Privacy Policy

Key Services to make your business successful

Last updated on 09.09.2023

This Privacy Notice provides mandatory information, required under the European General Data Protection Regulation (GDPR) regarding the transparency of Personal Data processing, carried out by estx.io OÜ, registry code 14647544, legal address Tallinn, Põhja-Tallinna linnaosa, Telliskivi 57, 10412, Estonia.

Services Overview

estx.io OÜ supports e-residents in establishing their companies in Estonia. The support includes such services as:

  • Preparation of business documents for the commercial register;
  • Legal address and contact person;
  • Cryptocurrency services;
  • Legal paperwork;
  • Accounting services, etc.

Data Submission and Service Confirmation

Submitting the data, You confirm that the data provided in the customer’s form are correct and that You are requesting the service indicated on the invoice. Upon digitally signing the customer form using the e-Residency card and paying the bill for the desired service, estx.io OÜ will continue to provide the services specified in the customer form.

Service and Fees

There is a one-time fee for establishing a company and initiating and conducting liquidation proceedings. When the company’s place of business and board member(s) are situated outside Estonia, the Estonian company requires an Estonian legal address and contact person. This service is mandatory and included in all accounting packages and the annual fee.

By choosing a monthly accounting package on the customer form, the customer undertakes to pay the monthly invoice specified in the package, even if there are no monthly documents. The business address and contact person service is paid for once a year. When choosing the annual fee package, the package does not include accounting and preparation of the annual report.

Estx.io OÜ prepares monthly accounting invoices for the services provided on the first day of each month, and the customer pays the invoice no later than the 5th day of the same month. Estx.io OÜ is liable for VAT, and VAT will be added to every invoice submitted to You. Estx.io OÜ does not issue invoices without VAT.

A company created by a citizen of Ukraine is required to be an estx.io OÜ customer for 3 years from the time the company was founded. In case of premature departure, the company must pay a company establishment fee of 379 euros + VAT 20%.

Data Processing

Data – any Personal Data provided to or collected by estx.io OÜ (hereinafter we, us, our) which acts as a Data Controller. Personal Data involves information that can be used to identify directly or indirectly a specific individual.

The visitors of the web page or the customers of the company (hereinafter You, Yours, Data Subject) are not required to provide us with the Personal Data that we request. However, if You choose not to do so, we may not be able to provide You with our services or respond to the queries You may have.

Principles of Data Processing

While processing personal data, estx.io OÜ follows principles mentioned in GDPR art.5:

  • Personal Data shall be processed lawfully, fairly, and in a transparent manner (lawfulness, fairness, and transparency);
  • Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date (purpose limitation, data minimization, accuracy);
  • Personal Data shall only be retained for as long as it is required to fulfill contractual and legal requirements while implementing the appropriate technical and organizational security measures to safeguard the rights and freedoms of the data subject (storage limitation);
  • Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality).
  • Data Controller (estx.io OÜ) shall be responsible for, and be able to demonstrate compliance with, principles mentioned above (accountability).

What Personal Data is Processed?

We may collect Personal Data from a variety of sources. This includes:

  • Personal Data You give us directly;
  • Personal Data we collect from other sources.

The data we collect may include the following personal information:

  • We do not collect any data from the website visitors as no behavior and traffic analytics or automated messaging solutions are used.
  • If You have any inquiry, we may request You to provide Your: name, personal email address, and other data provided by a visitor.
  • If You decide to become our customer, we may request You to provide Your: full name, personal ID number, personal email address, phone number, home country, home address, other shareholder’s full name, other shareholder’s personal ID number, other shareholder’s home country, and other shareholder’s home address.

Purposes of Personal Data Processing

estx.io OÜ processes Personal Data for the following purposes:

  • To keep records of prospective customers and/or partners met during events;
  • To answer customer inquiries made on the webpage;
  • To manage customers and provide services (fulfilling conditions of the agreement);
  • To send personalized communications to potential and current customers.

Legal Basis for Personal Data Processing

Legitimate interest – data processing is necessary for the performance of a contract to which the Customer is a party.

Consent – data, that is not used to fulfill the conditions of the contract, is processed only with received permission from the Data Subject.

