NB! The following does not apply to the processing of data of legal persons and organisations. If you contact us on behalf of a legal person or an organisation, please use the professional contact information.
1.1. Data subject – a natural person whose personal data is processed, e.g. the website or service user, newsletter subscriber.
1.2. Personal data – any data concerning the data subject which allows them to be directly or indirectly identified. E.g. data (name, e-mail, telephone number, address, etc.) that have become known to Estonian Business and Innovation Agency by the data subject or on the basis of their consent.
1.3. Processing of personal data – any automated or non-automated operation performed on personal data or a set of such data, including the collection, documentation, organisation, structuring, storage, adjustment and amendment, enquiring, consultation, use, disclosure by forwarding, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
1.4. Personal data breach – a security breach leading to the accidental or unlawful destruction, loss, amendment or unauthorised disclosure of or access to processed personal data.
1.6. Controller – a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of personal data processing. Estonian Business and Innovation Agency is the controller of the personal data of website users.
1.7. Processor – a natural or legal person, public or local government authority which processes personal data on behalf of Estonian Business and Innovation Agency.
2. Identification data
We process your data in multiple ways, incl. when you visit the Website, use the assets, contact us, subscribe to newsletters and in relation to other activities we have made available on the Website.
You may be asked to provide your:
- e-mail address;
- telephone number;
- data related to your job.
However, you can also visit the Website anonymously. We may collect anonymous and statistical data about you at any time during your use of our Website. This may include the name of your web browser, the type of computer you are using and technical data on your connection to our Website, such as data on your operating system and Internet service provider and other similar data.
3. Legal basis for processing personal data
We process personal data legally, fairly and transparently and according to precisely and clearly defined legal basis and the purposes. The legal basis for processing personal data depend on the purposes for which we need the personal data.
EAS processes personal data on the following legal basis:
3.2. to perform an obligation arising from legislation, e.g. when we have the obligation to forward your data to a state institution;
3.3. in the case of legitimate interest, e.g. when this is necessary for providing a higher-quality service and to promote activities, considering your fundamental rights and freedoms. Estonian Business and Innovation Agency assesses the necessity and the proportionality of an processing of personal data in each time;
3.4. with your consent, we process personal data only for the purpose given by you, e.g. for forwarding a newsletter;
4. Purposes of processing personal data
Estonian Business and Innovation Agency may gather and process personal data for the following purposes:
4.2. to operate, administrate and improve the Website – we may use your feedback to improve our services. We may use aggregate data to get a better picture of the ways in which users of our Website use the services and resources available on the Website;
4.3. to respond to inquiries and forward notices – we use your e-mail to respond to questions and other inquiries, also for forwarding information if this is necessary in relation to the user account or in the case of related technical issues, or if we need to inform you about changes to services;
4.4. to send newsletters – we regularly update the newsletter subscriber list and keep it updated with the aim of ensuring quality content for users. Should you decide to join our mailing list, you will be sent news, information about services, etc. Should you wish to opt out of receiving newsletters in the future, you will find detailed instructions on how to unsubscribe at the end of each letter. You can also contact us via our Website for the same purpose. Should you opt out of receiving the newsletter, your e-mail address will be automatically deleted from the list.
5. How we protect your personal data
We implement appropriate data collection, retention and processing practices and organisational, physical and information technologic security measures in order to protect your personal data, User ID, password and other data against unauthorised access, modification, disclosure or destruction. We apply the aforementioned measures to ensure the secure processing of data, appropriate guidelines and rules have been established, and our employees only process your personal data to the extent necessary to perform their duties. Should we involve a processor, we require them to ensure at least the same level of security.
6. Your rights and access to data
You have the right to receive information about the processing of your personal data at any time by submitting a written application to us. Before responding, we always make sure that the applicant has the right to receive data or request an action. As a user account owner, you may review your data in our system.
You have the right to:
6.1. request access to your personal data;
6.2. request the rectification of your personal data by informing us and sending us accurate data;
6.3. request the erasure of your personal data. Said right does not apply if the personal data you are requesting to be erased are processed on another legal basis or if the obligation to retain the data derives from law;
6.4. request the restriction of the processing of your personal data;
6.5. request the personal portability;
6.6. lodge a complaint with a supervisory authority (the Estonian Data Protection Inspectorate, [email protected], 627 4135);
6.7. withdraw your consent at any time, including opting out of receiving the newsletter. Withdrawing consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
7. Recipients of personal data
We may share general aggregate demographical or statistical data that do not enable the identification with recipients like business partners and reliable processors in order to fulfil the purposes set out above. We may also use third-party service providers to assist us in administering our business and Website or for them to take action on our behalf, such as sending out newsletters or surveys, developing the service. We may share your personal data with third parties with limited aims. We do not disclose your data more than is necessary to fulfil the relevant purpose, taking into account the provisions of legislation regulating data protection.
