{"id":682,"date":"2021-07-19T14:12:17","date_gmt":"2021-07-19T14:12:17","guid":{"rendered":"https:\/\/group.kreedix.ee\/?page_id=682"},"modified":"2026-07-10T12:50:10","modified_gmt":"2026-07-10T12:50:10","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"682\" class=\"elementor elementor-682\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<div class=\"elementor-section elementor-top-section elementor-element elementor-element-7be0a55f elementor-hidden-phone elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7be0a55f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-31d8792c elementor-hidden-mobile\" data-id=\"31d8792c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1ad6570a elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"1ad6570a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Privacy Terms<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-67574e80 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"67574e80\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-563b24be\" data-id=\"563b24be\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7a31c450 elementor-hidden-mobile elementor-widget elementor-widget-text-editor\" data-id=\"7a31c450\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"privacy_policy_text\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4>Terms for the processing of personal data in the Inforegister database and related services<\/h4><p style=\"text-align: right;\">Effective from: 30.07.2021<br \/>Last amended: 30.06.2026<br \/><br \/><\/p><h3>1. General provisions and scope<\/h3><p>These privacy terms explain how Inforegister and related services process personal data.<\/p><p>The privacy terms apply to the processing of personal data in web environments, databases, reports, API interfaces, data products, customer communications, contractual services and other related service views.<\/p><p>These privacy terms must be read together with: 1. the legitimate interests assessment; 2. the procedure for restricting the visibility of a personal profile; 3. the cookie terms; and 4. the terms of specific services, where applicable.<\/p><p>The legitimate interests assessment explains why Inforegister and related services process business-related personal data on the basis of legitimate interest, what the purposes of processing are, why processing is necessary and how the interests of Inforegister, service users, third parties and the data subject are balanced.<\/p><p>The procedure for restricting the visibility of a personal profile explains what restriction of the public visibility of a person\u2019s separate profile means, to what extent it is carried out, and why visibility restriction does not automatically mean deletion of all business-related data from company profiles, related services or the Inforegister data stores.<\/p><p>Inforegister processes personal data in accordance with Regulation (EU) 2016\/679 of the European Parliament and of the Council, the General Data Protection Regulation, the Personal Data Protection Act and other applicable data-protection and information-security requirements.<\/p><h3>2. Controllers and related services<\/h3><p>In these privacy terms, the term Inforegister is used in a broad sense.<\/p><p>It includes the Inforegister database and related services that may be provided or used by service providers belonging to the same group of companies or by otherwise related service providers, including Inforegister, Storybook, 1Contact, Kreedix and other related services.<\/p><p>These services may use the same or partly overlapping business data originating from public and lawful sources. However, the purpose of use, manner of display, scope visible to the user and legal basis for processing may differ from service to service.<\/p><p>Where, in the case of a specific service, contract or data processing operation, a related service provider acts as a separate controller or processor, responsibility is determined according to the terms of the service, contracts and the actual purpose of the data processing.<\/p><h3>3. Definitions<\/h3><p>Personal data means any information relating to an identified or identifiable natural person.<\/p><p>Data subject means a natural person whose personal data is processed. The data subject may be, for example, a service user, client, company management board member, shareholder, identified beneficial owner, sole proprietor, contact person, representative or other person connected with business activity.<\/p><p>User means a person who uses a web environment, database, report, API service, customer account or other service of Inforegister or related services.<\/p><p>Business-related personal data means data concerning a natural person\u2019s role, relationship or activity in connection with a company, sole proprietor, non-profit association, apartment association, foundation or other legal or economic activity.<\/p><p>Personal profile means a separate profile or view of a natural person that aggregates business roles, relationships or data concerning the person that originate from public and lawful sources.<\/p><p>Company profile means a profile of a specific legal person, sole proprietor or other entity that describes the company\u2019s management, representation rights, ownership, identified beneficial owners, financial indicators, risks, contact details, background information and other business-related data.<\/p><p>Processing means any operation performed on personal data, including collection, recording, organisation, retention, alteration, display, transmission, restriction or deletion.<\/p><h3>4. Processing of user and customer personal data<\/h3><p>Inforegister and related services may process the personal data of a user or customer where the person creates an account, uses a service, enters into a contract, orders a report, uses an API service, submits a query, communicates with customer support, pays an invoice, gives consent to marketing or otherwise uses the web environment.<\/p><p>Such data may include, for example: first name and surname; personal identification code or date of birth where necessary for identifying the person; username, authentication data and account data; email address and telephone number; company name, registry code, position or role in the company; invoicing data, payment data and invoice-related data; ordered services, service periods and customer-relationship data; query, service-use and user-log data; data relating to customer communications, enquiries and requests; consents, preferences and marketing choices; data relating to cookies, analytics and web use; and other data submitted by the user or customer or generated in the course of using the service.<\/p><p>User or customer data is processed primarily for entering into and performing a contract, providing the service, identifying the user, invoicing, customer support, ensuring service security, resolving disputes, protecting rights, fulfilling legal obligations, developing the service and, where consent exists, for marketing.<\/p><h3>5. Processing of business-related personal data collected from public sources<\/h3><p>In addition to data submitted by users or customers themselves, Inforegister processes business-related personal data originating from public and lawful sources.<\/p><p>Such data concerns natural persons connected with a company, sole proprietor, non-profit association, apartment association, foundation or other legal or economic activity.