Privacy Policy
DATA PROTECTION TERMS OF THE ENTERPRISE AND INNOVATION FOUNDATION
(Updated 28.06.2023)
The Enterprise and Innovation Foundation (with registration code 90006012, hereinafter ``the foundation'' or ``we'') complies with the requirements and principles set forth in legislation and the institution's data protection conditions when processing personal data. Personal data protection and data security are important to us, which is why we inform how, for what purposes and for how long personal data is processed and how we ensure the fulfillment of personal rights. When processing personal data, the foundation acts as a data controller within the meaning of the General Regulation on the Protection of Personal Data (hereafter IKÜM).
The data protection conditions cover all processing of personal data by the foundation, including on all websites [1] . Websites may have some clarifications in terms of data testing or processing of cookies compared to our general conditions, if such a need arises from the purposes of the website.
The foundation processes personal data only if it is necessary for the performance of its tasks, for the purpose of service provision or cooperation. Your personal data helps us understand your needs and offer you the best support and advice. We also need your data in order to improve the quality of our services and the support we offer or to fulfill our obligations arising from the law or legal action.
The following does not concern the processing of data of legal entities and/or their natural person representatives, if the data is processed only in connection with the person's official duties or tasks, as well as the processing of personal data on foreign websites referred to on the foundation's websites (e.g. Study in Estonia, Research in Estonia), for which the foundation is not responsible .
The foundation has the right to change the data protection conditions mentioned below at any time.
If you have questions, concerns or complaints related to personal data, contact our data protection specialist andmekaitse@eas.ee . If you have any questions about the personal data processed by the e-residents program team, you can also contact the e-residency program at e-resident@gov.ee .
Concepts
- A data subject is a natural person whose personal data is processed (e.g. customer, grant applicant, website user).
- Personal data is any information about an identifiable or identified natural person (data subject) (e.g. name, personal identification number, email address, etc.).
- Processing of personal data is any operation performed with personal data (e.g. changing, viewing, storing, deleting).
[1] eas.ee, eas.ee/ettevotluseauhind, investinestonia.com, workinestonia.com, e-estonia.com, booking.e-estonia.com , digiexpo.e-estonia.com, brand.estonia.ee, estonia.ee, toolbox.estonia.ee, game.estonia.ee, tradewithestonia.com, events.estonia. ee, my.estonia.ee, ajujaht.ee, visitestonia.com, puhkaeestis.ee, e-resident.gov.ee, learn.e-resident.gov.ee, company .e-resident.gov.ee, visiidit.ee, careerhunt.eu, kredex.ee, startupestonia.ee, ekredex.ee, covid19.kredex.ee.
Legal basis for personal data processing
We process personal data only for the purpose that is necessary for the performance of the foundation's own statutory tasks or tasks assigned to us in the public interest, to fulfill our legal and contractual obligations, to provide the service, and on a clear legal basis. or The personal data we process helps us understand your needs and provide you with the best support and advice. The data is necessary to improve the quality of the services offered and the processing of support requests. Also, in order to fulfill the obligations arising from the law as well as from the legal act.
Depending on the purposes of data processing, the following legal bases for personal data processing are given in the IKÜM:
- The foundation processes personal data for the preparation, execution and monitoring of contracts concluded with the participation of the data subject (including loan, guarantee, consultancy, cooperation, procurement and other contracts) (IKÜM art. 6 paragraph 1 b)). In certain situations, the processing of personal data may also be necessary for the purpose of preparing and defending a legal claim based on a contract
- To fulfill legal obligations arising from the law or other legislation for the purposes and to the extent stipulated in the relevant legislation, for example the employment contract law, tax laws, the law on prevention of money laundering and terrorist financing, the law on auditor activities or the accounting law (IKÜM art. 6 paragraph 1 c)).
- We process personal data for the performance of a task in the public interest assigned to the foundation by a legal act or an administrative contract (IKÜM art. 6 paragraph 1 e)).
- The foundation can rely on a legitimate interest in the processing of personal data if it takes place outside the immediate performance of a public task, e.g. for the purpose of information security. Based on a legitimate interest in the processing of personal data, we process personal data only if the interests or fundamental rights of the data subject do not outweigh the interest of data processing and if there is no other basis for processing personal data (IKÜM art. 6 paragraph 1 f)).
