Personal data processing
GENERAL CONDITIONS FOR DATA PROCESSING OF ENTERPRISE ESTONIA
The protection of personal data integrity is our top priority. We want to ensure that you are aware of which personal data we collect and why, how we use the data, and what your choices and options are.
In order to provide you with application or service experience, which corresponds to your needs, it is necessary for Enterprise Estonia to process your personal information. Your personal information helps us to understand your needs and provide you with the best support and advice. At the same time, we need your information in order to improve the quality of our services and supports, or to comply with any obligations arising from law or legal action.
In order to provide our customers with excellent experience and give an overview of everything Enterprise Estonia offers, it is required to also share your personal data with data processors who are listed here (link that opens the register of data processors).
The principles for using data apply to Enterprise Estonia and any person who uses the services or supports or e-environments of Enterprise Estonia.
The conditions for data processing are valid on all websites of Enterprise Estonia, including: eas.ee, eas.ee/ettevotluseauhind, investinestonia.com, workinestonia.com, e-estonia.com, brand.estonia.ee, estonia.ee, toolbox.estonia.ee, game.estonia.ee, eitk.ee, intellekutaalomand.ee, eas.ee/kosmos, tradewithestonia.com, events.estonia.ee, my.estonia.ee, estoniarussia.eu, ajujaht.ee, visitestonia.com, puhkaeestis.ee, and until 1 September 2018 estlatrus.eu, estlat.eu and centralbaltic.eu. After 1 September 2018, the body responsible for the management of websites estlatrus.eu, estlat.eu and centralbaltic.eu will be the State Shared Service Centre.
The following does not apply to the storage of data of legal persons and the processing of personal data on foreign websites referred to on the websites of Enterprise Estonia, for the management of which Enterprise Estonia is not liable.
If you have any questions, concerns or complaints with regard to personal data, please feel free to contact us by sending an email to email@example.com.
- Your information is securely stored in Enterprise Estonia
1.1. Enterprise Estonia is committed to protecting your personal data. We consistently take appropriate technical and organisational measures to protect data against unauthorised access and to keep personal data secure. These measures include the protection of employees, information, IT infrastructure, the company’s internal and public networks, as well as office buildings and technical equipment.
1.2. The employees of Enterprise Estonia are subject to the rules on the confidentiality and protection of data. Data processors authorised by Enterprise Estonia are obligated to ensure the compliance with the same rules with regard to their employees.
1.3. However, you also need to use services, grants, and online environment in a secure and careful manner, and ensure that the devices you use for them are secured. You are obligated to keep secret from others any paroles, passwords, user IDs or other identifiers required for your identification related to your device and the online environments of Enterprise Estonia.
1.4. You need to be aware and take into account the fact that Enterprise Estonia cannot ensure the security of data and is not responsible if the data is not protected due to your activities. In this case, you are solely responsible for any possible consequences.
2. What kind of personal data do we collect?
2.1. Personal data includes any information that can be linked to a person. The categories of data that Enterprise Estonia mainly, but not exclusively, collects and processes are the following:
2.1.1. Personal identification data, for example, name, personal identification code, date of birth, information about the identity document (for example, a copy of passport or ID card).
2.1.2. Contact details, for example, address, telephone number, email address, communication language.
2.1.3. Social media profile.
2.1.4. Information about your relations with legal persons, for example, information submitted by you or obtained through public registers or third parties, for the purpose of making transactions on behalf of the corresponding legal person.
2.1.5. Professional details, for example, your data about education or your professional career or professional correspondence.
2.1.6. Data about reliability and due diligence, for example, information about payment behaviour or about any damage caused to Enterprise Estonia or a third party.
2.1.7. Data obtained and/or generated during the performance of the obligation arising from the law, for example, any information arising from the inquiries made by investigating authorities, notaries, tax authority, courts, and bailiffs.
2.1.8. Data about your tax residency, for example, information about the country of residence, taxpayer identification number, citizenship.
2.1.9. Communication data, for example, visual and/or audio recordings, which are collected when you visit any occasions, events, business trips or fairs organised by Enterprise Estonia, or if you communicate with Enterprise Estonia through email, messages and other communication mechanisms, for example, social media, or if you participate in feedback or satisfaction surveys or studies.
2.1.11. Information related to services, for example, compliance or non-compliance with any contracts, performed transactions, submitted applications, inquiries, and complaints.