<\/p><p>Data processed may include, for example: first name and surname; personal identification code, date of birth or birth date to the necessary or limited extent; role in a legal person or other entity; start and end date of the role; status as a management board member, supervisory board member, procurator, liquidator, bankruptcy trustee, shareholder, identified beneficial owner, sole proprietor, contact person or other related person; representation rights; ownership relationships and holdings; business and professional prohibitions; related companies and historical relationships; business-related contact details; notices, register entries, court decisions, procedural data, reporting or background information from public sources; and aggregate views, relationships, scores, ratings, risk indicators and analytical indicators created on the basis of business data.<\/p><p>Inforegister does not collect persons\u2019 private-life data for the purpose of describing their private life. The focus of processing is business data and roles connected with business activity.<\/p><p>Where documents, websites, notices, court decisions, media coverage or other sources originating from public sources and connected with a company contain data relating to natural persons, such data is treated primarily as information appearing through the company and not as a description of the data subject\u2019s non-business life.<\/p><h3>6. Sources of data<\/h3><p>In processing personal data and business data, Inforegister uses public, lawful, user-submitted or contractual sources.<\/p><p>Data sources may include, for example: the Commercial Register; public data of the Tax and Customs Board; Official Announcements; public data on court decisions and court proceedings; public state registers; company websites; contact details published by companies themselves; company social-media channels and other public digital channels; public procurement, grants, activity licences or other public datasets; the Unemployment Insurance Fund and other public sources of job-offer or activity data; data submitted by a company, user or contractual partner; data generated in the course of customer communications, service use and contract performance; and other lawful and publicly available sources.<\/p><p>Inforegister does not make queries for the purpose of investigating a data subject\u2019s private life or publishing non-business personal data concerning the data subject. Data appears primarily through a company, business role, public register or business-related source.<\/p><p>Where data originates from a public register or another primary source, rectification of the data may first require changing the data in the relevant primary source.<\/p><h3>7. Purposes and legal bases of processing<\/h3><p>Inforegister and related services process personal data only where there is a legal basis and for specified purposes.<\/p><p>The legal bases for processing may be: 1. performance of a contract or taking pre-contractual measures; 2. compliance with a legal obligation; 3. the legitimate interest of Inforegister, related services or third parties; 4. consent of the data subject; and 5. establishment, exercise or defence of legal claims, where applicable.<\/p><p>Purposes of processing may include, among other things: providing the service and managing a user account; identifying a user or customer; entering into and performing a contract; invoicing and managing payments; customer support and customer communications; ensuring service security; protecting rights and resolving disputes; fulfilling legal obligations; displaying company background information; understanding company management, representation rights and ownership relationships; identifying identified beneficial owners and related persons; assessing business risks and credit risk; assessing payment behaviour, financial standing and reliability; background checks of contractual partners; preventing fraud, shell companies, nominees, straw persons and misuse; supporting business-to-business communication and business networks; enabling company visibility and a digital profile; supporting claims, debt management and credit management; ensuring data quality, currency and comparability; making information from public sources understandable and practically usable; service development, statistics and analytics; and marketing based on consent.<\/p><h3>8. Processing on the basis of legitimate interest<\/h3><p>Inforegister processes business-related personal data on the basis of legitimate interest where processing is necessary for the pursuit of the legitimate interest of Inforegister, users of related services or third parties and where the interests or fundamental rights and freedoms of the data subject do not override that interest.<\/p><p>Legitimate interest includes, among other things: providing business information, credit information, business analytics and background-check services; supporting transparency of legal and commercial transactions and legal certainty; increasing the reliability of the business environment; assessing business risks and credit risk; preventing fraud, nominees, straw persons and misuse; understanding company representation rights, management, ownership and identified beneficial owners; assessing the background of contractual partners, employers, suppliers, customers and debtors; and protecting the legitimate interests of creditors, contractual partners, employees and other market participants.<\/p><p>Processing on the basis of legitimate interest is described in more detail in Inforegister\u2019s legitimate interests assessment.<\/p><h3>9. Personal profile, company profile and business roles<\/h3><p>In the Inforegister database and related services, a distinction must be made between a person\u2019s separate profile and a company profile.<\/p><p>A personal profile aggregates on one view business roles, relationships and business data concerning a person that originate from public or lawful sources.<\/p><p>A company profile describes a specific company, its management, representation rights, owners, identified beneficial owners, financial indicators, risks, reporting, fields of activity, contact details and other company-related data.<\/p><p>If Inforegister restricts the public visibility of a person\u2019s separate profile, this does not automatically mean that the person\u2019s name, role or relationship will be removed from the company profile.<\/p><p>The purpose of a company profile is to provide the user with a complete and accurate overview of the company. Such an overview is not possible without the natural persons connected with the company, because company management, representation rights, ownership relationships, identified beneficial owners, historical roles and related companies are expressed through specific people.<\/p><p>Personal data connected with a company is at the same time part of the company\u2019s data. If a person were removed from a company profile solely because the person\u2019s separate profile is closed, the company profile could become incomplete, misleading or defective from a data-quality perspective.<\/p><h3>10. Scores, ratings, risk assessments and analytical indicators<\/h3><p>Inforegister may prepare credit scores, risk assessments, ratings, forecasts, comparisons and other analytical indicators on the basis of data originating from public and lawful sources.<\/p><p>Such indicators are not intended to describe the private life of the data subject, but to assess a company\u2019s financial standing, solvency, business risk, payment behaviour, reliability and activity pattern.<\/p><p>Analytical indicators may be based on multiple data points, including the company\u2019s financial data, tax behaviour, reporting discipline, history of management and relationships, previous business risks, debts, payment defaults, field of activity, age, size and other business-related characteristics.<\/p><p>Inforegister does not create a credit score or risk assessment concerning the data subject\u2019s private life. Scores and ratings are primarily prepared in respect of companies and their purpose is to describe the company\u2019s solvency, payment behaviour, financial position and business risk.