Personal Data Protection Act
When you use our services you entrust your personal data to us. We are very serious about data privacy and we collect the data only to send relevant information that promotes entrepreneurship to the company you are representing and only to the extent that is necessary for using our services. We process personal data in line with the EU General Data Protection Regulation (GDPR, EU 2016/679) and laws of the Republic of Estonia. The Estonian Chamber of Commerce and Industry does not process sensitive personal data defined in the GDPR.
Our data protection terms and conditions explain who and why we collect and process personal data.
What types of personal data do we collect?
In order to provide our services, we collect data in two ways:
Data that you submit to us
For example, if you subscribe to the Chambers services or would like to obtain information, you may submit data such as name, company, title and e-mail address.
Data that we obtain from you while using the services
Depending on the use of the services, we collect the following data: time of submission of registration or application, IP address, cookie information.
Why do we collect and process personal data?
Processing personal data related to your company is necessary for providing our services. Without processing personal data, we cannot broker the required service to you and fulfil related duties. In order to use our service, we need your consent for processing the personal data for the abovementioned purposes. We use data collected from all services in order to offer, manage, protect and improve our services as well as develop new services.
Before using the data for purposes other than those described in our data protection terms and conditions, we will ask for your explicit consent for it.
Who do we disclose the data to?
We treat the processed personal data as confidential and send such data to other persons or companies (or recipients) only to the extent that is necessary for rendering a service.
We do not share the personal data with companies, organisations or persons outside our organisation, except in the following cases:
- Partner search where companies that are members of the Estonian Chamber of Commerce and Industry are reflected with only public and limited data.
- Without the permission of a person, their personal data may be disclosed to an institution or a person who has the legal right for in line with the legal acts concerning data protection.
- In case of merger or acquisition related to the Estonian Chamber of Commerce and Industry, personal data may be sent to third persons who are related to the merger or acquisition.
- If we use external service partners who provide services to us. For example, providers of the website service or hosting, providers of marketing services and providers of IT services. Upon providing such services, external service providers may have access to your personal data and/or they may process the data. We insist that these service providers apply security measures that ensure inviolability and safety of your personal data.
- If you have given your explicit consent for disclosing the personal data to a specific recipient.
Sending personal data outside the EU
We treat the processed personal data as confidential and we send them to other persons or companies (i.e. recipients) only to the extent that is necessary for providing a service.
As a rule, we process the customer data within the European Union/ European Economic Area. The Estonian Chamber of Commerce and Industry may send or process personal data outside the European Union/ European Economic Area should there be a legal basis for it, e.g. in order to perform a legal obligation, or the client’s consent, and relevant protective measures are applied: there is an agreement containing standard conditions in compliance with the General Data Protection Regulation, approved action guidelines, certifications etc.; in a country where the recipient is located has, according to the decision of the European Commission, a sufficient level of data protection; the recipient is certified based on the Privacy Shield data protection framework.
We are dedicated to protecting your data against unauthorised access or unauthorised changing, disclosing or tampering.
To ensure data security, we do the following:
- Consider all personal data confidential.
- Encrypt services wherever possible, by using SSL.
- We keep personal data mainly digitally and not on paper to ensure safer access control.
- The storage of personal data is protected with the necessary IT technical and organisational protective measures.
Although we apply strict security rules for the personal data that have been received in our environment, we must point out that the internet is never completely safe and we cannot guarantee safe forwarding of your data to us. Safety of sending data is always your own risk.
Your rights and how to use them
If you have published a consent for certain collection, processing and using of your personal data, you may withdraw the consent at any time in the future.
In line with the applicable legal acts concerning data protection, you have the right:
- to request access to your personal data.
- to request correction of your personal data.
- to request deletion of your personal data.
- to request limiting the processing of your personal data.
- to request transfer of your personal data.
- to request withdrawal of your personal data processing consent.
- to contest automated decision-making (including profiling).
- to file a complaint to the data protection supervisory authority.
The application must enable clear establishing of your identity. You have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the legality of the processing that took place on the basis of the consent before the withdrawal.
The respective applications must be submitted (including withdrawal of the consent) to the Estonian Chamber of Commerce and industry by the e-mail address koda [a] koda.ee.
Please consider that you can request deletion of your personal data, establishing a limit to the processing etc. only if it is in line with the legal basis and legal acts concerning data protection.
If you are applying for a limitation or suspension of processing of your personal data or deletion of the data, it may stop the services rendered to you either partially or fully.
In case of complaints, you have the right to submit the complaint to the competent data protection authority. We cooperate with the respective regulation authorities, including local data protection authorities in order to settle complaints related to disclosing personal data.
How long do we store your personal data?
Your personal data is stored as long as it is necessary for providing the desired services to you. If personal data have not been used during 7 consecutive years, we will delete your personal data or make your personal data anonymous, except if the mandatory obligations for data storage apply.
We may have a legal obligation to store some of your personal data for 10 years. That is after the end of using the services provided by us, if your personal data is required for complying with other applicable laws or if we need your personal data in order to protect, create and perform legal obligations only on the need to know basis.
Data collected without personalisation are stored without a term.
Data protection conditions and amendments
When you use the services of the Estonian Chamber of Commerce and Industry, you confirm that you have read these principles and conditions and agree to them.
Our data protection terms and conditions may change at times. We will not decrease your rights arising from our data protection conditions without your explicit consent. We will post a notice on any changes in the data protection conditions on this page and in case of major changes we will send a more elaborate notice.
Like most websites, we use the text files that are called cookies and the aim of which is to help us develop our service.
What are cookies
A cookie is a small text file that your web browser saves in your computer and that allows the website to remember the user preferences.
Cookies that we use
- Basic cookies are necessary for the functioning of our website. These include cookies that, for example, allow you to send a price query.
- Analysis cookies allow us to recognize and count visitors and see how they move on the site. This helps us to improve the functioning of our website, for example, by helping the users find what they are looking for easier.
- Function cookies allow us to recognize you when you return to our website. With the help of them, we can personalise our content for you and remember your preferences: for example your language or area selection.