2.1.12. Information about participation in games and campaigns, for example, prizes won in games and campaigns.
3. Why and when do we collect your personal data?
3.1. The collection of data depends on the used service and specific information required to use such service. The reasons why we collect personal data may include (but not limited to) the following:
3.1.1. Upon subscribing to a newsletter, your email address, name, and a list of newsletters you have subscribed to. All this to send you precisely the newsletters you are interested in. Enterprise Estonia sends newsletters with your consent. An overview of newsletters and information about subscription options can be found here.
3.1.2. On social media, your profile, provided that you have liked the Facebook page of Enterprise Estonia. All this to provide you with news about the activities of Enterprise Estonia through your newsfeed. Enterprise Estonia also processes your social media profile if you use the website of “My Estonia” to generate a Facebook header and profile picture.
3.1.4. If you contact us, including sending us an email (for example, media inquiry, request for information, request for explanation) or call us, requiring us to respond to you. We may publish summaries about inquiries by telephone in non-personalised form. Enterprise Estonia does not record any telephone calls.
3.1.5. Data, which we receive from third parties, such as public registers (for example, land register, tax board or commercial register), if this is required for the performance of contract or ensuring the performance of contract, such processing of data has been prescribed by law or your consent serves as the basis for data processing.
3.1.7. In the process of applying for a grant, any information as provided for in legislation related to the corresponding support measure. Depending on the grant scheme, these may include the CVs of the project team members of the applicants, agreements related to employment contract, etc. Processing of personal data as part of processing the applications takes place within the framework of carrying out a public law function and does not require your consent. Information about the provided grants is available here (reference to a link where you can find grants we provide). Any information that is not provided for in legislation related to the support measure is requested from you based on your consent. Enterprise Estonia uses the received personal data for better, more transparent, and faster processing of grants, as well as for better development of future support measures for statistical purposes and in non-personalised form.
3.1.8. In a situation, where sharing is required by legislation or a legal act.
3.1.9. In public procurements, to the extent that is required for carrying out the public procurement and awarding a public contract (including the registration of attendance at briefing days and the making of audio recordings). Depending on the procurement procedure, it may require the submission of the CVs of the team members of tenderers. In procurement procedure, the processing of personal data takes place for purpose of preparing the procurement contract and does not require your consent. If it is necessary due to the nature of the service, Enterprise Estonia enters into a data processing contract with a successful tenderer within the meaning of Article 28 of the General Data Protection Regulation to ensure that the processing of your personal data would be secure. Information about the public procurements carried out by Enterprise Estonia can be found here.
3.1.10. In other contracts, in any parts where it is required to enter into and perform a contract. More information about the information used upon performing a contract is available in clause 4.
3.1.11. Your email address to send you feedback or satisfaction surveys or invitations to a press trip, a business trip or a foreign visit or other event, and a notification thereof, provided that you have permitted to send these or if the sending of such is provided by law. We may process the data of the survey participants only for statistics in non-personalised form. Enterprise Estonia may also use data collected as part of questionnaires and market surveys to improve the quality of its grants, services or e-environments.
3.1.12. In campaign games taking place on the websites of Enterprise Estonia to announce the winner.
3.1.13. Upon providing services, where it is necessary to map your needs, provide you with better service, create personal user experience, and develop our websites while creating better user experience. For example, we may process your personal data if you visit our websites, register as a visitor of an event, etc. on out websites, place orders, respond to a feedback survey, or if we make an offer to you with regard to our other services on our websites. Upon providing services, we process your personal data with your prior consent. Information about the services provided by Enterprise Estonia can be found here (reference to the page where the provided services can be found).
3.1.14. In marketing activities, which may accompany the marketing of briefing days, events, participation in fairs, visits, foreign visits, trade missions, and other activities of Enterprise Estonia (hereinafter collectively as the “events”), where we register your attendance on a registration sheet or photograph or film you at some of the above-mentioned events. We record the events with the goal of informing you and our other customers about our activities through a newsletter or social media.
3.1.15. With regard to the activities of the e-residency programme, based on the data exchange contract entered into with the Police and Border Guard Board, the latter provides Enterprise Estonia with your name, email address, telephone, personal identification code, sex, citizenship, and the reason for applying for e-residency. All this to enable Enterprise Estonia to ensure the service offered to e-residents, market this among target group, and offer better quality service and, if required, provide the legislator with an input to enable the latter to prepare or amend any legislation on e-residency. Information about applying for e-residency can be found here. For questions about the personal data processed by the team of e-resident programme, please contact the e-residency programme by sending an email to firstname.lastname@example.org.