<\/p><p>If a company score or risk indicator is displayed in a view connected with a person, it must be understood as an assessment of the related company and not as a separate assessment of the person\u2019s private life, personal characteristics or private reliability.<\/p><h3>11. APIs, reports, data products and user levels<\/h3><p>Inforegister and related services may make business data available in web environments, reports, API interfaces, data products, analytical services or contractual service views.<\/p><p>An API is a technical method of data transmission, not a separate data category. Transmission of data through an API does not change the nature of business data and does not in itself mean that the processing is different from displaying data in a web environment, report or other business-information service.<\/p><p>APIs, reports and data products enable users to use business data for assessing business risks, background checks, credit decisions, customer management, compliance checks, claims management or other legitimate business-related purposes.<\/p><p>Inforegister may restrict data access by user levels. This means that all data may not be publicly visible to every user who is not logged in. Some data may be visible only to registered users, contractual clients or other users who have separate access to the service.<\/p><p>Such differentiation of access levels helps reduce access to data out of mere curiosity and supports the principle that more detailed business information is available primarily to users who have a practical business or legitimate need for it.<\/p><h3>12. Recipients and third parties<\/h3><p>Inforegister and related services may make personal data and business data available to the following categories of recipients: users of web environments; registered users; contractual clients; users of credit-information and business-information services; users of reports, analyses and data products; API and data-service clients; companies that use the data for customer management, credit management, sales, background checks, risk or compliance purposes; service providers belonging to the same group of companies or otherwise related service providers; technical service providers, including hosting, development, security, backup, logging, payment, authentication, analytics and cloud-service providers; legal advisers, auditors, accountants, debt-collection, claims-management or other service providers where this is necessary for protection of rights or provision of the service; public authorities where there is a legal basis or obligation to transfer the data; and third parties to whom the data subject has consented to the transfer of data or to whom transfer is necessary for fulfilling the data subject\u2019s request.<\/p><p>When responding to a data-subject request, Inforegister may provide information about recipients by categories of recipients if disclosure of specific named recipients is not necessary, proportionate or legally required in view of the content of the request.<\/p><p>Inforegister is not obliged to disclose a named list of every individual web user, report user, API client, contractual partner or technical service provider if this would harm the legitimate interests, trade secrets, security or contractual relationships of Inforegister, clients or third parties.<\/p><p>If data is rectified, deleted or restricted, Inforegister notifies recipients to the extent technically possible, proportionate and within Inforegister\u2019s control.<\/p><p>Where a third party processes the data as an independent controller, that third party is responsible for the lawfulness, purposes, retention and handling of data-subject requests concerning its own processing.<\/p><h3>13. International transfers<\/h3><p>Inforegister prefers to use service providers and recipients located in Estonia, the European Union or the European Economic Area.<\/p><p>If personal data is transferred outside the European Union or the European Economic Area, this is done only where there is a legal basis and appropriate safeguards have been applied.<\/p><p>Such safeguards may include, for example, an adequacy decision of the European Commission, standard contractual clauses, data-processing agreements or other mechanisms permitted by applicable law.<\/p><h3>14. Retention<\/h3><p>Inforegister retains personal data only for as long as necessary for fulfilling the purposes described in these privacy terms, protecting rights or complying with legal obligations.<\/p><p>Personal data of users and customers is generally retained for up to five years after the end of the customer relationship, unless longer retention is necessary for compliance with a legal obligation, accounting, performance of a contract, collection of a debt, resolution of a dispute or protection of rights.<\/p><p>Accounting source documents are retained according to the time limits set by law.<\/p><p>Data relating to contracts, debts, claims, disputes and protection of rights may be retained until the end of the limitation period for the claim or until the final resolution of the dispute.<\/p><p>Business-related personal data collected from public and lawful sources is retained for as long as necessary for the integrity of business data, the reliability of legal and commercial transactions, credit-risk assessment, understanding historical relationships, protection of rights or fulfilment of another legitimate purpose.<\/p><p>Historical relationships connected with business activity may be important for assessing business risks even after a current role has ended. The end of a relationship does not erase the preceding business activity or the risks connected with it.<\/p><p>When developing retention principles, Inforegister takes into account, among other things, that the period for bringing claims against a member of a management body may be at least five years and, in certain cases such as intentional breach, longer. Therefore, retaining historical business relationships may be necessary so that service users can assess the background and potential business risks of a company, its managers, owners, identified beneficial owners or other related persons.<\/p><p>For example, a user may have a justified interest in knowing whether a person connected with a company has previously managed companies that failed to submit reports, incurred debts, ended in bankruptcy, were deleted from the register or transferred to nominees.<\/p><p>When determining the retention period, Inforegister considers the source of the data, the public nature of the data in primary sources, the meaning of the business data for risk assessment, possible limitation periods for claims, the rights of the data subject and the necessity of the data for the purposes of the service.<\/p><p>If the data subject\u2019s last current relationship with a legal person or other business entity has ended, Inforegister assesses whether and to what extent further retention or display of the data is necessary and proportionate. In such assessment, Inforegister takes into account, among other things, the time elapsed since the end of the relationship, the nature of the data, the significance of the relationship for the integrity of business data, data in public sources and the legitimate interest of third parties.<\/p><p>Incorrect, outdated, non-business or disproportionately harmful data is rectified, restricted or deleted if such circumstance becomes known to Inforegister or if the data subject submits a reasoned and specific request concerning it.<\/p><p>If the purpose of processing has ended and there is no legal basis for further retention of the data, the data is deleted, anonymised or restricted according to the type of data, the purpose of processing and technical possibilities.<\/p><h3>15. Data-subject rights<\/h3><p>The data subject has the right to submit a request for access to their personal data, rectification of data, deletion of data, restriction of processing or objection to processing.