Recipients of personal data and categories of recipients

This page explains the categories of recipients to whom Inforegister and related services may make personal data and business-related data available.

This explanation should be read together with Inforegister’s Privacy Terms, Legitimate Interests Assessment and Procedure for Restricting the Visibility of a Personal Profile.

1. What is a recipient?

A recipient is a person, company, authority or other party to whom personal data is disclosed or made available.

A recipient may be, for example, a user of the online environment, a registered user, a contractual client, a user of an API service, a report user, a technical service provider, an adviser, a public authority or another party to whom there is a legal basis for making data available.

A recipient does not always mean that data is separately and manually forwarded to someone. Data may also be made available through an online environment, report, data product, API interface or technical service.

2. Why does Inforegister make data available to recipients?

Inforegister processes and makes business-related data available in order to support:

transparency of the business environment;
the reliability of legal and commercial transactions;
company background checks;
credit risk and business risk assessment;
the prevention of fraud, nominee arrangements and misuse;
the assessment of the background of contractual partners, clients, suppliers and debtors;
making business data understandable and practically usable.

Business-related data is not made available for the purpose of describing a person’s private life, but for understanding the company’s management, representation rights, ownership, beneficial owners, history, connections, reliability and business risks.

3. Categories of recipients

Inforegister and related services may make personal data and business data available to the following categories of recipients.

3.1. Users of online environments

These are persons who use the public online environments of Inforegister or related services.

Not all data may be visible in the public view. Inforegister may restrict the availability of data on the basis of user levels, login, contractual access or another visibility restriction.

3.2. Registered users

Registered users are persons or companies that have created a user account or have used the service in a logged-in view.

Registered users may have access to more business information than a public user who is not logged in, where this is necessary for using the service and is consistent with the purpose of processing.

3.3. Contractual clients

Contractual clients are companies or persons who have a service agreement with Inforegister or a related service provider.

Contractual clients may use business data, for example, for credit decisions, background checks, client management, sales, claims management, risk assessment or compliance checks.

3.4. Users of credit information and business information services

These are users who use Inforegister data to assess a company’s background, payment behaviour, credit risk, financial position, connections or reliability.

Such use supports transparency in legal and commercial transactions and helps users make informed business decisions.

3.5. Users of reports, analyses and data products

Inforegister may make data available through reports, analyses, extracts, data products or other structured services.

Such services allow the user to assess a company’s background, connections, risks, payment behaviour or other business-related information.

3.6. API and data service clients

An API is a technical means of data transmission. Through an API, business data may be made available in a structured and machine-readable form.

Making data available through an API does not mean that it is a separate category of data. It is a technical channel through which the same or partially overlapping business data is used, which may also be displayed in an online environment, report or data product.

API and data service clients may use data, for example, for:

credit risk assessment;
background checks;
client management;
claims management;
risk control;
compliance checks;
fraud prevention;
making business decisions.

3.7. Related service providers and the same group of companies

Inforegister data may also be used by related services and by service providers belonging to the same group of companies or otherwise related service providers, such as Inforegister, Storybook, 1Contact, Kreedix and other related services.

The same or partially overlapping dataset may be used in different services for different purposes, for example for providing company visibility, business information, credit information, contact management, debt management or background check services.

3.8. Technical service providers

Inforegister may use technical service providers who help provide, manage, develop and secure the service.

Such service providers may include, for example:

hosting service providers;
server and cloud service providers;
developers;
security service providers;
backup service providers;
logging and monitoring service providers;
authentication service providers;
payment service providers;
analytics and technical administration service providers.

Technical service providers generally process data on the instructions of Inforegister and to the extent necessary for providing the service, ensuring security or enabling technical operation.

3.9. Legal advisers, auditors, accountants and claims management service providers

Inforegister may disclose data to legal advisers, auditors, accountants, debt collection or claims management service providers where this is necessary for:

protecting rights;
resolving disputes;
bringing or defending claims;
accounting;
auditing;
performing contracts;
collecting debts.

3.10. Public authorities

Inforegister may disclose data to public authorities where there is a legal basis or obligation to do so.

Such authorities may include, for example, courts, supervisory authorities, investigative authorities, the Estonian Data Protection Inspectorate or other competent state authorities.

3.11. Third parties on the basis of the data subject’s consent or request

Data may also be transmitted to third parties where the data subject has given consent for this or where transmission of the data is necessary for fulfilling the data subject’s request.

4. Does Inforegister provide a named list of recipients?

When responding to a data subject’s request, Inforegister may provide information in the form of categories of recipients.

A named list of specific recipients is not provided to the extent that such disclosure is not necessary, proportionate or legally required in view of the content of the request.