3.1.16. Upon visiting the e-Estonia Showroom, where we need your personal data to book the visit and ascertain any needs, as well as register your attendance on the premises of the Showroom. Processing of personal data to visit the premises of the Showroom is required for security reasons. With your consent, we will also send you newsletters or feedback inquiries. Information about the e-Estonia Showroom can be found here.
3.1.17. Upon registering for the events organised by Enterprise Estonia, published in the section of events at www.eas.ee.
3.1.18. Upon protecting the legitimate interest of Enterprise Estonia to prevent, restrict, and investigate the misuse of the services and grants of Enterprise Estonia, to ensure their security, to detect unlawful use or any disturbances in their functioning, or to carry out internal training or to ensure the quality of these services and grants.
3.1.19. To prove, perform, divest, and protect legal requirements, which are based on the following: upon performing a contract or implementing the pre-contractual measures at your request or performing legal obligations or the legitimate interest of Enterprise Estonia to perform legal requirements.
3.1.20. To comply with obligations to perform international transactions through credit institutions, based on the following: upon performing a contract or implementing the pre-contractual measures at your request or performing legal obligations.
3.1.21. Upon preserving the assets of Enterprise Estonia if an employee leaves, and such preservation includes the employee’s email address, which is the property of the employer, and using it to solve work-related issues, if necessary. When an employee leaves Enterprise Estonia, the latter closes the email address in way that it is impossible to send letters from there.
3.1.22. Upon registering as a user of the information systems created by Enterprise Estonia and using them (for example, the online environment of “Visit Estonia” for which the conditions of use can be found here, or the register of exporters “Trade with Estonia” for which the conditions for use can be found here).
3.2. The register about the processing of personal data can be found here.
3.3. To maintain and preserve customer relations, Enterprise Estonia is using CRM business software.
3.4. Enterprise Estonia processes your data as little as possible. Your personal data will not be kept longer than necessary for processing. In any registers or on the websites (for example, the Public Procurement Register), the management of which is not the responsibility of Enterprise Estonia, the latter is not responsible for the deadlines for the storage of personal data. The information about retention periods can be found here.
3.5. Enterprise Estonia does not sell, trade or lease your personal data to third persons.
3.6. From the information we collect, we may prepare summaries in non-personalised way and share them with our partners.
3.7. Enterprise Estonia may combine data collected in various ways if such information has been collected for the same purpose.
4. Use of data to perform the contract and ensure the performance of the contract
4.1. Enterprise Estonia may use data based on legislation without your separate consent to perform the contract or to ensure the performance of contract at least in the following cases (including transferring data to data processors):
4.1.1. To identify your or your representative;
4.1.2. To provide you with services or to carry our any activities required for the sales of goods;
4.1.3. To provide you with services and to eliminate any failures;
4.1.4. To provide and develop the online environment, its services and functionalities, as well as high-quality personal user experience to you, and to send you information related to options for use and security of the online environment.;
4.1.5. To calculate service fees related to the contract, to prepare notifications and invoices, and to send them to you;
4.1.6. To send you notifications by post or email, and this does not assume the data to be used for marketing purposes;
4.1.7. To document business and service activities and for business information exchange (including to be submitted to auditors upon auditing Enterprise Estonia);
4.1.8. To provide you with better service, including to measure the quality, performance or customer satisfaction of the online environment and the services, as well as to develop the services and business activities;
4.1.9. To evaluate and prevent potential business risks or losses related to the provision of the service;
4.1.10. To ensure the performance of contract;
4.1.11. To protect any rights of Enterprise Estonia, which have been violated or disputed, and to collect any debts (including to forward information related to contractual violation and/or debts by Enterprise Estonia based on the contract to the persons providing collection service, lawyers, and other persons, who are authorised to process the corresponding data).