<\/p><p>Where personal data is processed on the basis of consent, the data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.<\/p><p>If the data subject considers that data displayed in Inforegister or related services is incorrect, outdated or misleading, the data subject must provide a specific and detailed reference to the data, data field or data category requiring rectification.<\/p><p>A general statement that \u201cthe data is incorrect\u201d, \u201crectify all data\u201d, \u201cdelete all data\u201d or \u201cbring the data into line with the Commercial Register\u201d may not be sufficient if it does not identify the specific data field, company, person, role, address, contact details, relationship, date, assessment or other data category the requester has in mind.<\/p><p>Exercising data-subject rights does not automatically mean that all business-related data concerning the person will be deleted from company profiles, related services, reports, API services, archives, logs or the Inforegister data stores.<\/p><p>Requests are assessed according to the source of the data, the purpose of processing, the legal basis, the data subject\u2019s specific situation and the legitimate interests of Inforegister, service users and third parties.<\/p><p>If the data subject disagrees with Inforegister\u2019s response, the data subject has the right to contact the Data Protection Inspectorate or a court.<\/p><h3>16. Submission and handling of requests<\/h3><p>A data-subject request must be sufficiently specific for Inforegister to identify the requester, the content of the request, the data concerned and the requested action.<\/p><p>Where necessary, the requester must provide: name; personal identification code or other information enabling identification; contact details; a reference to the relevant profile, company, data field or service; an explanation of the action requested; and a justification or additional evidence where the request is based on specific circumstances, a risk or an alleged disproportionate impact.<\/p><p>If the request is unclear, incomplete, concerns the wrong person or cannot be processed because the person cannot be identified, Inforegister may request additional data or explanations.<\/p><p>If the request concerns the general description of data processing, data categories, sources, purposes, legal bases, categories of recipients or retention principles, Inforegister may respond by referring to the privacy terms, legitimate interests assessment or the procedure for restricting the visibility of a personal profile.<\/p><p>Inforegister responds to data-subject requests within the statutory deadline. If the request is complex or extensive, the response deadline may be extended in accordance with the procedure set by law.<\/p><p>If the request is manifestly unfounded, repetitive or excessive, Inforegister may apply measures permitted by law, including charging a reasonable fee or refusing to fulfil the request, explaining the reasons for doing so.<\/p><h3>17. Restriction of the visibility of a personal profile<\/h3><p>Inforegister enables requests to restrict the public visibility of a person\u2019s separate profile.<\/p><p>Restricting the visibility of a personal profile means that the person\u2019s separate profile is no longer publicly visible to users who are not logged in or otherwise to the general public.<\/p><p>When the public visibility of a profile has been restricted, the closed profile view no longer displays substantive public information about the person. As a result, the profile content is not available to search engines in the usual manner and is not substantively indexable.<\/p><p>Restricting the visibility of a personal profile does not automatically mean that business-related data concerning the person is deleted from the entire Inforegister database, related services, company profiles, reports, API services, archives, logs or other data layers where there is an ongoing legal basis for processing the data.<\/p><p>The detailed procedure for restricting the visibility of a personal profile is described in the procedure for restricting the visibility of a personal profile.<\/p><h3>18. Cookies, analytics and marketing<\/h3><p>Inforegister and related services may use cookies, analytics and other similar technologies for the functioning of the web environment, ensuring security, improving user experience, compiling statistics, developing the service and, where consent exists, for marketing.<\/p><p>The detailed principles for the use of cookies are described in the relevant cookie notice or cookie terms.<\/p><p>Where data is processed on the basis of consent, the user has the right to withdraw consent at any time.<\/p><p>Direct marketing communications may be unsubscribed from through the unsubscribe link in the relevant communication or by contacting Inforegister using the contact details set out in these privacy terms.<\/p><p>If a person opts out of direct marketing, Inforegister may retain information about the opt-out to the extent necessary to ensure compliance with the prohibition on sending marketing communications.<\/p><h3>19. Security and safeguards<\/h3><p>Inforegister applies appropriate organisational, technical and physical security measures to protect personal data.<\/p><p>Such measures may include, for example: access restrictions; differentiation of user levels; logging and security monitoring; backups; confidentiality obligations of employees and cooperation partners; data-processing agreements with processors; following information-security and data-protection principles in service development; and detection, handling and, where necessary, notification of incidents.<\/p><p>Inforegister also applies proportionate visibility and access restrictions to protect data-subject rights, including not displaying the full personal identification code in the public view for users who are not logged in and enabling restriction of the visibility of a personal profile.<\/p><p>If a personal data breach occurs and it is likely to result in a risk to the rights and freedoms of the data subject, Inforegister notifies the Data Protection Inspectorate in accordance with the procedure set by law. If the breach is likely to result in a high risk to the rights and freedoms of the data subject, the data subject will also be notified where the law requires this.<\/p><h3>20. Automated explanatory tool<\/h3><p>Inforegister may use an automated tool or AI-based explainer to explain the privacy terms, the legitimate interests assessment and the procedure for restricting the visibility of a personal profile.<\/p><p>Such a tool is intended to help users better understand the content of the published documents. The tool does not make legal decisions, does not process data-subject requests, does not confirm rectification, deletion or restriction of data and does not replace Inforegister\u2019s official response to a specific request.<\/p><p>If a person wishes to submit a data-subject request, the designated request form or the contact details set out in the privacy terms must be used.<\/p><h3>21. Contacts and complaints<\/h3><p>For questions, requests or complaints relating to the processing of personal data, the data subject may contact Inforegister or the relevant service provider using the following contact details:<\/p><p>KREEDIX O\u00dc<br \/>T\u00e4he tn 129b, 50113 Tartu<br \/>info@kreedix.ee<\/p><p>For data-protection questions, contact may be made by email at: andmekaitse@ir.ee<\/p><p>Inforegister responds to data-subject requests within the deadlines set by law.<\/p><p>If the data subject considers that the processing of their personal data does not comply with law, the data subject has the right to contact the Data Protection Inspectorate or a court.