, promotions, and contests. The Web Service may communicate with the Users by e-mail, post, phone and/or mobile devices. The User can control these notifications and have the right to withdraw his/her consent at any time.
      • To comply with legal, regulatory and law enforcement requests and protect the Web Service’s legitimate interests and rights. The Web Service cooperates with government and law enforcement officials and private parties to enforce the law. The Web Service shall disclose any information about the Users according to legal requirements where it is necessary to protect the Web Service’s legal rights and interests and/or legal rights and interests of third parties or to prevent or stop illegal activity. The Web Service also uses information to restrict or prevent various forms of abuse of the services, such as fraud, spamming, and other unauthorized actions that violate the User agreement. Where required by the law, the Web Service may use the information in connection with legal and audit activities, for example, for the purpose of acquisition, merger or sale of its business. To the legally permitted extent, the Web Service will take reasonable steps to notify the Users about provision of personal information to third parties.
      • Website analytics. The Web Service uses multiple web analytic tools (or tracking-tools) provided by third-party service providers such as Google Analytics to collect information about how Users interact with the Web Service. The Service conducts research and analysis of the User’s use of the Service or the interests of the User in products, services, and content. The Web Service uses the information provided by these tools to improve services and to detect and analyze errors. Such service providers’ tools place cookies in Users’ browsers. Cookies cannot be used by anyone other than third-party service providers. The information collected using cookies may be transmitted to and stored on servers in a country other than the User’s country. Information collected is used and shared by these service providers in accordance with their individual privacy policies. Users are free to opt-in to collection and processing of the data generated by the cookies in connection with the use of the Web Service.
      • To conduct contests or surveys. The Web Service uses the information collected through these methods, for example, to improve the services.
    • 2.3. The Service shall not sell or lease information and/or personal data provided by the User in the process of using the Web Service.
  • 3. Cookies, Web Beacons, and Similar Technologies
    • 3.1. The Web Service uses cookies, web beacons and other similar technologies to store information. Such files are used in order to facilitate usage of the website, to enhance the quality of Web Service services (including safety), to improve user experience, as well as for advertising purposes.
    • 3.2. Any information obtained by the Web Service from the User, as well as placement of cookies on the User’s browser shall be performed with notification and upon the User’s consent. By continuing the usage of the Web Service, the User shall give consent to the Web Service to store cookies on the User’s browser.
    • 3.3. The Web Service uses cookies and similar technologies that remain on the User’s device when the browser is active, and for a more prolonged period.
      • Cookies is a term used in computer terminology to describe information in the form of a text or binary data received from the Web Service that is stored on the User’s side, i.e. on the browser, and is later sent to the Web Service when the User visits the Web Service again. In this way the Web Service marks the User’s browser during his/her visits to the Web Service. Cookies facilitate usage of the Web Service by recording the data necessary to log into the system and collect statistics. Cookies do not contain personal data.
      • Web beacons are small graphic images (also known as “point markers” or “Network beacons”) that may be turned on in the Web Service, as well as its servers, applications, exchange of messages, and in the tools, which usually function in combination with cookies in order to identify the User.
      • Similar technologies are technologies that store information in the browser or the device using local general objects or a local storage, such as “flash cookies”, “HTML 5 cookies”, and other methods of web-applications. Such technologies may work in all browsers of the User, and in some cases they may not be fully controlled by the browser and may require direct control through the applications or devices installed by the User.
    • 3.4. The Service shall take all safety measures in order to prevent unauthorised use of cookies and similar technologies. The Controller shall guarantee that the Controller only and/or authorised providers of the Web Service services may have access to such cookies.
    • 3.5. Third party services are provided by companies that help to operate the Web Service. The Only authorised service providers are used to deliver Web Service to the User, as well as for other purposes directly related to the Web Service operation. Such service providers may also place cookies on the User’s device. They may also collect other information, for instance IP address or other identifiers.
    • 3.6. The User shall have the right to block, delete or turn off such cookies and similar technologies, as long as the User’s device allows doing so.
    • 3.7. The User can manage cookies in the browser. In order to reject collection and storage of information, the User shall check “Do not store cookies” in the browser settings, as well as press the button “Clear cookies”. Cookies may be removed from the User’s devices at any time. The preferences for each browser User uses will need to be set separately and different browsers offer different functionality and options. For more information on how User can block, delete, or disable these technologies, please review browser or device settings.
    • 3.8. However, if the User declines cookies or other similar technologies, the User may not be able to take advantage of certain site features, services, applications, or tools. The User may also be required to re-enter password more frequently during browsing sessions.
  • 4. Sharing and disclosure of information
    • 4.1. The Web Service may share and disclose the User’s information to third-party service providers that provide services to the Web Service, namely, website hosting, data analysis, information technology and related infrastructure provision, email and messages (notifications) delivery, auditing, services that assist the Web Service in providing customised advertising and service providers for the management of service desk, support data and CRM systems. These Services help the Web Service to provide services (for example, they can assist the Web Service in providing customised advertising or they can assist the Web Service with the prevention, detection, mitigation, and investigation of potentially illegal acts). These service providers will only have access to the information necessary to perform the relevant functions. These third parties are obligated not to disclose or use User’s information for other purposes. In some cases, these service providers are not strictly required to provide the services for the Web Service, but they help to make the Web Service better. Cooperation with third-party service providers with the aim to make the services better is the Web Service’s legitimate interest (to ensure the adequate performance of the contract with the User).