4.1.12. To forward your credit status report to the credit information companies authorised by Enterprise Estonia in case of breach of the contract
5. Disclosure and/or transfer of your data to third persons and the geographical region of processing
5.1. Based on law and/or contracts, Enterprise Estonia transfers and discloses your data:
5.1.1. to data processors upon complying with any contractual obligations;
5.1.2. to database administrators;
5.1.3. to a new creditor upon assigning the right of claim;
5.1.4. to law enforcement agencies and courts;
5.1.5. to state authorities and institutions (for example, bailiff, notaries, supervisory agency);
5.1.6. to auditors, legal and financial advisers;
5.1.7. to debt collectors upon assigning the claims, to liquidators, rehabilitators, and trustees in bankruptcy;
5.1.8. to persons who are related to national, European, and international payment systems;
5.1.9. to third persons who protect the rights of Enterprise Estonia if you have violated the contract;
5.1.10. to data processors to process your data as part of direct marketing if you have given the corresponding consent.
5.2. Upon making transactions in a foreign country or with foreign persons, customer data may also become available to the authorities of the corresponding country and data may be processed in accordance with the law of the corresponding country.
5.3. In general, your data is processed within the European Union / European Economic Area (EU/EEA), however, in some cases, these are transferred to and processed in countries outside the EU/EEA.
5.4. Transfer and processing of your data outside of the EU/EEA may take place, provided that there is a legal basis, for example, performance of a legal duty or your consent, and the relevant protection measures are applied. For example, the relevant protection measures are the following:
5.4.1. there is a valid contract, which includes the standard contractual terms and conditions developed by the EU or approved code of conduct, certification, and the like, which complies with the General Data Protection Regulation (GDPR).
5.4.2. in a country outside the EU/EEA, where the recipient is located, it is sufficient level of data protection according to the decision of the European Commission;
5.4.3. the recipient has been certified based on the Privacy Shield Framework (applicable to recipients located in the United States of America).
5.5. In case of an inquiry, you will receive more detailed information about the transfer of your data to the countries located outside the EU/EEA.
6. In case of a breach or change in the principles of the processing of personal data, and forwarding such information.
6.1. If there is a breach related personal data that happens in Enterprise Estonia and it poses a potential threat to your rights and freedoms, we will prepare the corresponding documents required in legislation. We will definitely take measures to immediately end the violation.
6.2. If a violation results in a situation where you are likely to be at high risk with regard to your rights and freedoms, we will also inform you about it. The purpose of the notification is to enable you to take the necessary precautionary measures to mitigate the situation.
6.3. If the use of your personal data is subject to change or any applicable legislation and rules (including the rules of Enterprise Estonia for data processing) are updated, you can read about it from a document in the subheading “Personal data processing” at www.eas.ee.
6.4. Any changes to your data processing principles are communicated by Enterprise Estonia through messages via email or the Facebook page of Enterprise Estonia or the main pages of the websites of Enterprise Estonia.
6.5. If you have any questions, concerns or complaints with regard to personal data, please feel free to contact us by sending an email to email@example.com.
6.6. For questions about the personal data processed by the team of e-resident programme, please contact the e-residency programme by sending an email to firstname.lastname@example.org.
The following explanations do not apply to the storage of data of legal persons and the processing of personal data on foreign websites referred to on the website of Enterprise Estonia (for example, “Study in Estonia”, “Research in Estonia”).
Also, in national registers and information systems, where the management of online environment is not within the competence of Enterprise Estonia, the explanations do not include the purposes, extent, and methods for processing personal data, the conditions for making them public, and the rights and procedure for a person to view the data – the latter has been established in legislation.
- How does a person’s name appear in the online document register? Full name or initials?
1.1. Enterprise Estonia is not obligated to keep a document register according to subsection 11 (1) of the Public Information Act, therefore, Enterprise Estonia does not keep a public document register or display any information there (including the personal data of a natural person). The full name and contact details of a person are visible only in the internal information system.
1.2. Upon contacting Enterprise Estonia, you should take into account that the activities of Enterprise Estonia with regard to information related to the use of resources granted for the performance of public law functions from the budget of the state or local government or given in the form of grant is public according to subsection 5 (2) of the Public Information Act, and in some cases, your personal data – in particular, your name and the fact of inquiry (in some cases, also its content) – may become available to third parties, or your name and the fact of inquiry may be disclosed in the document register of a third party or a data processor.
2. What kind of access restrictions are used for private communication?
2.1. Correspondence with natural persons is subject to access restrictions. In communication with a natural person, we use access restrictions according to the provisions of the Public Information Act.
2.2. If someone wants to see your correspondence and files a request for information, then upon receiving such request, we verify whether the requested document can be fully issued or should be partially issued. Note that documents are fully issued to third parties only in cases provided by law, or if there is an authorisation document. Restricting access depends on the content of the document.