Inforegister also does not disclose a named list of every individual website user, report user, API client, contractual partner or technical service provider if this would prejudice the legitimate interests, trade secrets, security or contractual relationships of Inforegister, its clients or third parties.

Providing categories of recipients gives the data subject an overview of the types of parties to whom data may be disclosed or made available, without prejudicing the rights, security or trade secrets of other persons.

5. What does notifying recipients of rectification, erasure or restriction of data mean?

If Inforegister rectifies, erases or restricts personal data, Inforegister notifies the relevant recipients to the extent that this is technically possible, proportionate and within Inforegister’s control.

Notification may take place, for example, through:

a data update;
a change in the API response;
a change in the service view;
a restriction of the data record;
an update of a data product;
another technical or administrative solution.

Inforegister cannot guarantee that a third party will immediately erase or change data in its own system if it has previously lawfully received, stored, combined or merged the data with other sources.

If a third party processes data as an independent controller, that third party is responsible for the lawfulness, purposes, retention and handling of data subject requests in relation to its own processing.

6. An API is not a separate category of data

An API is a technical means of data transmission.

The transmission of data through an API does not mean that Inforegister processes a new or separate category of data. Through an API, the same or partially overlapping business data may be made available as is also used in online environments, reports, analyses or data products.

The use of an API is a standard technical solution in business data, credit information and business information services where clients need to use data in a structured, machine-readable form that is compatible with their work processes.

7. Independent responsibility of third parties

If a third party has lawfully obtained data from Inforegister, a public register, a company’s website, another public source or its own database and processes it for its own purposes, it may be an independent controller.

In such a case, the third party is responsible for ensuring that its processing is lawful, purpose-specific and proportionate.

Inforegister is not responsible for how third parties process data that they have obtained from an independent source or that they process under their own responsibility.

If a data subject wishes their data to be rectified, restricted or erased in a third party’s system, the data subject should, where necessary, contact the relevant third party directly.

8. Link with the Privacy Terms

This explanation supplements Inforegister’s Privacy Terms.

If a person wishes to obtain an overview of Inforegister’s general data processing principles, they should also read:

  • the Privacy Terms;
  • the Legitimate Interests Assessment;
  • the Procedure for Restricting the Visibility of a Personal Profile.

 

Recipients of personal data and categories of recipients

This page explains the categories of recipients to whom Inforegister and related services may make personal data and business-related data available.

This explanation should be read together with Inforegister’s Privacy Terms, Legitimate Interests Assessment and Procedure for Restricting the Visibility of a Personal Profile.

1. What is a recipient?

A recipient is a person, company, authority or other party to whom personal data is disclosed or made available.

A recipient may be, for example, a user of the online environment, a registered user, a contractual client, a user of an API service, a report user, a technical service provider, an adviser, a public authority or another party to whom there is a legal basis for making data available.

A recipient does not always mean that data is separately and manually forwarded to someone. Data may also be made available through an online environment, report, data product, API interface or technical service.

2. Why does Inforegister make data available to recipients?

Inforegister processes and makes business-related data available in order to support:

transparency of the business environment;
the reliability of legal and commercial transactions;
company background checks;
credit risk and business risk assessment;
the prevention of fraud, nominee arrangements and misuse;
the assessment of the background of contractual partners, clients, suppliers and debtors;
making business data understandable and practically usable.

Business-related data is not made available for the purpose of describing a person’s private life, but for understanding the company’s management, representation rights, ownership, beneficial owners, history, connections, reliability and business risks.

3. Categories of recipients

Inforegister and related services may make personal data and business data available to the following categories of recipients.

3.1. Users of online environments

These are persons who use the public online environments of Inforegister or related services.

Not all data may be visible in the public view. Inforegister may restrict the availability of data on the basis of user levels, login, contractual access or another visibility restriction.

3.2. Registered users

Registered users are persons or companies that have created a user account or have used the service in a logged-in view.

Registered users may have access to more business information than a public user who is not logged in, where this is necessary for using the service and is consistent with the purpose of processing.

3.3. Contractual clients

Contractual clients are companies or persons who have a service agreement with Inforegister or a related service provider.

Contractual clients may use business data, for example, for credit decisions, background checks, client management, sales, claims management, risk assessment or compliance checks.

3.4. Users of credit information and business information services

These are users who use Inforegister data to assess a company’s background, payment behaviour, credit risk, financial position, connections or reliability.

Such use supports transparency in legal and commercial transactions and helps users make informed business decisions.

3.5. Users of reports, analyses and data products

Inforegister may make data available through reports, analyses, extracts, data products or other structured services.

Such services allow the user to assess a company’s background, connections, risks, payment behaviour or other business-related information.