Transfer of Personal Data

estx.io OÜ may transfer Customer’s Personal Data to third parties such as lawyers, accounting service providers, web developers, and other outside professional advisors to support customer needs with additional services. We ensure that these data recipients protect the confidentiality and security of Personal Data and that Personal Data is processed only for the provision of services and in compliance with applicable law.

Security and Access to Personal Data

Personal Data will be stored in Estonian servers, located in the European Union Member States or the European Economic Area. Personal Data may be sent to countries where the level of data protection has been evaluated adequately by the European Commission and to the United States of America companies that have joined the Privacy Shield framework.

Only company employees, who use the customer’s Personal Data to offer services or support, can access Personal Data.

The company implements appropriate organizational and information security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure.

Data Retention

When a company is liquidated or when a profile account is closed, all Personal Data will be deleted, except data necessary under the law. For example, for accounting purposes or consumer dispute resolution.

If a profiled account is not necessary to offer services, the purchase history shall be retained for 3 years.

In the case of disputes relating to payments and consumer disputes, Personal Data shall be stored until the claim is executed or until the expiry of the limitation period.

The Personal Data necessary for accounting purposes will be kept for seven years.

Data Subject Rights

Data Subject rights include:

  • The right to be informed. This means anyone processing Your Personal Data must make it clear for what purpose data is processed, security measurements applied, 3rd parties that the data is shared with, etc.
  • The right of access. You have the right to request information about what data the company holds about You.
  • The right to rectification. You can request to correct or amend the data if it is inaccurate.
  • Right to be forgotten. Under certain circumstances, You can ask for Your Personal Data to be deleted. This would apply if the Personal Data is no longer required for the purposes it was collected for, or Your consent for the processing of that data has been withdrawn, or the Personal Data has been unlawfully processed.
  • The right to restrict processing. You have the right to ask for a temporary halt to processing of Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
  • The right to data portability. You have the right to ask for any data supplied directly to the Data Controller to be provided to You in a structured, commonly used, and machine-readable format.
  • The right to object. You have the right to object to the further processing of the data if it is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
  • Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If You click on a third party link, You will be directed to that third party’s site.

We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on our service, prior to the change becoming effective and update the “Last updated on” date at the top of this Privacy Policy.

We advise You to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Dispute Resolution

Disputes relating to the processing of Personal Data are settled through customer support (email: info@estx.io). The Supervisory Authority is the Estonian Data Protection Inspectorate (info@aki.ee).

Data in the e-Business Register

The data of the company You create will be entered in the e-Business register, which is the official portal of the Estonian state and contains the data of all legal entities registered in Estonia in one environment.

Confirmation of Accuracy and Compliance

By signing this customer form, the customer confirms that he has provided correct and factual information and confirms that he has read and understood the Terms & Conditions and Privacy Policy on the estx.io OÜ website, confirming their compliance with their intentions and wishes.

Last updated on 11.11.2022

This Privacy Notice provides mandatory information, required under the European General Data Protection Regulation (GDPR) regarding the transparency of Personal Data processing, carried out by estx.io OÜ, registry code 14647544, legal address Tallinn Põhja-Tallinna linnaosa Telliskivi 57, 10412, Estonia.

estx.io OÜ supports e-residents in establishing their companies in Estonia. The support includes such services as:

–     Preparation of business documents for the commercial register;

–     Legal address and contact person;

–     Cryptocurrency services;

–     Legal paperwork;

–     Accounting services, etc.

Data processing

Data – any Personal Data provided to or collected by estx.io OÜ (hereinafter we, us, our) which acts as a Data Controller.

Personal Data involves information that can be used to identify directly or indirectly a specific individual.

The visitors of the web page or the customers of the company (hereinafter You, Yours, Data Subject) are not required to provide us with the Personal Data that we request. However, if You choose not to do so, we may not be able to provide You with our services or respond to the queries You may have.

Principles of data processing
While processing personal data, estx.io OÜ is following principles, mentioned in GDPR art.5:
  • Personal Data shall be processed lawfully, fairly, and in a transparent manner (lawfulness, fairness, and transparency);
  • Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date (purpose limitation, data minimization, accuracy);
  • Personal Data shall only be retained for as long as it is required to fulfill contractual and legal requirements while implementing the appropriate technical and organizational security measures in order to safeguard the rights and freedoms of the data subject (storage limitation);
  • Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality).
  • Data Controller (estx.io OÜ) shall be responsible for, and be able to demonstrate compliance with, principles mentioned above (accountability).
 What Personal Data is processed?

