Privacy Policy

Eesti Firma OÜ Privacy Policy: How We Process and Protect Your Personal Data

Eesti Firma (legal name: Eesti Firma OÜ, registry code 14164797, address Vesivärava 50, 10152 Tallinn, Estonia), operator of the website eestifirma.ee, respects user privacy and strictly complies with data protection legislation, including the Personal Data Protection Act of the Republic of Estonia and the General Data Protection Regulation (EU) 2016/679 (GDPR). We act as the controller of your personal data and bear responsibility for their processing.

This Privacy Policy transparently informs you about what personal data we collect, how we use, disclose, and protect it. For a complete understanding, we also recommend reviewing our Terms of Use, Anti-Money Laundering and Countering the Financing of Terrorism Policy or AML Policy, GDPR Compliance Principles, and Cookie Notice.

By using the eestifirma.ee website, you acknowledge that you have read this Privacy Policy and agree to the data processing practices described herein.

Information We Collect

We collect and process various types of information, strictly adhering to the principles of data minimization and lawful data collection. The primary categories of data we collect include:

  • Personal Data: Information you provide to us directly, such as your name, email address, telephone number, and other details you submit during account registration, contacting us, or using our services. In certain cases (e.g., to comply with AML requirements), this may also include identification data.
  • Technical Data: Information automatically collected when visiting our website, including IP address, browser type, device information, operating system version, and other technical parameters. These data enable us to ensure the correct operation of the site, compatibility with various devices, and optimization of user experience.
  • Usage Data: Information about your interactions with the site. We record which pages you visit, the time spent on each page, how you navigate between sections, referral sources to our site, and how you interact with the content. This data is essential for analyzing user activity and improving our services.
  • Communication Data: Information contained in your correspondence with us. If you contact our team via email, feedback forms, or other means, we retain records of such communications, including provided contact details and message content. This allows us to process your inquiries effectively and enhance service quality.

We deliberately do not collect data from individuals under 18 years of age. Our website and services are not intended for minors. If we become aware that personal data of a child has been collected without parental/guardian consent, we will promptly delete such information.

How We Use Your Information

Personal data processing is conducted on lawful grounds stipulated by the GDPR, including the necessity to fulfill contractual obligations, compliance with legal requirements, pursuit of our legitimate interests, or based on your consent. We strive to use information ethically and only for the purposes for which it was collected. The primary purposes for processing your data include:

  • Provision of Services: We use your data to provide our services and fulfill contractual obligations towards you. This includes company registration, legal support, accounting services, and other services we offer. Data processing for these purposes is essential for concluding or performing a contract with you, as well as for managing ongoing customer relationships.
  • Communication with Users: Your contact information is used to respond to your inquiries, provide service consultations, and deliver important notifications and updates. With your consent, we may also send newsletters or promotional offers tailored to your preferences. You may always opt out of marketing messages using the unsubscribe link provided in the email or by contacting us directly.
  • Analytics and Service Improvement: We analyze visitor behavior on our website to enhance its functionality and content. Usage data (in anonymized or aggregated form) helps us understand audience needs, optimize navigation, improve user interface convenience, and develop new features. Such processing is based on our legitimate interest in service improvement, while we take measures to minimize interference with your privacy (for example, using aggregated data).
  • Legal Compliance: We may process and retain specific data to comply with our legal obligations. This notably pertains to accounting and tax regulations, as well as anti-money laundering and counter-terrorism financing requirements. For instance, by law, we must identify clients and retain certain data for reporting purposes. Data processing for legal compliance is mandatory and based on legal requirements.
  • Security Measures: Collected data are used to ensure the security of our website, your accounts, and our services. We monitor to detect and prevent fraud, unauthorized access, cyberattacks, and other threats. Such processing is based on our legitimate interest in safeguarding our infrastructure and users. We continually improve our monitoring and protection systems to keep your data secure.

Please note that we do not engage in automated decision-making capable of significantly affecting your rights or interests. In other words, no critical decisions (such as service provision or pricing) are made solely by algorithms without human involvement.