3.6. API and data service clients

An API is a technical means of data transmission. Through an API, business data may be made available in a structured and machine-readable form.

Making data available through an API does not mean that it is a separate category of data. It is a technical channel through which the same or partially overlapping business data is used, which may also be displayed in an online environment, report or data product.

API and data service clients may use data, for example, for:

credit risk assessment;
background checks;
client management;
claims management;
risk control;
compliance checks;
fraud prevention;
making business decisions.

3.7. Related service providers and the same group of companies

Inforegister data may also be used by related services and by service providers belonging to the same group of companies or otherwise related service providers, such as Inforegister, Storybook, 1Contact, Kreedix and other related services.

The same or partially overlapping dataset may be used in different services for different purposes, for example for providing company visibility, business information, credit information, contact management, debt management or background check services.

3.8. Technical service providers

Inforegister may use technical service providers who help provide, manage, develop and secure the service.

Such service providers may include, for example:

hosting service providers;
server and cloud service providers;
developers;
security service providers;
backup service providers;
logging and monitoring service providers;
authentication service providers;
payment service providers;
analytics and technical administration service providers.

Technical service providers generally process data on the instructions of Inforegister and to the extent necessary for providing the service, ensuring security or enabling technical operation.

3.9. Legal advisers, auditors, accountants and claims management service providers

Inforegister may disclose data to legal advisers, auditors, accountants, debt collection or claims management service providers where this is necessary for:

protecting rights;
resolving disputes;
bringing or defending claims;
accounting;
auditing;
performing contracts;
collecting debts.

3.10. Public authorities

Inforegister may disclose data to public authorities where there is a legal basis or obligation to do so.

Such authorities may include, for example, courts, supervisory authorities, investigative authorities, the Estonian Data Protection Inspectorate or other competent state authorities.

3.11. Third parties on the basis of the data subject’s consent or request

Data may also be transmitted to third parties where the data subject has given consent for this or where transmission of the data is necessary for fulfilling the data subject’s request.

4. Does Inforegister provide a named list of recipients?

When responding to a data subject’s request, Inforegister may provide information in the form of categories of recipients.

A named list of specific recipients is not provided to the extent that such disclosure is not necessary, proportionate or legally required in view of the content of the request.

Inforegister also does not disclose a named list of every individual website user, report user, API client, contractual partner or technical service provider if this would prejudice the legitimate interests, trade secrets, security or contractual relationships of Inforegister, its clients or third parties.

Providing categories of recipients gives the data subject an overview of the types of parties to whom data may be disclosed or made available, without prejudicing the rights, security or trade secrets of other persons.

5. What does notifying recipients of rectification, erasure or restriction of data mean?

If Inforegister rectifies, erases or restricts personal data, Inforegister notifies the relevant recipients to the extent that this is technically possible, proportionate and within Inforegister’s control.

Notification may take place, for example, through:

a data update;
a change in the API response;
a change in the service view;
a restriction of the data record;
an update of a data product;
another technical or administrative solution.

Inforegister cannot guarantee that a third party will immediately erase or change data in its own system if it has previously lawfully received, stored, combined or merged the data with other sources.

If a third party processes data as an independent controller, that third party is responsible for the lawfulness, purposes, retention and handling of data subject requests in relation to its own processing.

6. An API is not a separate category of data

An API is a technical means of data transmission.

The transmission of data through an API does not mean that Inforegister processes a new or separate category of data. Through an API, the same or partially overlapping business data may be made available as is also used in online environments, reports, analyses or data products.

The use of an API is a standard technical solution in business data, credit information and business information services where clients need to use data in a structured, machine-readable form that is compatible with their work processes.

7. Independent responsibility of third parties

If a third party has lawfully obtained data from Inforegister, a public register, a company’s website, another public source or its own database and processes it for its own purposes, it may be an independent controller.

In such a case, the third party is responsible for ensuring that its processing is lawful, purpose-specific and proportionate.

Inforegister is not responsible for how third parties process data that they have obtained from an independent source or that they process under their own responsibility.

If a data subject wishes their data to be rectified, restricted or erased in a third party’s system, the data subject should, where necessary, contact the relevant third party directly.

8. Link with the Privacy Terms

This explanation supplements Inforegister’s Privacy Terms.

If a person wishes to obtain an overview of Inforegister’s general data processing principles, they should also read:

  • the Privacy Terms;
  • the Legitimate Interests Assessment;
  • the Procedure for Restricting the Visibility of a Personal Profile.
Storybook Chrome extension

The Storybook extension tells you which company's website you are currently on and how reliable that company is today. Download extension

See the background of the caller! Storybook App brings you DIRECT CONTACTS FOR 400,000 Estonian companies and individuals (managers, officials). The data is enriched with solvency and financial information.