The Privacy Policy explains the principles of processing the personal data of the users of the brand.estonia.ee and its sub-website toolbox.estonia.ee (hereinafter the Website).

The controller of personal data is Estonian Business and Innovation Agency (registry code 90006006, address Lasnamäe 2, 11412 Tallinn, e-mail [email protected]). Further information on the pan-organisational Privacy Policy of Estonian Business and Innovation Agency can be found here.

NB! The following does not apply to the processing of data of legal persons and organisations. If you contact us on behalf of a legal person or an organisation, please use the professional contact information.

 

1. Definitions

1.1. Data subject – a natural person whose personal data is processed, e.g. the website or service user, newsletter subscriber.

1.2. Personal data – any data concerning the data subject which allows them to be directly or indirectly identified. E.g. data (name, e-mail, telephone number, address, etc.) that have become known to Estonian Business and Innovation Agency by the data subject or on the basis of their consent.

1.3. Processing of personal data – any automated or non-automated operation performed on personal data or a set of such data, including the collection, documentation, organisation, structuring, storage, adjustment and amendment, enquiring, consultation, use, disclosure by forwarding, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

1.4. Personal data breach – a security breach leading to the accidental or unlawful destruction, loss, amendment or unauthorised disclosure of or access to processed personal data.

1.5. Terms of Use – terms of use of the materials on the Website.

1.6. Controller – a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of personal data processing. Estonian Business and Innovation Agency is the controller of the personal data of website users.

1.7. Processor – a natural or legal person, public or local government authority which processes personal data on behalf of Estonian Business and Innovation Agency.

 

2. Identification data

We process your data in multiple ways, incl. when you visit the Website, use the assets, contact us, subscribe to newsletters and in relation to other activities we have made available on the Website.

You may be asked to provide your:

  • name;
  • e-mail address;
  • telephone number;
  • address;
  • data related to your job.

However, you can also visit the Website anonymously. We may collect anonymous and statistical data about you at any time during your use of our Website. This may include the name of your web browser, the type of computer you are using and technical data on your connection to our Website, such as data on your operating system and Internet service provider and other similar data.

 

3. Legal basis for processing personal data

We process personal data legally, fairly and transparently and according to precisely and clearly defined legal basis and the purposes. The legal basis for processing personal data depend on the purposes for which we need the personal data.

EAS processes personal data on the following legal basis:

3.1. to perform the contract or to implement the measures prior to entering into a contract, e.g. when you register as a Website user and use the assets, and to ensure performance of Terms of Use;

3.2. to perform an obligation arising from legislation, e.g. when we have the obligation to forward your data to a state institution;

3.3. in the case of legitimate interest, e.g. when this is necessary for providing a higher-quality service and to promote activities, considering your fundamental rights and freedoms. Estonian Business and Innovation Agency assesses the necessity and the proportionality of an processing of personal data  in each time;

3.4. with your consent, we process personal data only for the purpose given by you, e.g. for forwarding a newsletter;

3.5. for preparing, submitting or defending a legal claim, if this is necessary in relation to breaches concerning Terms of Use.

 

4. Purposes of processing personal data

Estonian Business and Innovation Agency may gather and process personal data for the following purposes:

4.1. to provide you with our services, incl. to use assets and to observe how you follow the Terms of Use;

4.2. to operate, administrate and improve the Website – we may use your feedback to improve our services.  We may use aggregate data to get a better picture of the ways in which users of our Website use the services and resources available on the Website;

4.3. to respond to inquiries and forward notices – we use your e-mail to respond to questions and other inquiries, also for forwarding information if this is necessary in relation to the user account or in the case of related technical issues, or if we need to inform you about changes to services;

4.4. to send newsletters – we regularly update the newsletter subscriber list and keep it updated with the aim of ensuring quality content for users. Should you decide to join our mailing list, you will be sent news, information about services, etc. Should you wish to opt out of receiving newsletters in the future, you will find detailed instructions on how to unsubscribe at the end of each letter. You can also contact us via our Website for the same purpose. Should you opt out of receiving the newsletter, your e-mail address will be automatically deleted from the list.