2.3. Despite the access restriction, we will issue a document to an authority or a person who has a direct legal right to ask for it (for example, investigative body, body conducting extra-judicial proceedings or court).
2.4. To raise public awareness, we write news on the website of Enterprise Estonia or social media. When preparing news, we refrain from excessive infringing of the privacy of the relevant persons.
3. Why do we use personal data obtained from correspondence with a natural person? How long do you store correspondence with natural persons?
3.1. We use your personal data to respond to you. If we need to make inquiries from a third party to respond to you, we will only disclose minimum amount of your personal data, or in the amount that is vital.
3.2. If you have sent us a request for explanation or an application for action or a request for information to which the other authority has jurisdiction, we will forward it there. We will definitely also inform you about the transfer.
3.3. Correspondence with you can also be used internally to evaluate the quality of our work and for statistical purposes. We publish the statistics of correspondence and summaries only in non-personalised way.
3.4. Retention periods can be found here (open PDF, where all deadlines are shown in the form of a table).
3.5. All documents that have exceeded the deadline are generally destroyed.
4. Methods of sending a letter: whether simple or registered mail is used; whether encrypted or unencrypted email is used?
4.1. Paper documents, which contain private information and for which we have set an access restriction, are delivered to the addressee by registered mail. We will send documents by email only at the request of and with the consent of the private person.
4.2. We send documents related to private persons to other public authorities through a secure document exchange centre.
4.3. From medical institutions, we receive notifications on occupational accidents and occupational diseases through the website of eesti.ee and the Labour Inspectorate.
4.4. A document that is sent to a private person does not require a restriction on access, as the private person is not a holder of information within the meaning of the Public Information Act. It is up to the person to decide whether or not to disclose information that has been restricted for reasons of privacy protection.
5. What kind of information is forwarded to third persons as part of administrative proceedings?
5.1. We send employment contracts and annexes to the Ministry of Finance due to the financing rules related to structural funds.
5.2. In case of occupational accidents that involve personal data, we will submit a report to the Labour Inspectorate.
5.3. To the regional development centres, tourist information centres, and visitor centres in performing their obligations under the contract under public law.
6. To which registers the agency sends personal data (for example, criminal records database)?
6.1. We forward personal data to the Health Insurance Fund, the Labour Inspectorate, the Tax Board, the Social Insurance Board or the Unemployment Insurance Fund (Töötukassa) with regard to work, occupational accidents and occupational diseases to the extent indicated in legislation.
6.2. In the self-service portal for a state employee if you want an access to the employee.
6.3. In the online environment of structural funds to the extent as it is established in legislation on which the support measure is based.
6.4. In the information system of enforcement proceedings to the extent that is required to initiate enforcement proceedings.
6.5. To the public procurement register to the extent that is required to add tenderers (including the tenderer’s representative or a tenderer who is a natural person) to the procurement procedure.
6.6. In the commercial register or the land register to the extent that is necessary for the establishment of claims secured in rem.
7. What kind of data is collected from the job candidates and how long is such data stored?
7.1. Information about vacancies and internships is available from the CV-Online portal. Recruitment to fill in positions is organised by employees who are responsible for personnel work at Enterprise Estonia.
7.2. Enterprise Estonia reserves the right to cancel the announced competition or change the conditions of the already announced competition. In this case, we will inform the candidates through the contact details submitted to Enterprise Estonia.
7.3. When applying for a job in Enterprise Estonia, the latter is guided by the information submitted by the candidate and public sources. Upon processing the data submitted by the candidate, it is not necessary to obtain a separate consent from the candidate. There is also no need for consent for collecting data on the basis of law or data that has been disclosed by the candidate.
7.4. Enterprise Estonia assumes that it is permitted to contact the persons indicated as referees by the candidate, without an additional permission. We assume that a candidate has given a permission to the referees included in the applications for candidacy to answer any questions concerning them, and the referees have also given their consent that Enterprise Estonia contacts them for information.
7.5. The candidate has the right to know what information we have collected about him or her, to view the data have collected, to provide explanations and objections.
7.6. The candidate documents are only reviewed by the employees who participate in the recruitment process. The documents and data of the candidate are not disclosed to third persons without legal basis.
7.7. In the recruitment process, Enterprise Estonia may organise several rounds – a document round, a written test, and an interview in which the processing of personal data is carried out (for example, evaluation of test).