<\/p><p>The data-protection supervisory authority in Estonia is: Data Protection Inspectorate<br \/>Email: info@aki.ee<br \/>Website: www.aki.ee<\/p><h3>22. Amendments to the privacy terms<\/h3><p>Inforegister may amend these privacy terms from time to time in order to keep them up to date, accurate and consistent with changes in services, legislation or data processing.<\/p><p>The current version of the privacy terms is published on the website of Inforegister or the related service.<\/p><p>Inforegister may notify users of material amendments through the website, by email or through another suitable channel.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-af89b49 elementor-hidden-desktop elementor-hidden-tablet elementor-widget elementor-widget-text-editor\" data-id=\"af89b49\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h1 style=\"text-align: center; color: #00456a;\">\u00a0<\/h1><h1 style=\"text-align: center; color: #00456a;\">Privacy Terms<\/h1><div>\u00a0<\/div><div>\u00a0<\/div><h4>Terms for the processing of personal data in the Inforegister database and related services<\/h4><p>Effective from: 30.07.2021<br \/>Last amended: 30.06.2026<\/p><h3><span style=\"color: #00456a;\">1. General provisions and scope<\/span><\/h3><p>These privacy terms explain how Inforegister and related services process personal data.<\/p><p>The privacy terms apply to the processing of personal data in web environments, databases, reports, API interfaces, data products, customer communications, contractual services and other related service views.<\/p><p>These privacy terms must be read together with: 1. the legitimate interests assessment; 2. the procedure for restricting the visibility of a personal profile; 3. the cookie terms; and 4. the terms of specific services, where applicable.<\/p><p>The legitimate interests assessment explains why Inforegister and related services process business-related personal data on the basis of legitimate interest, what the purposes of processing are, why processing is necessary and how the interests of Inforegister, service users, third parties and the data subject are balanced.<\/p><p>The procedure for restricting the visibility of a personal profile explains what restriction of the public visibility of a person\u2019s separate profile means, to what extent it is carried out, and why visibility restriction does not automatically mean deletion of all business-related data from company profiles, related services or the Inforegister data stores.<\/p><p>Inforegister processes personal data in accordance with Regulation (EU) 2016\/679 of the European Parliament and of the Council, the General Data Protection Regulation, the Personal Data Protection Act and other applicable data-protection and information-security requirements.<\/p><h3><span style=\"color: #00456a;\">2. Controllers and related services<\/span><\/h3><p>In these privacy terms, the term Inforegister is used in a broad sense.<\/p><p>It includes the Inforegister database and related services that may be provided or used by service providers belonging to the same group of companies or by otherwise related service providers, including Inforegister, Storybook, 1Contact, Kreedix and other related services.<\/p><p>These services may use the same or partly overlapping business data originating from public and lawful sources. However, the purpose of use, manner of display, scope visible to the user and legal basis for processing may differ from service to service.<\/p><p>Where, in the case of a specific service, contract or data processing operation, a related service provider acts as a separate controller or processor, responsibility is determined according to the terms of the service, contracts and the actual purpose of the data processing.<\/p><h3><span style=\"color: #00456a;\">3. Definitions<\/span><\/h3><p>Personal data means any information relating to an identified or identifiable natural person.<\/p><p>Data subject means a natural person whose personal data is processed. The data subject may be, for example, a service user, client, company management board member, shareholder, identified beneficial owner, sole proprietor, contact person, representative or other person connected with business activity.<\/p><p>User means a person who uses a web environment, database, report, API service, customer account or other service of Inforegister or related services.<\/p><p>Business-related personal data means data concerning a natural person\u2019s role, relationship or activity in connection with a company, sole proprietor, non-profit association, apartment association, foundation or other legal or economic activity.<\/p><p>Personal profile means a separate profile or view of a natural person that aggregates business roles, relationships or data concerning the person that originate from public and lawful sources.<\/p><p>Company profile means a profile of a specific legal person, sole proprietor or other entity that describes the company\u2019s management, representation rights, ownership, identified beneficial owners, financial indicators, risks, contact details, background information and other business-related data.<\/p><p>Processing means any operation performed on personal data, including collection, recording, organisation, retention, alteration, display, transmission, restriction or deletion.<\/p><h3><span style=\"color: #00456a;\">4. Processing of user and customer personal data<\/span><\/h3><p>Inforegister and related services may process the personal data of a user or customer where the person creates an account, uses a service, enters into a contract, orders a report, uses an API service, submits a query, communicates with customer support, pays an invoice, gives consent to marketing or otherwise uses the web environment.<\/p><p>Such data may include, for example: first name and surname; personal identification code or date of birth where necessary for identifying the person; username, authentication data and account data; email address and telephone number; company name, registry code, position or role in the company; invoicing data, payment data and invoice-related data; ordered services, service periods and customer-relationship data; query, service-use and user-log data; data relating to customer communications, enquiries and requests; consents, preferences and marketing choices; data relating to cookies, analytics and web use; and other data submitted by the user or customer or generated in the course of using the service.<\/p><p>User or customer data is processed primarily for entering into and performing a contract, providing the service, identifying the user, invoicing, customer support, ensuring service security, resolving disputes, protecting rights, fulfilling legal obligations, developing the service and, where consent exists, for marketing.<\/p><h3><span style=\"color: #00456a;\">5. Processing of business-related personal data collected from public sources<\/span><\/h3><p>In addition to data submitted by users or customers themselves, Inforegister processes business-related personal data originating from public and lawful sources.<\/p><p>Such data concerns natural persons connected with a company, sole proprietor, non-profit association, apartment association, foundation or other legal or economic activity.<\/p><p>Data processed may include, for example: first name and surname; personal identification code, date of birth or birth date to the necessary or limited extent; role in a legal person or other entity; start and end date of the role; status as a management board member, supervisory board member, procurator, liquidator, bankruptcy trustee, shareholder, identified beneficial owner, sole proprietor, contact person or other related person; representation rights; ownership relationships and holdings; business and professional prohibitions; related companies and historical relationships; business-related contact details; notices, register entries, court decisions, procedural data, reporting or background information from public sources; and aggregate views, relationships, scores, ratings, risk indicators and analytical indicators created on the basis of business data.