1. The Foundation as a Data Controller
Enterprise Estonia and Innovation Foundation (registry code 90006012, e-mail info@eis.ee, hereinafter the Foundation or we) follows the requirements and principles set out in legislation and the Foundation's data protection terms when processing personal data. Transparency and security of personal data are important to us, which is why we inform you through these data protection terms how, for what purpose and for how long we process personal data, and how we ensure the fulfilment of data subjects' rights.
Please take the time to thoroughly review these data protection terms.
In processing personal data, the Foundation acts as the controller within the meaning of the General Data Protection Regulation (hereinafter GDPR). As the controller, we define the purpose and basis for processing personal data, as well as the scope and manner of data processing. We inform the data subject and assist in exercising their rights.
These data protection terms cover all personal data processing activities of the Foundation, including on all websites managed by the Foundation.
The following does not cover the processing of legal entities' data, nor the processing of personal data on third-party websites (external links) referenced on the Foundation's websites.
Our contact details:
- Enterprise Estonia and Innovation Foundation
- Sepise 7, Tallinn 11415
- www.eis.ee
If you have any questions, concerns or complaints related to personal data, please contact our data protection specialist by writing to andmekaitse@eis.ee.
2. Definitions
2.1. A data subject is a natural person whose personal data is being processed (e.g. client, grant applicant, website visitor).
2.2. Personal data is any information relating to an identified or identifiable natural person (data subject) (e.g. name, personal identification code, e-mail address, etc.).
2.3. Processing of personal data is any operation performed on personal data (e.g. modification, viewing, storage, deletion).
3. Legal Bases for Processing Personal Data
We process personal data only for purposes necessary for the fulfilment of the Foundation's statutory tasks or tasks assigned to us in the public interest, for the fulfilment of our legal and contractual obligations, for the provision of services, and on a clear legal basis.
Depending on the purposes of data processing, the following legal bases provided in the GDPR apply:
3.1 The Foundation processes data for the preparation, performance and enforcement of contracts concluded with the participation of the data subject (including loan, guarantee, consulting, cooperation, procurement and other contracts) (GDPR Art 6(1)(b)). In certain circumstances, the processing of personal data may also be necessary for the preparation and defence of a contractual claim.
3.2 For the fulfilment of legal obligations arising from law or other legislation for the purposes and to the extent established in the relevant legislation, such as the Employment Contracts Act, tax laws, the Money Laundering and Terrorist Financing Prevention Act, the Auditing Act or the Accounting Act (GDPR Art 6(1)(c)).
3.3 We process personal data for the performance of a task assigned to the Foundation by legislation or an administrative contract in the public interest (GDPR Art 6(1)(e)).
3.4 The Foundation may rely on legitimate interest when processing takes place outside the direct performance of a public task, e.g. for information security purposes. We process personal data on the basis of legitimate interest only when the interests or fundamental rights of the data subject do not override the interest in processing and when there is no other basis for processing (GDPR Art 6(1)(f)).
3.5 Less frequently, we process personal data on the basis of the data subject's consent (e.g. for sending newsletters, for direct marketing purposes, for participation in campaigns, for the use of photo and video material). The data subject gives consent voluntarily, knowingly, unambiguously and for specifically defined data (GDPR Art 6(1)(a)).
4. Purposes, Categories and Retention of Personal Data for Various Services and Tasks
Personal data is processed only to the extent necessary to achieve the purpose set at the time of collection and is retained for a specified period. After that, the data is deleted or destroyed.
For the purpose of compiling statistics illustrating the Foundation's activities, we process personal data only in anonymised form.
4.1. Authentication
The Foundation verifies the identity of users in e-channels using authentication methods, for which we need your name and personal identification code.
4.2. Applying for Grants or Services
In the process of applying for or using grants or services, we process data that is necessary to fulfil the requirements of the relevant support measure.