Cookies and Tracking Technologies

To enhance your user experience and analyze website traffic, we use cookies and similar tracking technologies. This enables us to tailor our website content to your interests and better understand how users interact with our website.

The use of cookies is conducted in accordance with applicable laws (e.g., the EU Directive on Privacy and Electronic Communications) and our separate Cookie Policy. The main categories of cookies we use are:

  • Strictly Necessary Cookies: These cookies are essential for the proper functioning of the website. They enable basic functionalities (such as saving your privacy preferences or maintaining your logged-in session) and cannot be disabled, as the website would not function properly without them.
  • Analytical Cookies: These cookies collect anonymized statistics about how visitors use our website, such as which pages are visited, how long users spend on each page, or whether they encounter errors. We use this information to improve website performance and usability. For instance, such technologies help us identify the most popular sections and optimize the content accordingly.
  • Marketing Cookies: These cookies are used to deliver more relevant advertisements and promotions for our services. They allow us to track the effectiveness of advertising campaigns and may remember what you’ve viewed on our website in order to offer you similar services. We use marketing cookies responsibly and, where required, obtain your consent before placing them on your device.

You have the right to manage your cookie settings at any time. Most browsers allow you to disable unnecessary cookies or delete existing cookie files. Please be aware, however, that disabling strictly necessary cookies may impact the website’s functionality. You can find more detailed information in our Cookie Notice and your browser settings.

Data Sharing with Third Parties

We do not sell or rent your personal data to third parties. However, to ensure the operation of our business and provision of services, we may need to share data with trusted partners who comply with confidentiality requirements. Such third parties may include:

  • Outsourced Service Providers: We cooperate with reliable companies and specialists who assist us in providing services. These include, for example, hosting providers and data centers (for hosting our website and databases), payment processing services (for handling transactions), analytics platforms (for traffic monitoring), and customer support services. In these cases, we only provide partners with the minimum necessary amount of data and require strict adherence to confidentiality and data protection measures under data processing agreements.
  • Compliance with Legal Requirements: We may disclose your information to governmental authorities, regulators, or other authorized entities when legally required. For example, data disclosure may be necessary to comply with a court order, during the investigation of illegal activities, or to protect our legitimate rights and interests. In each case, we carefully assess the legality of the request and disclose only the information required by law.

Apart from the above-mentioned cases, your data may be disclosed during corporate restructuring. If our company decides to merge with another entity, sell the business, or otherwise reorganize, users’ personal data may be transferred to new successors. In such circumstances, we will ensure the data recipient undertakes the same confidentiality obligations outlined in this policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized disclosure, unlawful access, destruction, or alteration. Specifically, we utilize encryption methods, firewalls, intrusion detection systems, and control physical and logical access to servers. Within our organization, we enforce information security policies that limit employee access to personal data and provide regular staff training. These measures are intended to ensure the confidentiality, integrity, and availability of your data, as required by GDPR principles. Although no method of Internet transmission or electronic storage is 100% secure, we continually update and test our security systems to minimize risks.

International Data Transfers

Currently, all personal data are stored and processed within the European Economic Area (EEA), primarily on servers located in Estonia or other EU countries. We do not transfer your data to countries outside the EEA unless explicitly required for providing services (e.g., if you are located outside the EU and request us to contact a local partner).

Should the need arise in the future to transfer your data outside the EEA, we will ensure compliance with all legally prescribed safeguards for such international transfers. Specifically, this means data will be transferred only to countries recognized by a European Commission decision as providing adequate protection, or based on Standard Contractual Clauses (SCC) or other authorized mechanisms. Thus, the confidentiality of your data will be maintained even if processed outside the European Union.

Children’s Privacy

We recognize the importance of protecting children’s personal data. Our website and services are not intended for individuals under the age of 18, and we do not knowingly collect data from children without appropriate consent from their parents or legal guardians. If we become aware that we have inadvertently received personal data from a minor under 18 years old, we will promptly take steps to delete such information from our servers. Parents who discover that their child may have provided us with personal data are encouraged to contact us so we can swiftly remove the relevant information.