We may collect Personal Data from a variety of sources. This includes:

–    Personal Data You give us directly;
–    Personal Data we collect from other sources.

The data we collect may include the following personal information:

–   We do not collect any data from the website visitors as no behavior and traffic analytics or automated messaging solutions are used.

If You have any inquiry, we may request You to provide Your:

  • name;
  • personal email address;
  • other data provided by a visitor.

 

If You decide to become our customer, we may request You to provide Your:

  • full name;
  • personal ID number;
  • personal email address; 
  • phone number;
  • home country;
  • home address;
  • other shareholder’s full name; 
  • other shareholder’s personal ID number; 
  • other shareholder’s home country; 
  • other shareholder’s home address.

Purposes of Personal Data processing

estx.io OÜ is processing Personal Data for the following purposes: 

  • to keep the records of prospects customers and/or partners met during the events;
  • to answer customer inquiries made on the webpage;
  • to manage customers and provide services (fulfilling conditions of the agreement); 
  • to send personalized communications to potential and current customers.

Legal basis for Personal Data processing

Legitimate interest – data processing is necessary for the performance of a contract to which the Customer is a party.

Consent – data, that is not used to fulfill the conditions of the contract, is being processed only with received permission from the Data Subject.

Transfer of the Personal Data

estx.io OÜ may transfer Customer’s Personal Data to third parties such as lawyers, accounting service providers,  web developers, and other outside professional advisors in order to support customer needs with additional services.  We ensure that these data recipients protect the confidentiality and security of Personal Data, and to ensure that Personal Data is processed only for the provision of services and in compliance with applicable law.

Security and Access to Personal Data

Personal Data will be stored in Estonian servers, which are located in the European Union Member States or the European Economic Area. Personal Data may be sent to countries, where the level of data protection has been evaluated adequately by the European Commission and to the United States of America companies that have joined the Privacy Shield framework.

Only companies’ employees, who use the customer’s Personal Data to offer services or support, can access Personal Data.

The company implements appropriate organizational and information security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure. 

The transfer of Personal Data to data processors is allowed only when there are appropriate contracts that regulate the data transfer and processing between the controller and the processor. Data processors are required to use appropriate technical and organizational measures to ensure the security of Personal Data.

Data retention

When closing a profile account, all Personal Data will be deleted, except data necessary under the law. For example, for accounting purposes or consumer dispute resolution.

If a profiled account is not necessary to offer services, the purchase history shall be retained for 3 years.

In the case of disputes relating to payments and consumer disputes, Personal Data shall be stored until the claim is executed or until the expiry of the limitation period.

The Personal Data necessary for accounting purposes will be kept for seven years.

 
Data Subject rights

  1. The right to be informed. This means anyone processing Your Personal Data must make it clear for what purpose data is processed, security measurements applied, 3rd parties that the data is shared with, etc.
  2. The right of access. You have the right to request information about what data company holds about You.
  3. The right to rectification. You can request to correct or amend the data if it is inaccurate.
  4. Right to be forgotten. Under certain circumstances, You can ask for Your Personal Data to be deleted. This would apply if the Personal Data is no longer required for the purposes it was collected for, or Your consent for the processing of that data has been withdrawn, or the Personal Data has been unlawfully processed.
  5. The right to restrict processing. You have the right to ask for a temporary halt to processing of Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
  6. The right to data portability. You have the right to ask for any data supplied directly to the Data Controller to be provided to You in a structured, commonly used, and machine-readable format.
  7. The right to object. You have the right to object to the further processing of the data if it is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
  8. Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If You click on a third party link, You will be directed to that third party’s site.

We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. 

We will let You know via email and/or a prominent notice on our service, prior to the change becoming effective and update the “Last updated on” date at the top of this Privacy Policy. 

We advise You to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Dispute resolution

Disputes relating to the processing of Personal Data are settled through customer support (email: info@estx.io). The Supervisory Authority is the Estonian Data Protection Inspectorate (info@aki.ee).