      For example, the Web Service uses Google Analytics to monitor and analyze the use of the Web Service. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of the Web Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. The User can opt-out of having made his/her activity on the Web Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. The Web Service also uses the online advertisement services to display advertisement Google Adsense and DoubleClick for Publishers. The User can find more information on the privacy practices of Google here:
    • 4.2. The Web Service may transfer portions of the Users’ information outside of the User's country of residence. For example, personal data stores on servers located in Germany. The Web Service has established legal mechanisms to ensure that Users’ rights are protected irrespective of such transfers.

      If personal data is transferred to a third country (i.e. a country outside the Europe Union or the European Economic Area), the transmission of data will be governed by the principles of the Privacy Shield

      ( or will be performed on the basis of the standard contractual clauses established by the European Commission ( and (
    • 4.3. The Web Service may share the Users’ information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside the User’s country of residence, to comply with legal, regulatory, and law enforcement requests and protect the Web Service’s legitimate interests and rights.

      For example, the Web Service may disclose the User's personal data in the good faith belief that such action is necessary to:

      • 4.3.1. To comply with a legal obligation
      • 4.3.2. To protect and defend the rights or property of The Web Service
      • 4.3.3. To prevent or investigate possible wrongdoing in connection with the Web Service
      • 4.3.4. To protect the personal safety of users of the Web Service or the public
      • 4.3.5. To protect against legal liability
    • 4.4. The User's consent to this Privacy Policy followed by his/her submission of such information represents the User's agreement to that transfers.

      Nevertheless, if necessary, the Web Service may ask for the User's consent to share/disclose his/her information. In any such case, the Web Service will provide a full explanation why and what information the Web Service needs to share/disclose.

  • 5. Data protection

    The Controller shall take all reasonable technical and organisational measures to protect personal data of the User from unauthorised access by third parties.

    The Web Service conducts review of candidates at the time of hire or before entering into a contract with independent contractors (to the extent permitted or facilitated by applicable laws and countries). Also, all employees and contractors of the Web Service who perform functions related to the access and usage of Users’ personal data and other information have signed non-disclosure agreements. The Web Service provides ongoing privacy and security training.

    All personal data collected and processed by the Web Service shall be stored on one of the several protected servers. There shall be no access to such servers outside the corporate network or contractors that signed the Non-disclosure agreement.

    Nevertheless, while the Web Service implements safeguards designed to protect the Users’ information, no security system is impenetrable and the Web Service cannot guarantee that data, during transmission through the Internet or while stored on servers or systems owned by the Service, will be absolutely safe from intrusion by third parties.

  • 6. User’s legal rights

    The Web Service will honour any statutory right the User might have to access, modify or erase his/her personal information.

    Every User has account settings that help him/her access, rectify or delete information that the User provides to the Service. User can change his/her settings on their devices to either consent or oppose the collection of the personal information or display of the corresponding notifications.

    Mobile applications have permission systems for specific types of device data and notifications such as location as well as push notifications. Please note that certain services may lose full functionality because of deactivation of certain functions. User can contact the support of the Service ([email protected]) with any questions regarding these settings.

    According to applicable laws, the Users have the following rights (inter alia):