7.8. If necessary, Enterprise Estonia may involve external experts in the evaluation process of the candidates in addition to the employees of Enterprise Estonia.
7.9. A successful candidate is also required to submit an employee’s questionnaire for additional background check. The details requested in the additional background check form are required to verify the accuracy of such information and for the purpose of assessing the professional suitability and reliability of a candidate. It is required to process the data provided in the employee’s form to prepare an employment contract and take into account the benefits offered to the employee by Enterprise Estonia.
7.10. Data of non-selected candidates is retained until the end of contestation period specified in legislation if a candidate who has not been selected has not given consent to the storage of data for the purpose of making future job offers.
7.11. You have the right to view the data about you that we have collected and provide us with explanations on such data. Your data will not be disclosed to other candidates, and we will not disclose data about other candidates to you.
7.12. Retention periods can be found here (open PDF, where all deadlines are shown in the form of a table).
8. How can you view the information about you? What are your rights?
8.1. With regard to the processing of personal data, you have the following rights:
8.1.1. the right to access the information we have collected about you. We issue data and documents based on a request for information or a request for explanation to which we respond within the deadline established in the Public Information Act or the Response to Memoranda and Requests for Explanations and Submission of Collective Addresses Act. We issue data and documents on request, either on paper or electronically. If you want them to be issued on paper, according to subsection 25 (2) of the Public Information Act, we may request a fee for each page issued from the 21st page.
8.1.2. the right to receive information as to whether Enterprise Estonia processes your personal data, and if so, to obtain access to the above-mentioned data;
8.1.3. the right to request the correction of inaccurate personal data if the data is insufficient, incomplete or inaccurate;
8.1.4. the right to object to the processing of personal data;
8.1.5. the right to request the deletion of personal data. Such right does not apply if the personal data requested to be deleted are also processed on other legal grounds;
8.1.6. the right to restrict the processing of personal data based on applicable law;
8.1.7. the right to receive your personal data that you have submitted yourself and which is processed based on consent or to perform a contract, in writing or in a publicly available electronic format;
8.1.8. the right to request the transfer of data to another service provider;
8.1.9. the right to withdraw consent with regard to the processing of personal data;
8.1.10. the right to submit a challenge about the use of personal data to the Estonian Data Protection Inspectorate or the court if you find that the processing of your personal data infringes your rights and interests under the applicable law.
8.1.11. the right to accept or prohibit the use of personal data for direct marketing or marketing purposes.
8.2. Enterprise Estonia refuses to comply with your request to see information only if this may:
8.2.1. harm the rights and freedoms of another person;
8.2.2. prevent the combating of a criminal offence or apprehension of a criminal offender;
8.2.3. impede the determination of truth in criminal proceedings;
8.2.4. endanger the protection of the confidentiality of the filiation of the child.
8.3. For questions related to the processing of your personal data, please contact our data protection specialist by sending an email to email@example.com.
GDPR notification in relation with grants
With regard to the General Data Protection Regulation (Regulation 2016/679 of the European Parliament and of the Council), entering into force on 25 May 2018, we inform you about our data protection related activities.
Ettevõtluse Arendamise Sihtasutus (hereinafter “Enterprise Estonia”) promotes business and regional policy in Estonia and is one of the largest institutions within the national support system for entrepreneurship by providing financial assistance for entrepreneurs, research institutions, the public and non-profit sectors. More information about the supports provided by Enterprise Estonia is available at https://www.eas.ee/teenused.
The legal basis for the processing of personal data is the legal obligation deriving from legislation to process applications for a grant or grants. You are obligated to submit the required personal data to receive a grant. Upon failure to submit data, Enterprise Estonia will not be able to give you a grant.
The data controller is the relevant ministry holding the support measure.
Based on legislation serving as the basis for the support measure or the public law contract related to the support measure, the data processor of personal data is Enterprise Estonia.
Enterprise Estonia preserves the documents received during the processing of grant, including personal data, until the deadline provided for in legislation applicable to the support measure.
You have the right to request access from Enterprise Estonia to your personal data and request this data to be rectified or deleted or restrict the processing of personal data or submit an objection in regard to the processing of such personal data, you also have the right to request the transfer of your personal data. To exercise your rights, please send an email to firstname.lastname@example.org.
You have the right to submit a complaint with regard to unlawful processing of personal data to the Estonian Data Protection Inspectorate.
Register of data processors
The register can be found here
Register of personal data processing
The register is under preparation and it will be published shortly.