- We rarely process personal data with the data subject's consent (for example, to send a newsletter, for direct marketing purposes, to participate in campaigns, to use photo and video material). The data subject gives consent to the processing of personal data for the notified purposes voluntarily, knowingly, unequivocally and specifically with regard to the specified data - for example, by marking the appropriate box on the relevant form (IKÜM art. 6 paragraph 1 a)).
Personal data is processed only to the extent necessary for the realization of the goals set when the data was collected and is stored for a specified period of time. They are then deleted or destroyed.
We process personal data only in non-personalized form in order to make statistics illustrating the foundation's activities. We publish statistics and summaries impersonally. From the collected information, we can make generalizations in a non-personalized form and share them with our cooperation partners. In compliance with the restrictions set forth in the Public Information Act, we may also share the data collected during the performance of a public task with the person giving the relevant task.
If the term of data storage is determined by legislation, we proceed from the term stated in the legislation. For example, documents obtained during the processing of support, including personal data, are stored until the deadline specified in the legislation applicable to the corresponding support measure. In other cases, the principles apply that we keep correspondence for 5 years, materials related to contracts for 10 years from the end of the contract, and accounting documents for 7 years. Documents that have exceeded the deadline are generally subject to destruction unless the legislation provides otherwise. For example, according to the Archives Act, the foundation must hand over to the National Archives the documents and their series deemed to be of archival value after the retention period has passed.
We only collect and process such personal data, the need of which we have clearly defined for ourselves in advance. For example, we collect, process and use contact data about the data subject in order to contact the data subject if necessary. The reasons why and which personal data we process are primarily the following:
- Authentication, i.e. verification and identification of identity - access to e-channels enabling the use of the foundation's services is possible only with user identification, for which we need your name and personal identification code. If you use the information systems created and/or managed by us as a representative of a third party, we will also ask for the data of the person being represented and the basis of the right of representation (power of attorney, position, etc.). during user registration and use to identify identity and keep records of who and with what rights user accounts have been created, including access to the KredEx e-service environment or the Visit Estonia web environment; but also for providing loans, guarantees, risk and private capital investments, enabling grants and implementing the activities of the Startup Estonia and E-Residency program.
- In the process of applying for or using grants or services, we process data that is stipulated by the legislation related to the relevant grant measure or the internal work order supporting the proper execution of the public interest task assigned to the foundation. Depending on the support scheme, the processed data may be in the applicant's project team member's CV, employment agreement, etc. The processing of personal data within the framework of the processing of applications is carried out on the basis of the law. In order to receive support, the applicant is obliged to provide the requested personal data. If the data is not provided, we will not be able to provide support.
- In order to obtain guarantees and subsidies, it is necessary for the data subject to fill in the corresponding forms in advance, the data set in which is used to decide on guarantees and subsidies . The data published by the data subject through the forms is strictly limited to what is necessary to provide the corresponding service. For example, when assigning a home allowance to families with children, the foundation processes the personal data of both the applicants for the allowance and the applicants' children: name, social security number, e-mail address, residential address, and data on income, custody and property.
- Personal data is processed in a situation where it is necessary to assess whether the data subject meets the conditions for receiving a housing loan and guarantee, or whether the additional security provided by the data subject for the business loan is acceptable. The foundation has signed cooperation agreements with several banks and issued authorizations for concluding guarantee agreements. As a result, the bank, not the foundation, assesses the creditworthiness of the data subject according to the provided data, and also specifies the existence and size of the data subject's self-financing and calculates the guarantee amount. In case of a positive loan decision and meeting the guarantee conditions, the bank concludes both a loan and a guarantee agreement with the data subject.
- When visiting the E-Eesti Presentation Center, we need your personal data to book the visit and find out your needs, as well as to register your presence in the presentation center premises. The processing of personal data is necessary for security reasons in order to visit the premises of the presentation center. Information about the E-Estonian Presentation Center can be found here .