    • to request access to the User's personal data. This enables the User to receive a copy of the User's personal data stores by the Web Service and to check that the Web Service is lawfully processing it.
    • to request correction of the User's personal data. This means the User can correct any incomplete or inaccurate data. Please note that the Service may need to verify the accuracy of the new data.
    • to request erasure of the User's personal data. The User can ask the Web Service to delete or remove personal data where there is no good reason for the Web Service continuing to process it. The User also has the right to ask the Web Service to delete or remove the User's personal data, where the Web Service may have processed personal data unlawfully or where the Web Service is required to erase personal data to comply with local law.
    • to object to the processing of the User's personal data (for example, when the personal data is processed for direct marketing purposes). In some cases, the Web Service may demonstrate that the Web Service has compelling legitimate grounds to process information which override the User's rights and freedoms.
    • to request restriction of processing of the User's personal data. The User have the right to obtain from the Web Service restriction of processing where one of the following applies:
      • (a) the accuracy of the personal data is contested by the User, for a period enabling the Web Service to verify the accuracy of the personal data;
      • (b) the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
      • (c) the Web Service no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
      • (d) the User has objected to processing pending the verification whether the legitimate grounds of the Web Service override those of the User.
    • to request the transfer of the User's personal data to the User or to a third party. The Web Service will provide to the User, or to a third party the User's personal data in a commonly used machine-readable format.
    • to withdraw consent at any time where the Web Service is relying on consent to process the User's personal data. However, this will not affect the lawfulness of any processing carried out before the User withdraws his/her consent. If the User withdraws his/her consent, the Web Service may not be able to provide certain products or services to the User.

    Please note that the Service may reject requests for certain reasons, including if the request is unlawful or if it may violate the rights of another User or a third party.

    In certain countries, the Users have the right to lodge complaints with the appropriate data protection authorities if they have concerns about how their personal data are processed.

  • 7. Messages and Notifications

    Occasionally, the Web Service may need to contact the User. These messages can be delivered by email, by push notifications or by telephone for the purposes of provision of the Users with support or for other purposes (for example, provide the Users with information regarding products and features that Users may find interesting). These notifications could be sent with prior consent of the User or in response to the Users’ requests. The User may control marketing emails and/or messages through his/her account settings as well as through the opt-out link included in the marketing emails or messages.

    If the User gives his/her consent to receive notifications, he/she confirms that the Web Service shall have the right to provide User`s email addresses and phone numbers to third parties in order to deliver notifications and messages to the User.

    Some messages may be published on the Web Service (for example, messages from other Users with propositions to buy/sell or certain Web Service’s messages). Advertisements published on the Web Service shall be deemed delivered to the User once they are published.

    Some messages are service-related and necessary to provide services by the Web Service and/or performance of the User agreement (non-marketing messages, for example, emails related to the Users’ accounts, security-related notifications, etc.). The User agrees that such messages can be sent to him/her.

    The Web Service shall bear no liability for the use of the message sending form placed on the Web Service by other Users and/or automated systems (robots).

    The Web Service shall bear no liability for the use of the phone numbers and electronic addresses placed by the User on the Service pages by other Users and/or robots.

  • 8. Access to and deletion of the User's information

    The User can exercise his/her rights to access, change or delete his/her personal information at any time. In order to easily access, view or update personal data (where available) or to update subscription preferences, the User should enter his/her account and visit the “Account Settings” section.

    The User is entitled to request the deletion of his/her account without providing any reasons therefore. If the User wishes to erase his/her account or data or if the User decides to revoke his/her consent to this Privacy Policy, the User may send a request to the following e-mail address: [email protected]

    Please note that the Web Service will not be able to provide access to the services if the User revokes his/her consent. Also, the Service will not be able to provide certain services if the User deletes his/her account/data.

    In order to ensure the Users’ protection, support managers of the Web Service may only respond to requests for personal information sent from the email addresses the Users use to send requests, and the Web Service may need to verify the relevant User`s identity before implementing his/her request. The Web Service will try to comply with the User's request as soon as possible, but it may require some time.

  • 9. Data retention

    The Web Service keeps the Users’ information only as long as needed for legitimate business purposes and as permitted by applicable legal requirements.

    If the User closes his/her account, the Web Service will retain certain data for analytical purposes and recordkeeping as well as to prevent fraud, enforce User agreement, or if there is an outstanding issue, claim or dispute requiring the Web Service to keep the relevant information until it is resolved or if the Web Service must keep it to evidence the Web Service`s compliance with applicable law (for example, records of consents to Privacy Policy).

    Personal data is deleted or anonymized on a regular basis when it is no longer relevant for the purposes for which it has been collected.

    Retention of personal data that is provided to third parties as described in this Privacy Policy will be subject to those third parties’ privacy policies.

  • 10. Final provisions
    • 10.1. The User shall bear liability for the accuracy and reliability of any information and data provided by him/her.
    • 10.2. The services are not designed for individuals under the age of eighteen (18). The Web Service will not knowingly collect personal information from children under 18 if they use the Web Service.
    • 10.3. The Controller may introduce amendments, delete or renew the rules of the Privacy Policy. The Web Service will announce any material changes to this Privacy Policy by sending a message and/or via email.
    • 10.4. If the User has any questions or complaints, he/she may contact the support by email: [email protected] or by sending a letter to the following address: Pärnu Road 22, 10141 Tallinn, Estonia.