<\/p><p>Inforegister does not collect persons\u2019 private-life data for the purpose of describing their private life. The focus of processing is business data and roles connected with business activity.<\/p><p>Where documents, websites, notices, court decisions, media coverage or other sources originating from public sources and connected with a company contain data relating to natural persons, such data is treated primarily as information appearing through the company and not as a description of the data subject\u2019s non-business life.<\/p><h3><span style=\"color: #00456a;\">6. Sources of data<\/span><\/h3><p>In processing personal data and business data, Inforegister uses public, lawful, user-submitted or contractual sources.<\/p><p>Data sources may include, for example: the Commercial Register; public data of the Tax and Customs Board; Official Announcements; public data on court decisions and court proceedings; public state registers; company websites; contact details published by companies themselves; company social-media channels and other public digital channels; public procurement, grants, activity licences or other public datasets; the Unemployment Insurance Fund and other public sources of job-offer or activity data; data submitted by a company, user or contractual partner; data generated in the course of customer communications, service use and contract performance; and other lawful and publicly available sources.<\/p><p>Inforegister does not make queries for the purpose of investigating a data subject\u2019s private life or publishing non-business personal data concerning the data subject. Data appears primarily through a company, business role, public register or business-related source.<\/p><p>Where data originates from a public register or another primary source, rectification of the data may first require changing the data in the relevant primary source.<\/p><h3><span style=\"color: #00456a;\">7. Purposes and legal bases of processing<\/span><\/h3><p>Inforegister and related services process personal data only where there is a legal basis and for specified purposes.<\/p><p>The legal bases for processing may be: 1. performance of a contract or taking pre-contractual measures; 2. compliance with a legal obligation; 3. the legitimate interest of Inforegister, related services or third parties; 4. consent of the data subject; and 5. establishment, exercise or defence of legal claims, where applicable.<\/p><p>Purposes of processing may include, among other things: providing the service and managing a user account; identifying a user or customer; entering into and performing a contract; invoicing and managing payments; customer support and customer communications; ensuring service security; protecting rights and resolving disputes; fulfilling legal obligations; displaying company background information; understanding company management, representation rights and ownership relationships; identifying identified beneficial owners and related persons; assessing business risks and credit risk; assessing payment behaviour, financial standing and reliability; background checks of contractual partners; preventing fraud, shell companies, nominees, straw persons and misuse; supporting business-to-business communication and business networks; enabling company visibility and a digital profile; supporting claims, debt management and credit management; ensuring data quality, currency and comparability; making information from public sources understandable and practically usable; service development, statistics and analytics; and marketing based on consent.<\/p><h3><span style=\"color: #00456a;\">8. Processing on the basis of legitimate interest<\/span><\/h3><p>Inforegister processes business-related personal data on the basis of legitimate interest where processing is necessary for the pursuit of the legitimate interest of Inforegister, users of related services or third parties and where the interests or fundamental rights and freedoms of the data subject do not override that interest.<\/p><p>Legitimate interest includes, among other things: providing business information, credit information, business analytics and background-check services; supporting transparency of legal and commercial transactions and legal certainty; increasing the reliability of the business environment; assessing business risks and credit risk; preventing fraud, nominees, straw persons and misuse; understanding company representation rights, management, ownership and identified beneficial owners; assessing the background of contractual partners, employers, suppliers, customers and debtors; and protecting the legitimate interests of creditors, contractual partners, employees and other market participants.<\/p><p>Processing on the basis of legitimate interest is described in more detail in Inforegister\u2019s legitimate interests assessment.<\/p><h3><span style=\"color: #00456a;\">9. Personal profile, company profile and business roles<\/span><\/h3><p>In the Inforegister database and related services, a distinction must be made between a person\u2019s separate profile and a company profile.<\/p><p>A personal profile aggregates on one view business roles, relationships and business data concerning a person that originate from public or lawful sources.<\/p><p>A company profile describes a specific company, its management, representation rights, owners, identified beneficial owners, financial indicators, risks, reporting, fields of activity, contact details and other company-related data.<\/p><p>If Inforegister restricts the public visibility of a person\u2019s separate profile, this does not automatically mean that the person\u2019s name, role or relationship will be removed from the company profile.<\/p><p>The purpose of a company profile is to provide the user with a complete and accurate overview of the company. Such an overview is not possible without the natural persons connected with the company, because company management, representation rights, ownership relationships, identified beneficial owners, historical roles and related companies are expressed through specific people.<\/p><p>Personal data connected with a company is at the same time part of the company\u2019s data. If a person were removed from a company profile solely because the person\u2019s separate profile is closed, the company profile could become incomplete, misleading or defective from a data-quality perspective.<\/p><h3><span style=\"color: #00456a;\">10. Scores, ratings, risk assessments and analytical indicators<\/span><\/h3><p>Inforegister may prepare credit scores, risk assessments, ratings, forecasts, comparisons and other analytical indicators on the basis of data originating from public and lawful sources.<\/p><p>Such indicators are not intended to describe the private life of the data subject, but to assess a company\u2019s financial standing, solvency, business risk, payment behaviour, reliability and activity pattern.<\/p><p>Analytical indicators may be based on multiple data points, including the company\u2019s financial data, tax behaviour, reporting discipline, history of management and relationships, previous business risks, debts, payment defaults, field of activity, age, size and other business-related characteristics.<\/p><p>Inforegister does not create a credit score or risk assessment concerning the data subject\u2019s private life. Scores and ratings are primarily prepared in respect of companies and their purpose is to describe the company\u2019s solvency, payment behaviour, financial position and business risk.