- When using the services of Work in Estonia, including the International House, we need your data to offer various services and to find out your needs. Depending on your interests in various services, it may be necessary to share your personal data with a specific partner who performs the corresponding consultation service.
- In the activities of the e-Residency program, we process personal data that is necessary to ensure the service offered to e-residents and its better quality and, if necessary, to provide input to the legislator for drafting or amending legislation on e-Residency. Information on applying for e-Residency can be found here . If you have any questions regarding the personal data processed by the e-resident program team, please contact the e-Residency program at e-resident@gov.ee .
- In public procurement, we process personal data to the extent that it is necessary for conducting the public procurement and concluding the public procurement contract. Depending on the procurement procedure, the submission of CVs of the members of the tenderers' team may be required as part of the procurement procedure. In the procurement procedure, personal data is processed for the purpose of preparing the procurement contract. If it is necessary due to the nature of the service, we will conclude a data processing agreement with the successful bidder within the meaning of Article 28 of the General Regulation on the Protection of Personal Data, so that the security of personal data processing is guaranteed during the performance of the procurement contract.
- We process data during the performance of the contract, for example, to calculate the fees related to the contract, for payments, to transmit information and in other cases when it is necessary for the conclusion and performance of the contract (including transferring data to authorized processors).
- We process personal data in order to verify, exercise, assign and defend legal claims based on the performance of a contract or the implementation of pre-contractual measures initiated at your request; as well as in fulfilling a legal obligation or protecting a legitimate interest to prevent, limit and investigate misuse or illegal use of services and grants or disruptions in their functioning, including to ensure the quality of services and grants and the operation of the foundation's security systems. When conducting in-house training, we use the collected data in a non-personalized form.
- We ask for your consent to process contact data if we want to send relevant news about the foundation's services, invitations to events organized by the foundation, and other information related to the foundation's activities to customers and the target group of services provided in the public interest, as well as other persons who are interested in direct marketing communications. If you have agreed to receive e-mail newsletters and notifications, the foundation also collects statistics, such as whether you opened the e-mail, which links were clicked on, which devices you used for it (what are their technical characteristics).
- We use your e-mail address to send feedback or satisfaction surveys; for the transmission of an invitation to a press trip, business trip or foreign visit, etc. event, or when informing about this event, provided that you have authorized their transmission or if its transmission is provided for by a legal act; when responding to requests for information or clarifications sent by you, or when responding to investment inquiries. We use the data collected during questionnaires and market research to improve the quality of our support, services or e-environments.
- The foundation is not obliged to keep a document register according to § 11 (1) of the Public Information Act (hereinafter AvTS), therefore we do not keep a public document register and do not display relevant data (including personal data of natural persons) publicly. In order to view the materials, an information request must be submitted. Our activity in terms of information, which concerns the use of funds provided for the performance of state or other public tasks or as support, is public in accordance with AvTS § 5 (2) and in some cases personal data - in particular the name and the fact of the application (in certain cases also its content) - may become known to third parties .
If you want to get acquainted with a document or correspondence and make a request for information, upon receiving the request for information, we will check whether the requested document can be released in full or whether it must be released in part. However, documents are issued to third parties in full only in cases prescribed by law or in the presence of a power of attorney. Restricting access depends on the content of the document. Regardless of the access restriction, we will issue the document to an institution or person who has a direct legal right to request it (e.g. investigative body, out-of-court procedure or court).
- Personal image or voice recording, which is collected when you visit events, events, business trips or trade fairs organized by us, to inform the public about the organized events, or if you have given us the corresponding consent to use photos/videos or other material.
- In the promotional games on our websites in which you have participated - as far as it is necessary to determine the winner (e-mail, name, other contacts).
- If you visit our social media accounts (Facebook, Instagram, LinkedIn, Youtube) and want to contact us there. Our pages and post comments are publicly visible to everyone. You can start following our accounts if you make the appropriate choice. If you share posts, like them, we will be notified. We receive visitor statistics in a non-personalized form.