4.3. Using the e-Estonia Showroom
When using the e-Estonia Showroom, we may use your personal data to register your visit to the showroom premises.
4.4. Work in Estonia
When using Work in Estonia services, including the International House, we collect your data for the purpose of providing services and registering your reception.
4.5. e-Residency Programme
The e-Residency programme processes personal data necessary for providing services and opportunities to e-residents.
5. Use of Cookies
A cookie is a small text file that is saved on your computer, smartphone or other device when you visit our website.
You can always change cookie settings through cookie preferences or browser settings.
5.1. By duration, cookies are divided into three types:
5.1.1. Session cookies are added only for the duration of the browsing session and are deleted when you close the browser tab or browser.
5.1.2. Time-limited cookies have a set lifespan and are automatically deleted when the validity period expires.
5.1.3. Persistent cookies have no expiry date and remain until deleted.
5.2. By purpose, four categories of cookies are distinguished:
- Necessary cookies — These cookies ensure the functioning and security of the website. They cannot be opted out of.
- Functional cookies — These cookies allow the website to remember your previous choices to provide a better and more personalised user experience.
- Statistical cookies — These cookies allow us to perform statistical analysis of website usage to improve user experience.
- Marketing cookies — The purpose of these cookies is to display relevant advertisements to you on the internet together with our partners.
Data Subject Rights
Respecting the rights of data subjects is important to the Foundation and we therefore pay special attention to this.
6.1. Right to Access Information
You have the right to access your personal data and to receive information about what data the Foundation processes about you.
6.2. Copies
Where necessary and justified, the Foundation will provide you with a free copy of documents related to you upon request.
6.3. Right to Rectification
All data subjects who notice that their personal data is inaccurate may contact the Foundation to have their data corrected.
6.4. Right to Data Portability
The data subject has the right to receive personal data concerning them in a structured, commonly used and machine-readable format.
6.5. Right to Erasure
This right allows data subjects to request the deletion of their personal data when it is no longer necessary.
6.6. Right to Restriction of Processing
The Foundation may restrict the processing of personal data at your request until the accuracy of the data is verified.
6.7. Right to Withdraw Consent
If the processing of personal data is based on consent, you have the right at any time to withdraw your consent.
6.8. Right to Object
You have the right to object to the processing of personal data.
6.9. Right to Lodge a Complaint with a Supervisory Authority
All data subjects have the right to lodge a complaint with the national data protection supervisory authority. In Estonia, this is the Data Protection Inspectorate.
Recipients of Personal Data
In order to provide you with an excellent experience, it may be necessary to share your personal data with authorised processors and controllers.
7.1 Due to the financing rules related to EU structural funds, we forward relevant data to the Ministry of Finance;
7.2 We forward personal data related to employment to the Health Insurance Fund, Labour Inspectorate, Tax Board, Social Insurance Board or Unemployment Insurance Fund;
7.3 We forward data to regional development centres, tourist information centres and visitor centres for the fulfilment of administrative contract obligations;
7.4 We forward personal data to the structural funds e-environment as required by legislation;
7.5 We forward data to the enforcement proceedings information system;
7.6 We forward personal data to the public procurement register;
7.7 We forward personal data to the commercial register or land register;
7.8 We share personal data with third parties for the development of information systems or better services;
7.9 We forward personal data to authorised processors for contractual obligations;
7.10 We forward data to auditors, accounting service providers, legal and financial consultants.
Security Measures and Notification
The Foundation keeps personal data strictly confidential and protects it from unlawful access through effective IT security measures and organisational and technical measures.
If a personal data breach occurs that is likely to pose a risk to data subjects' rights and freedoms, we will notify the Data Protection Inspectorate.
Implementation Provision
Taking into account potential changes in legislation, data protection law and the development of technology ensuring a high level of personal data protection, the Foundation reserves the right to make changes to these data protection terms. Therefore, the data protection terms are regularly reviewed and amended as necessary.