<\/p><p>If a company score or risk indicator is displayed in a view connected with a person, it must be understood as an assessment of the related company and not as a separate assessment of the person\u2019s private life, personal characteristics or private reliability.<\/p><h3><span style=\"color: #00456a;\">11. APIs, reports, data products and user levels<\/span><\/h3><p>Inforegister and related services may make business data available in web environments, reports, API interfaces, data products, analytical services or contractual service views.<\/p><p>An API is a technical method of data transmission, not a separate data category. Transmission of data through an API does not change the nature of business data and does not in itself mean that the processing is different from displaying data in a web environment, report or other business-information service.<\/p><p>APIs, reports and data products enable users to use business data for assessing business risks, background checks, credit decisions, customer management, compliance checks, claims management or other legitimate business-related purposes.<\/p><p>Inforegister may restrict data access by user levels. This means that all data may not be publicly visible to every user who is not logged in. Some data may be visible only to registered users, contractual clients or other users who have separate access to the service.<\/p><p>Such differentiation of access levels helps reduce access to data out of mere curiosity and supports the principle that more detailed business information is available primarily to users who have a practical business or legitimate need for it.<\/p><h3><span style=\"color: #00456a;\">12. Recipients and third parties<\/span><\/h3><p>Inforegister and related services may make personal data and business data available to the following categories of recipients: users of web environments; registered users; contractual clients; users of credit-information and business-information services; users of reports, analyses and data products; API and data-service clients; companies that use the data for customer management, credit management, sales, background checks, risk or compliance purposes; service providers belonging to the same group of companies or otherwise related service providers; technical service providers, including hosting, development, security, backup, logging, payment, authentication, analytics and cloud-service providers; legal advisers, auditors, accountants, debt-collection, claims-management or other service providers where this is necessary for protection of rights or provision of the service; public authorities where there is a legal basis or obligation to transfer the data; and third parties to whom the data subject has consented to the transfer of data or to whom transfer is necessary for fulfilling the data subject\u2019s request.<\/p><p>When responding to a data-subject request, Inforegister may provide information about recipients by categories of recipients if disclosure of specific named recipients is not necessary, proportionate or legally required in view of the content of the request.<\/p><p>Inforegister is not obliged to disclose a named list of every individual web user, report user, API client, contractual partner or technical service provider if this would harm the legitimate interests, trade secrets, security or contractual relationships of Inforegister, clients or third parties.<\/p><p>If data is rectified, deleted or restricted, Inforegister notifies recipients to the extent technically possible, proportionate and within Inforegister\u2019s control.<\/p><p>Where a third party processes the data as an independent controller, that third party is responsible for the lawfulness, purposes, retention and handling of data-subject requests concerning its own processing.<\/p><h3><span style=\"color: #00456a;\">13. International transfers<\/span><\/h3><p>Inforegister prefers to use service providers and recipients located in Estonia, the European Union or the European Economic Area.<\/p><p>If personal data is transferred outside the European Union or the European Economic Area, this is done only where there is a legal basis and appropriate safeguards have been applied.<\/p><p>Such safeguards may include, for example, an adequacy decision of the European Commission, standard contractual clauses, data-processing agreements or other mechanisms permitted by applicable law.<\/p><h3><span style=\"color: #00456a;\">14. Retention<\/span><\/h3><p>Inforegister retains personal data only for as long as necessary for fulfilling the purposes described in these privacy terms, protecting rights or complying with legal obligations.<\/p><p>Personal data of users and customers is generally retained for up to five years after the end of the customer relationship, unless longer retention is necessary for compliance with a legal obligation, accounting, performance of a contract, collection of a debt, resolution of a dispute or protection of rights.<\/p><p>Accounting source documents are retained according to the time limits set by law.<\/p><p>Data relating to contracts, debts, claims, disputes and protection of rights may be retained until the end of the limitation period for the claim or until the final resolution of the dispute.<\/p><p>Business-related personal data collected from public and lawful sources is retained for as long as necessary for the integrity of business data, the reliability of legal and commercial transactions, credit-risk assessment, understanding historical relationships, protection of rights or fulfilment of another legitimate purpose.<\/p><p>Historical relationships connected with business activity may be important for assessing business risks even after a current role has ended. The end of a relationship does not erase the preceding business activity or the risks connected with it.<\/p><p>When developing retention principles, Inforegister takes into account, among other things, that the period for bringing claims against a member of a management body may be at least five years and, in certain cases such as intentional breach, longer. Therefore, retaining historical business relationships may be necessary so that service users can assess the background and potential business risks of a company, its managers, owners, identified beneficial owners or other related persons.<\/p><p>For example, a user may have a justified interest in knowing whether a person connected with a company has previously managed companies that failed to submit reports, incurred debts, ended in bankruptcy, were deleted from the register or transferred to nominees.<\/p><p>When determining the retention period, Inforegister considers the source of the data, the public nature of the data in primary sources, the meaning of the business data for risk assessment, possible limitation periods for claims, the rights of the data subject and the necessity of the data for the purposes of the service.<\/p><p>If the data subject\u2019s last current relationship with a legal person or other business entity has ended, Inforegister assesses whether and to what extent further retention or display of the data is necessary and proportionate. In such assessment, Inforegister takes into account, among other things, the time elapsed since the end of the relationship, the nature of the data, the significance of the relationship for the integrity of business data, data in public sources and the legitimate interest of third parties.<\/p><p>Incorrect, outdated, non-business or disproportionately harmful data is rectified, restricted or deleted if such circumstance becomes known to Inforegister or if the data subject submits a reasoned and specific request concerning it.<\/p><p>If the purpose of processing has ended and there is no legal basis for further retention of the data, the data is deleted, anonymised or restricted according to the type of data, the purpose of processing and technical possibilities.