- We process personal data when the data subject applies for a job at the foundation (CV with the information contained in it, other documents required in the job advertisement, recommenders, if necessary, data contained in the business register and criminal record information). The foundation does not keep documents related to the job application for longer than one year after the competition. With the consent of the data subject, we can keep the data of the applicant for the agreed period even after the end of the application process with the perspective of making a job offer in the future. In addition to our employees, you can involve cooperation partners from outside the institution in the assessment of suitability.
- The foundation processes personal data (name, e-mail, other contact details) also in situations where the data subject addresses the foundation with clarifying questions, requests or requests. If the corresponding communication takes place by e-mail, the foundation may also collect statistical data related to this communication, for example, about which service, which questions arise, etc. In order to respond to inquiries, the prior processing of personal data is necessary to ensure the security and reliability of the services, to distinguish inquiries submitted by web robots from inquiries prepared by people, and to enable consultants to provide you with the most appropriate answers and prepare the most appropriate value propositions when offering a personalized e-consultation service. We may also use the correspondence with the data subject internally to evaluate the quality of our work.
- We only record customer phone calls when you call the general customer service number. The customer will be notified directly of the recording of the call. We use call recordings only for the sake of improving customer service, and the recordings are deleted after a year at the latest.
- We process the IP addresses of users of information systems and websites for the purpose of ensuring the security of the information system and website and compliance with the terms of use of the service. We use logs to ensure the security of information systems or web pages and the data contained therein and to ensure that data is processed only by authorized persons.
- We use cookies when you visit our website . We collect and process data about the data subject's usage preferences in order to improve the design, ease of use, etc. of our web pages. In the online environment, we use so-called cookies, which make it possible to make the work of the website more efficient and thereby provide the best experience when browsing the website. We also use cookies to monitor website usage statistics and actions performed on the website, but each customer's movement on the website is not monitored individually. The received information is used to improve the usability and content of the website. More information about the use of cookies on our website. More details below.
A cookie is a small text file that is stored on your computer, smartphone or other device with which you visit our website when you visit the website. This may include information we need to ensure the technical functioning of our website, improve user experience by remembering user settings, perform statistical analysis and personalize marketing preferences.
Cookie options can always be changed through cookie preferences or web browser settings. You can delete previously installed cookies from your device either by changing your web browser settings or by manually deleting cookies.
- Cookies used on our website are divided into three categories according to their duration: temporary, limited-time and permanent cookies.
- Temporary or session cookies are added only during the current session and are deleted when the web browser or its tab is closed.
- Limited-time cookies have a
- Persistent cookies do not have an expiration date
- According to the purpose, four categories of cookies are distinguished:
- Necessary cookies ensureIt is not possible to give them up;
- Functional cookies allowThese cookies collect information about browsing language, font size, contrast, etc.;
- Through statistical cookies, we canAs a result of the analysis, we can improve the user experience;
- The purpose of marketing cookies is to display relevant advertisements to the visitor on the Internet.
- If you do not want cookies to be used on your devices, you can change the security settings of your web browser. From there, you can change the settings for notification of the storage of cookies or block all cookies. You can also delete all cookies stored on your device. If you delete cookies from your web browser, our website will treat you as a new visitor on your next visit. However, if all cookies are blocked, some functionalities of the website may not work.
- Over time, we may update and adjust cookies to improve service quality. Please note that different of our websites (e.g. e-estonia.ee, visitestonia.ee, etc.) may have special terms and conditions regarding the processing of cookies due to the nature and purpose of the website, which means that the cookies used on the websites may differ depending on the purpose of the page, because on all websites not all of the above cookies are always used. More detailed information about the cookies used on each website can be found on the corresponding website.