 

5. How we protect your personal data

We implement appropriate data collection, retention and processing practices and organisational, physical and information technologic security measures in order to protect your personal data, User ID, password and other data against unauthorised access, modification, disclosure or destruction. We apply the aforementioned measures to ensure the secure processing of data, appropriate guidelines and rules have been established, and our employees only process your personal data to the extent necessary to perform their duties. Should we involve a processor, we require them to ensure at least the same level of security.

 

6. Your rights and access to data

You have the right to receive information about the processing of your personal data at any time by submitting a written application to us. Before responding, we always make sure that the applicant has the right to receive data or request an action. As a user account owner, you may review your data in our system.

You have the right to:

6.1. request access to your personal data;

6.2. request the rectification of your personal data by informing us and sending us accurate data;

6.3. request the erasure of your personal data. Said right does not apply if the personal data you are requesting to be erased are processed on another legal basis or if the obligation to retain the data derives from law;

6.4. request the restriction of the processing of your personal data;

6.5. request the personal portability;

6.6. lodge a complaint with a supervisory authority (the Estonian Data Protection Inspectorate, [email protected], 627 4135);

6.7. withdraw your consent at any time, including opting out of receiving the newsletter. Withdrawing consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

 

7. Recipients of personal data

We do not sell, exchange, rent out, transmit or make your personal data in any way available to third parties, excl. if the need to forward the personal data arises from the purpose provided in the Privacy Policy or if such an obligation is stipulated by law (e.g. government institutions).

We may share general aggregate demographical or statistical data that do not enable the identification with recipients like business partners and reliable processors in order to fulfil the purposes set out above. We may also use third-party service providers to assist us in administering our business and Website or for them to take action on our behalf, such as sending out newsletters or surveys, developing the service. We may share your personal data with third parties with limited aims. We do not disclose your data more than is necessary to fulfil the relevant purpose, taking into account the provisions of legislation regulating data protection.

 

8. Retention of personal data

We process personal data to the minimum extent possible. Your personal data are retained no longer than is necessary for the processing pf personal data for the purposes for which the data were required. For example, we store personal data after closing a user account for preparing, filing and defending legal claims or if such an obligation derives from law. We update data if necessary, while all documents and information exceeding the deadline are destroyed. We store correspondence for five years.

 

9. References to other websites

You may find references and content directing you from our Website to the websites and services of our partners (via links). The content and links displayed on such websites are outside of our control, and we are not responsible for the practices of websites linked from our own Website (or linking to our Website). Additionally, such websites or services, including their content and links, may constantly change. Such websites may have their own Privacy Policy and Terms of Use, and they are therefore not subject to our Privacy Policy. Browsing and communication on any other website, including websites containing a link to our Website, are regulated by the policies of that website.

 

10. Cookies

Our Website uses cookies – tiny files which are uploaded to your computer or device that you are using to visit our Website.

Cookies are installed on your device in the following manners:

10.1. session cookies – saved on your device while you are using the Website and erased after you close the browser;

10.2. persistent cookies – saved on your device while you are using the Website and which allow your preferences to be remembered. These cookies are not automatically erased, but you can erase them if you wish;

10.3. limited time cookies – the time of these cookies is limited in the device, but you can erase them if you wish.

Website functionalities that allow us to provide a better user experience work thanks to cookies. We also use cookies for gathering statistical data that include, for example, user preferences, so we can improve and analyse our services. Cookies assess how you interact with the Website as an anonymous user and the gathered data do not permit your identification, but some cookies allow for the identification of your browser and the used device. Some cookies are necessary for the functioning of the services provided on the Website, such as authentication cookies, technical cookies of the IT systems.

The following is an explanation of the types of cookies we use, what kind of information they gather, how we use this information, why we sometimes need to save these cookies and how you can decline to save cookies, although this may restrict or impede the performance of certain functions of the Website.

 

11. Use of cookie files

If you create an account on our Website, we use cookies to guide the registration process and for overall management. Such cookies are usually deleted after you log out, but in some cases they may be retained in order to remember your preferences after you log out.

