Key Services to make your business successful
Last updated on 11.11.2022
This Privacy Notice provides mandatory information, required under the European General Data Protection Regulation (GDPR) regarding the transparency of Personal Data processing, carried out by estx.io OÜ, registry code 14647544, legal address Tallinn Põhja-Tallinna linnaosa Telliskivi 57, 10412, Estonia.
estx.io OÜ supports e-residents in establishing their companies in Estonia. The support includes such services as:
– Preparation of business documents for the commercial register;
– Legal address and contact person;
– Cryptocurrency services;
– Legal paperwork;
– Accounting services, etc.
Data – any Personal Data provided to or collected by estx.io OÜ (hereinafter we, us, our) which acts as a Data Controller.
Personal Data involves information that can be used to identify directly or indirectly a specific individual.
The visitors of the web page or the customers of the company (hereinafter You, Yours, Data Subject) are not required to provide us with the Personal Data that we request. However, if You choose not to do so, we may not be able to provide You with our services or respond to the queries You may have.
Principles of data processing
While processing personal data, estx.io OÜ is following principles, mentioned in GDPR art.5:
- Personal Data shall be processed lawfully, fairly, and in a transparent manner (lawfulness, fairness, and transparency);
- Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date (purpose limitation, data minimization, accuracy);
- Personal Data shall only be retained for as long as it is required to fulfill contractual and legal requirements while implementing the appropriate technical and organizational security measures in order to safeguard the rights and freedoms of the data subject (storage limitation);
- Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality).
- Data Controller (estx.io OÜ) shall be responsible for, and be able to demonstrate compliance with, principles mentioned above (accountability).
What Personal Data is processed?
We may collect Personal Data from a variety of sources. This includes:
– Personal Data You give us directly;
– Personal Data we collect from other sources.
The data we collect may include the following personal information:
– We do not collect any data from the website visitors as no behavior and traffic analytics or automated messaging solutions are used.
If You have any inquiry, we may request You to provide Your:
- personal email address;
- other data provided by a visitor.
If You decide to become our customer, we may request You to provide Your:
- full name;
- personal ID number;
- personal email address;
- phone number;
- home country;
- home address;
- other shareholder’s full name;
- other shareholder’s personal ID number;
- other shareholder’s home country;
- other shareholder’s home address.
Purposes of Personal Data processing
estx.io OÜ is processing Personal Data for the following purposes:
- to keep the records of prospects customers and/or partners met during the events;
- to answer customer inquiries made on the webpage;
- to manage customers and provide services (fulfilling conditions of the agreement);
- to send personalized communications to potential and current customers.
Legal basis for Personal Data processing
Legitimate interest – data processing is necessary for the performance of a contract to which the Customer is a party.
Consent – data, that is not used to fulfill the conditions of the contract, is being processed only with received permission from the Data Subject.
Transfer of the Personal Data
estx.io OÜ may transfer Customer’s Personal Data to third parties such as lawyers, accounting service providers, web developers, and other outside professional advisors in order to support customer needs with additional services. We ensure that these data recipients protect the confidentiality and security of Personal Data, and to ensure that Personal Data is processed only for the provision of services and in compliance with applicable law.
Security and Access to Personal Data
Personal Data will be stored in Estonian servers, which are located in the European Union Member States or the European Economic Area. Personal Data may be sent to countries, where the level of data protection has been evaluated adequately by the European Commission and to the United States of America companies that have joined the Privacy Shield framework.
Only companies’ employees, who use the customer’s Personal Data to offer services or support, can access Personal Data.
The company implements appropriate organizational and information security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.
The transfer of Personal Data to data processors is allowed only when there are appropriate contracts that regulate the data transfer and processing between the controller and the processor. Data processors are required to use appropriate technical and organizational measures to ensure the security of Personal Data.
When closing a profile account, all Personal Data will be deleted, except data necessary under the law. For example, for accounting purposes or consumer dispute resolution.
If a profiled account is not necessary to offer services, the purchase history shall be retained for 3 years.
In the case of disputes relating to payments and consumer disputes, Personal Data shall be stored until the claim is executed or until the expiry of the limitation period.
The Personal Data necessary for accounting purposes will be kept for seven years.
Data Subject rights
- The right to be informed. This means anyone processing Your Personal Data must make it clear for what purpose data is processed, security measurements applied, 3rd parties that the data is shared with, etc.
- The right of access. You have the right to request information about what data company holds about You.
- The right to rectification. You can request to correct or amend the data if it is inaccurate.
- Right to be forgotten. Under certain circumstances, You can ask for Your Personal Data to be deleted. This would apply if the Personal Data is no longer required for the purposes it was collected for, or Your consent for the processing of that data has been withdrawn, or the Personal Data has been unlawfully processed.
- The right to restrict processing. You have the right to ask for a temporary halt to processing of Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
- The right to data portability. You have the right to ask for any data supplied directly to the Data Controller to be provided to You in a structured, commonly used, and machine-readable format.
- The right to object. You have the right to object to the further processing of the data if it is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
- Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing.
Links to Other Websites
Our Service may contain links to other websites that are not operated by us. If You click on a third party link, You will be directed to that third party’s site.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.