Your Rights

In accordance with the GDPR and other applicable regulations, you, as a data subject, have extensive rights concerning your personal data. We respect these rights and strive to facilitate their exercise. You have the right to:

  • Access your data: request confirmation that your personal data is being processed, as well as obtain a copy of the data we hold about you. This enables you to know exactly what information is processed and verify the lawfulness of its processing.
  • Rectify your data: request correction of inaccurate or outdated personal data concerning you. We will promptly make the necessary adjustments to ensure the accuracy and currency of your information.
  • Erase your data: in certain circumstances, request the deletion of your personal data (“right to be forgotten”). For example, you can request deletion if the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and we have no other lawful grounds for processing. Please note that this right is not absolute—there are exceptions (for example, we cannot delete data that we are legally required to retain).
  • Restrict processing: in specific situations, request temporary restriction of the processing of your data (for example, while disputing the accuracy of the data or objecting to processing). During the restriction period, we will merely store your data, pausing active operations involving it.
  • Object to processing: you have the right to object to processing your data if such processing is based on our legitimate interests or carried out for direct marketing purposes. In certain cases prescribed by law, we must stop such processing upon your request. In particular, you can always unsubscribe from mailings and object to profiling for marketing purposes.
  • Data portability: obtain personal data you have provided to us in a structured, commonly used format (e.g., CSV) and/or request its transfer directly to another provider, if technically feasible. This right applies when processing is based on your consent or a contract with you and is carried out by automated means.
  • Withdraw consent: if any data processing relies on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before your withdrawal, but we will cease such processing going forward. For instance, you can unsubscribe from marketing newsletters you previously agreed to receive at any time.

In addition to the above, you have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated or your data has been processed unlawfully. The supervisory authority in Estonia is the Data Protection Inspectorate (Andmekaitse Inspektsioon). You may contact this authority or another relevant supervisory organization at your place of residence. While we hope to resolve any concerns directly, we must inform you of your right to lodge a complaint with government authorities.

To exercise your rights, you can contact us using any convenient method indicated in the “Contacts” section. We will handle your request free of charge and provide a response without undue delay, in any event within one month of receiving your request, as required by GDPR. If an extension is necessary or your request is denied (based on legitimate grounds), we will inform you within the prescribed timeframe, clearly stating the reasons for such a decision.

Links to Third-Party Websites

Our website may contain links to external websites or services that are not controlled by our company. This Privacy Policy does not extend to such third-party resources. We are not responsible for the content or privacy practices of external websites. We recommend reviewing the privacy policies of each external resource before providing any personal data on such sites.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. In practice, this means your data will be retained for the entire period you use our services, and further, if necessary—for example, until the expiration of statutory limitation periods or legally prescribed retention periods. Upon expiration of the relevant period, the data will either be securely deleted or anonymized to prevent further identification of you. We regularly review the volume and retention periods of data, adhering to the principle of storing data no longer than necessary, and promptly delete outdated information.

Policy Updates

We reserve the right to periodically update this Privacy Policy to reflect changes in our business practices, legislation, or the emergence of new technologies. When an updated version of the policy is released, we publish it on this page, indicating the date of the latest revision.

The new policy version becomes effective immediately upon publication. We recommend regularly checking this section to remain informed about the current version of the policy. In the event of significant changes, we may additionally notify you by other means (such as email or notifications on the website).

Contact Information

If you have questions, comments, or requests related to the processing of your personal data on our website, please contact us:

  • Company: Eesti Firma OÜ
  • Address: Vesivärava 50, 10152 Tallinn, Estonia
  • Data Protection Officer (DPO): Ilja Nikiforov
  • Email: info@eestifirma.ee
  • Phone: +372 641 7777

We value the trust of our customers and visitors, and therefore strive to respond promptly and thoroughly. Upon contacting us, you will receive a response to your inquiry no later than one month from the date of the request, as required by applicable laws. We welcome your questions and are always ready to provide additional information regarding your personal data and the measures taken to protect it. Your right to privacy and data security is our highest priority.

 

en ENG
CONTACT US

    Method of communication:

    Required field

    Thank you!

    Your enquiry was successfully received!
    Our consultants will contact you shortly!