We use cookies while you are logged in to remember this fact. In this way, you do not have to log in again each time you visit the Website. These cookies are generally removed or deleted when you log out in order to ensure that only logged-in users of the Website have access to its limited functions and areas.

The services provided on this Website include the newsletter, wherein cookies may be used to remember whether you have already registered and whether certain notices that may only apply to subscribed/unsubscribed users should be displayed.

Occasionally, we offer you surveys to respond to in order to collect useful information and utilise better tools in the future or to get a better picture of the users of our Website. In connection with the surveys, cookies may be used in order to remember who has already responded to the survey and to display accurate results after you have moved on to the next page.

If you submit data via a form on the contact page or in the comment section, cookies may be used in order to retain your user data for further correspondence.

 

12. Third-party cookies

In some exceptional cases, we also use cookies provided by reliable third parties. The cookies which may be used on our Website are detailed below.

The Website uses Google Analytics, which is one of the most common and reliable analytical tools on the web and which helps us to understand how users use our Website and how we can improve their user experience. These cookies may, for example, keep track of how much time you spend on the Website or on the webpages you visit, which in turn helps us to display content that is of interest to you, but these cookies do not save personal information.

Occasionally, we try out new functions and modify the structure of the Website. During the testing of new functions, cookies may be used to ensure a consistent visitor experience on our Website, while helping us to understand which optimisation measures the users of our Website find most valuable. To this end, we use a tool called Hotjar.

We use the authentication cookie for user log-in and connecting with a social media account (Google, Microsoft), which is erased after the authentication process.

More detailed overview of cookies used on our Website:

Cookie name Expiration date Cookie functionality
_ga 2y Creates a unique ID of your visit that collects statistics on the visitor’s behaviour.
_gat 24h Creates a unique ID of your visit that collects statistics on the visitor’s behaviour./td>
_collect session Used in order to identify your web browser, operating system and the page you landed from.
AWSELB session Used in order to distribute incoming traffic between servers to increase Website speed.
AWSELBCORS session Registers the server that the user continues using after the previous cookie has assigned them a user server.
rc::c session Used in order to differentiate human users from robots.
__utmt 10 min Used to restrict demand.

 

13. Managing cookies

You can decline cookies via your web browser settings (more detailed instructions can be found in the Help section of your web browser.) Bear in mind that declining cookies impacts the functions of the Website and many other websites you visit. Declining cookies usually also blocks certain functions and functionalities of this Website. If you are uncertain whether to allow or decline cookies, it is recommended to allow all cookies, since they are utilised to provide the service you are using and this way it is certain that no Website functionality is restricted.

You can erase all cookies saved on your device by erasing the browser history. This removes all cookies from all visited websites. Bear in mind that this may result in losing some of the information you have saved (such as log-in information, site preferences).

The majority of browsers can be configured so that cookies are not stored on your device, but this means you will have to adjust certain preferences manually every time you visit the website and certain services and functions may not work in this case (e.g. logging in).

Detailed information on cookies is available at aboutcookies.org.

 

14. Personal data breach

In the event of a personal data breach that constitutes a likely threat to your rights and freedoms, we will prepare any relevant documents thereon. We will certainly take measures to bring the breach to an immediate end.

If the breach results in a potentially serious threat to your rights and freedoms, we will also notify you of this. The purpose of the notice is to enable you to take the necessary precautions to mitigate the situation.

 

15. Amendments to Privacy Policy

EAS has the right to update this policy at any time. We recommend that you visit this page regularly to keep up to date on how we help to protect the personal data we collect. The date at the end of the Privacy Policy indicates the last time the Privacy Policy of the Website was updated.

 

16. Contacting us

If you have any questions about the Privacy Policy, personal data, the practices of this Website or other topics related to the use of the Website, do not hesitate to contact us.

  • If you have any questions about the Website, contact [email protected]
  • If you have any questions about personal data, contact the Estonian Business and Innovation Agency data protection specialist: [email protected].

 

Last amended: 08.12.2020