8. Retention of personal data
We process personal data to the minimum extent possible. Your personal data are retained no longer than is necessary for the processing pf personal data for the purposes for which the data were required. For example, we store personal data after closing a user account for preparing, filing and defending legal claims or if such an obligation derives from law. We update data if necessary, while all documents and information exceeding the deadline are destroyed. We store correspondence for five years.
9. References to other websites
Cookies are installed on your device in the following manners:
10.1. session cookies – saved on your device while you are using the Website and erased after you close the browser;
10.2. persistent cookies – saved on your device while you are using the Website and which allow your preferences to be remembered. These cookies are not automatically erased, but you can erase them if you wish;
10.3. limited time cookies – the time of these cookies is limited in the device, but you can erase them if you wish.
The following is an explanation of the types of cookies we use, what kind of information they gather, how we use this information, why we sometimes need to save these cookies and how you can decline to save cookies, although this may restrict or impede the performance of certain functions of the Website.
11. Use of cookie files
The services provided on this Website include the newsletter, wherein cookies may be used to remember whether you have already registered and whether certain notices that may only apply to subscribed/unsubscribed users should be displayed.
Occasionally, we offer you surveys to respond to in order to collect useful information and utilise better tools in the future or to get a better picture of the users of our Website. In connection with the surveys, cookies may be used in order to remember who has already responded to the survey and to display accurate results after you have moved on to the next page.
If you submit data via a form on the contact page or in the comment section, cookies may be used in order to retain your user data for further correspondence.
12. Third-party cookies
The Website uses Google Analytics, which is one of the most common and reliable analytical tools on the web and which helps us to understand how users use our Website and how we can improve their user experience. These cookies may, for example, keep track of how much time you spend on the Website or on the webpages you visit, which in turn helps us to display content that is of interest to you, but these cookies do not save personal information.
Occasionally, we try out new functions and modify the structure of the Website. During the testing of new functions, cookies may be used to ensure a consistent visitor experience on our Website, while helping us to understand which optimisation measures the users of our Website find most valuable. To this end, we use a tool called Hotjar.
We use the authentication cookie for user log-in and connecting with a social media account (Google, Microsoft), which is erased after the authentication process.
More detailed overview of cookies used on our Website:
|Cookie name||Expiration date||Cookie functionality|
|_ga||2y||Creates a unique ID of your visit that collects statistics on the visitor’s behaviour.|
|_gat||24h||Creates a unique ID of your visit that collects statistics on the visitor’s behaviour./td>|
|_collect||session||Used in order to identify your web browser, operating system and the page you landed from.|
|AWSELB||session||Used in order to distribute incoming traffic between servers to increase Website speed.|
|AWSELBCORS||session||Registers the server that the user continues using after the previous cookie has assigned them a user server.|
|rc::c||session||Used in order to differentiate human users from robots.|
|__utmt||10 min||Used to restrict demand.|
13. Managing cookies
You can decline cookies via your web browser settings (more detailed instructions can be found in the Help section of your web browser.) Bear in mind that declining cookies impacts the functions of the Website and many other websites you visit. Declining cookies usually also blocks certain functions and functionalities of this Website. If you are uncertain whether to allow or decline cookies, it is recommended to allow all cookies, since they are utilised to provide the service you are using and this way it is certain that no Website functionality is restricted.
You can erase all cookies saved on your device by erasing the browser history. This removes all cookies from all visited websites. Bear in mind that this may result in losing some of the information you have saved (such as log-in information, site preferences).
The majority of browsers can be configured so that cookies are not stored on your device, but this means you will have to adjust certain preferences manually every time you visit the website and certain services and functions may not work in this case (e.g. logging in).
Detailed information on cookies is available at aboutcookies.org.
14. Personal data breach
In the event of a personal data breach that constitutes a likely threat to your rights and freedoms, we will prepare any relevant documents thereon. We will certainly take measures to bring the breach to an immediate end.
If the breach results in a potentially serious threat to your rights and freedoms, we will also notify you of this. The purpose of the notice is to enable you to take the necessary precautions to mitigate the situation.
16. Contacting us
- If you have any questions about the Website, contact [email protected]
- If you have any questions about personal data, contact the Estonian Business and Innovation Agency data protection specialist: [email protected].
Last amended: 08.12.2020