- We use cookies with the following names, which have the following tasks and retention periods:
Website | |
www.e-resident.gov.ee | www.eas.ee |
_with - Google Analytics. Used to distinguish you from others. Validity 2 years. | __utma Fri Nov 20 2020 - By Google Analytics. Saves how many times you visit the page and when was the first visit and when was the last. |
_gat - Google Analytics. Used to distinguish you from others. Validity 1 minute. | __utmb Wed Nov 21 2018 - Google Analytics. In cooperation with utmc, how long you were on the website is calculated. Makes a time stamp from the moment you come to the page. Expires when visitor leaves. |
_gid - Google Analytics. Used to distinguish you from others. Validity 24 hours. | __utmc Thu Nov 21 2019 (session) - Google Analytics. Makes a time stamp from the moment you leave the page. Expires 30 minutes after leaving the page. |
Intercom-id-ekfqllju - Used to identify your web browser and to remember conversations initiated via Intercom. Validity 9 months. | __utmz Wed May 22 2019 - Google Analytics. Makes it clear which channel you used to get to the website, which link you used, which keyword you used and which part of the world you visited the page from. Expires after 6 months. |
pll_language - Remembers the language you selected and displays the same language the next time you visit. Validity 1 year. | __utmt - Used to limit demand. |
plumbr_user_tracker - Counts how many times the page was visited from some devices. Even if the page was visited by the same person, but with three different devices, it is still counted as three different persons. Validity 10 years. | _gs Thu Nov 21 2019 (HostOnly, session) - Getsitecontrol. This will determine your web browser, operating system, IP address and the page you are currently on . |
wp-settings-{UID} - Cookie added by WordPress. Valid for 1 year. UID - Represents the user ID that comes from the user database table. Valid for logged in users only. | _gu Thu Nov 21 2019 (hostonly) - Getsitecontrol. Used to distinguish you from others. |
wp-settings-time-{UID} - Cookie added by WordPress. Valid for 1 year. UID - Represents the user ID that comes from the user database table. Valid for logged in users only. | _gw Thu Nov 21 2019 (hostonly) - Getsitecontrol. Saves apps that have been shown to you before. |
_icl_current_language (hostonly) – saves your selected language. Valid for one day. | |
catAccCookies - Indicates whether you have agreed to the saving of page cookies or not. Valid for 30 days. | |
wp-settings-{UID} - Cookie added by WordPress. Valid for 1 year. UID - Represents the user ID that comes from the user database table. Valid for logged in users only. | |
wp-settings-time-{UID}- Cookie added by WordPress. Valid for 1 year. UID - Represents the user ID that comes from the user database table. Valid for logged in users only. |
Respecting the rights of the data subject is important to the foundation and therefore we pay special attention to it. At the request of the data subject, the foundation may provide information about a specific data subject electronically, in writing or orally, taking into account that the identity of the data subject is clear and proven.
This means that if there is any doubt while dealing with your request, the foundation may ask you to provide additional information to identify the data subject. We do this to be sure of the identity of the data subject and to ensure that we are providing the right information to the right person.
The right to receive information about the scope and use of personal data
- You have the right to access your personal data and to receive information about what data the foundation processes about you. This allows you to be informed and check, if necessary, which personal data and how the foundation processes them related to you. You can also contact the foundation and ask for the purpose for which we process your personal data, if it remains unclear to you or if you have additional questions for us. We will try to answer your questions as soon as possible, but we will try to do so within at least one month. In case of more complex requests, it may be necessary to extend the time required to respond to the data subject's requests and requests by an additional two months. In this case, we will contact you to extend the response period and explain the reasons for the extension.
Copies
- If it is necessary and justified, the foundation will generally provide you with a free copy of the documents related to you upon request. We issue data and documents upon submission of a request, either on paper or electronically. The foundation may refuse to disclose the data in the copy or to provide a copy if it disproportionately affects the rights and freedoms of other persons, and it is not possible to take less strict measures. We issue data and documents when submitting a request for information or a request for clarification, which is answered by AvTS, or within the deadline provided by law for responding to a memo and request for clarification and submitting a collective appeal. If you want them to be issued in paper form, according to § 25 (2) of the AvTS, we can charge a fee for each issued page from the 21st page. Data and material are transmitted electronically encrypted.
Right to rectification of personal data
- All data subjects who notice that their personal data are not up-to-date, are incorrect or need to be corrected can contact the foundation for data correction or correction. You can also ask to complete your incomplete personal data. We guarantee that personal data will be corrected as soon as possible in case of justified and legitimate requests.
The right to the transfer of personal data
- If it is justified in the relevant case and it does not harm the rights and freedoms of other persons, the data subject has the right to receive the personal data concerning him, which he has submitted to the controller, in a structured, commonly used format and in a machine-readable form, and the right to transmit this data to another controller of personal data, if a specific processing of personal data is based on consent or contract and is processed automatically.
The right to erasure of personal data
- This right allows data subjects to request the erasure of their personal data if the personal data are no longer necessary or appropriate in relation to the purposes for which they were collected or processed. The right to erasure is not an absolute right and therefore your request to delete personal data may not mean that all your personal data will be deleted upon receipt of the request. Sometimes we have a legal obligation to retain data and in such cases we may not be able to comply with your request. The same may occur if we may retain the relevant data for the exercise or defense of legal claims.
Right to restriction of processing
- In justified cases, the Foundation may, at your request, limit the processing of personal data to checking the accuracy of personal data or until you dispute the accuracy of your personal data. The data subject has the right to request the restriction of personal data processing, for example while the foundation evaluates the application of the request to delete personal data.
Right to withdraw consent
- If the processing of personal data is based on consent, you have the right to contact the foundation at any time and withdraw your consent to the processing of personal data. Withdrawal of consent does not have retroactive effect and does not retroactively affect the legality of personal data processing that has already taken place during the valid consent.
The right to object
- If you find that the foundation's processing of personal data violates your right to personal data protection or other rights and freedoms, you have the right to object to the processing of personal data.
The right to file a complaint with the data protection supervisory authority
- All data subjects have the right to file a complaint with the national data protection supervisor if the data subject finds that the processing of personal data related to him/her does not comply with the provisions of data protection laws and general data protection rules. In Estonia, the national supervisory authority is the Data Protection Inspectorate.
In order to provide you with an excellent experience and to provide an overview of all that we offer, it may be necessary to share your personal data with authorized processors and co-responsible or other independently responsible processors. For example, when adding a foundation guarantee to a housing loan from a credit institution, we need similar data to the lender, which we both process as responsible processors. We will share your personal data with third parties if such an obligation arises from the law or an international agreement.
- Due to the financing rules related to structural grants of the European Union, we send the relevant data presented in the employment contracts and their appendices to the Ministry of Finance;
- In relation to work, accidents at work and occupational diseases, we transfer personal data to the Health Insurance Fund, the Labor Inspectorate, the Tax Board, the Social Insurance Board or the Unemployment Insurance Fund in accordance with the scope specified in the legislation;
- We transmit data to county development centers, Tourist Information Centers and Visitor Centers to fulfill the obligations arising from the administrative contract;
- We transfer personal data to the e-environment of structural grants, as provided for by the legislation underlying the grant measure;
- We transfer the data necessary to initiate the enforcement procedure to the enforcement procedure information system. We submit personal data to courts and other law enforcement authorities in cases prescribed by legislation and if necessary to protect our own legal interests;
- In the state procurement register, we transfer personal data if it is necessary to add bidders (including the bidder's representative or natural person bidder) to the procurement procedure.
- We transfer personal data to the business register or land register, if it is necessary in matters related to legal claims;
- We share personal data with third parties and authorized processors if it is necessary, for example, for the development of information systems, for cooperation partners to provide you with a higher quality service, or if you have given us your consent to transfer data;
- We also transfer personal data to authorized processors to fulfill contractual obligations;
- We provide auditors, accounting service providers, legal and financial consultants with data that is necessary for the provision of the respective service.
The foundation keeps personal data strictly confidential and protects personal data from unlawfully falling into the hands of third parties by implementing effective IT security measures and organizational and technical measures.
If a violation related to personal data occurs in the foundation and it represents a probable threat to the rights and freedoms of the data subject, we will notify the Data Protection Inspectorate of such a violation. Additionally, we will take measures to stop the breach as soon as possible.
If, as a result of the violation, the rights and freedoms of the data subject are likely to be at risk, we will inform the data subject. The purpose of the notification is to enable the data subject to take the necessary precautions to mitigate the potential risks arising from the situation.
Taking into account potential changes in legislation, data protection law and developments in technology ensuring a high level of personal data protection, the foundation reserves the right to make changes to the data protection conditions. Therefore, the data protection conditions are reviewed regularly and changes are made if necessary.