<\/p><h3><span style=\"color: #00456a;\">15. Data-subject rights<\/span><\/h3><p>The data subject has the right to submit a request for access to their personal data, rectification of data, deletion of data, restriction of processing or objection to processing.<\/p><p>Where personal data is processed on the basis of consent, the data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.<\/p><p>If the data subject considers that data displayed in Inforegister or related services is incorrect, outdated or misleading, the data subject must provide a specific and detailed reference to the data, data field or data category requiring rectification.<\/p><p>A general statement that \u201cthe data is incorrect\u201d, \u201crectify all data\u201d, \u201cdelete all data\u201d or \u201cbring the data into line with the Commercial Register\u201d may not be sufficient if it does not identify the specific data field, company, person, role, address, contact details, relationship, date, assessment or other data category the requester has in mind.<\/p><p>Exercising data-subject rights does not automatically mean that all business-related data concerning the person will be deleted from company profiles, related services, reports, API services, archives, logs or the Inforegister data stores.<\/p><p>Requests are assessed according to the source of the data, the purpose of processing, the legal basis, the data subject\u2019s specific situation and the legitimate interests of Inforegister, service users and third parties.<\/p><p>If the data subject disagrees with Inforegister\u2019s response, the data subject has the right to contact the Data Protection Inspectorate or a court.<\/p><h3><span style=\"color: #00456a;\">16. Submission and handling of requests<\/span><\/h3><p>A data-subject request must be sufficiently specific for Inforegister to identify the requester, the content of the request, the data concerned and the requested action.<\/p><p>Where necessary, the requester must provide: name; personal identification code or other information enabling identification; contact details; a reference to the relevant profile, company, data field or service; an explanation of the action requested; and a justification or additional evidence where the request is based on specific circumstances, a risk or an alleged disproportionate impact.<\/p><p>If the request is unclear, incomplete, concerns the wrong person or cannot be processed because the person cannot be identified, Inforegister may request additional data or explanations.<\/p><p>If the request concerns the general description of data processing, data categories, sources, purposes, legal bases, categories of recipients or retention principles, Inforegister may respond by referring to the privacy terms, legitimate interests assessment or the procedure for restricting the visibility of a personal profile.<\/p><p>Inforegister responds to data-subject requests within the statutory deadline. If the request is complex or extensive, the response deadline may be extended in accordance with the procedure set by law.<\/p><p>If the request is manifestly unfounded, repetitive or excessive, Inforegister may apply measures permitted by law, including charging a reasonable fee or refusing to fulfil the request, explaining the reasons for doing so.<\/p><h3><span style=\"color: #00456a;\">17. Restriction of the visibility of a personal profile<\/span><\/h3><p>Inforegister enables requests to restrict the public visibility of a person\u2019s separate profile.<\/p><p>Restricting the visibility of a personal profile means that the person\u2019s separate profile is no longer publicly visible to users who are not logged in or otherwise to the general public.<\/p><p>When the public visibility of a profile has been restricted, the closed profile view no longer displays substantive public information about the person. As a result, the profile content is not available to search engines in the usual manner and is not substantively indexable.<\/p><p>Restricting the visibility of a personal profile does not automatically mean that business-related data concerning the person is deleted from the entire Inforegister database, related services, company profiles, reports, API services, archives, logs or other data layers where there is an ongoing legal basis for processing the data.<\/p><p>The detailed procedure for restricting the visibility of a personal profile is described in the procedure for restricting the visibility of a personal profile.<\/p><h3><span style=\"color: #00456a;\">18. Cookies, analytics and marketing<\/span><\/h3><p>Inforegister and related services may use cookies, analytics and other similar technologies for the functioning of the web environment, ensuring security, improving user experience, compiling statistics, developing the service and, where consent exists, for marketing.<\/p><p>The detailed principles for the use of cookies are described in the relevant cookie notice or cookie terms.<\/p><p>Where data is processed on the basis of consent, the user has the right to withdraw consent at any time.<\/p><p>Direct marketing communications may be unsubscribed from through the unsubscribe link in the relevant communication or by contacting Inforegister using the contact details set out in these privacy terms.<\/p><p>If a person opts out of direct marketing, Inforegister may retain information about the opt-out to the extent necessary to ensure compliance with the prohibition on sending marketing communications.<\/p><h3><span style=\"color: #00456a;\">19. Security and safeguards<\/span><\/h3><p>Inforegister applies appropriate organisational, technical and physical security measures to protect personal data.<\/p><p>Such measures may include, for example: access restrictions; differentiation of user levels; logging and security monitoring; backups; confidentiality obligations of employees and cooperation partners; data-processing agreements with processors; following information-security and data-protection principles in service development; and detection, handling and, where necessary, notification of incidents.<\/p><p>Inforegister also applies proportionate visibility and access restrictions to protect data-subject rights, including not displaying the full personal identification code in the public view for users who are not logged in and enabling restriction of the visibility of a personal profile.<\/p><p>If a personal data breach occurs and it is likely to result in a risk to the rights and freedoms of the data subject, Inforegister notifies the Data Protection Inspectorate in accordance with the procedure set by law. If the breach is likely to result in a high risk to the rights and freedoms of the data subject, the data subject will also be notified where the law requires this.<\/p><h3><span style=\"color: #00456a;\">20. Automated explanatory tool<\/span><\/h3><p>Inforegister may use an automated tool or AI-based explainer to explain the privacy terms, the legitimate interests assessment and the procedure for restricting the visibility of a personal profile.<\/p><p>Such a tool is intended to help users better understand the content of the published documents. The tool does not make legal decisions, does not process data-subject requests, does not confirm rectification, deletion or restriction of data and does not replace Inforegister\u2019s official response to a specific request.<\/p><p>If a person wishes to submit a data-subject request, the designated request form or the contact details set out in the privacy terms must be used.<\/p><h3><span style=\"color: #00456a;\">21. Contacts and complaints<\/span><\/h3><p>For questions, requests or complaints relating to the processing of personal data, the data subject may contact Inforegister or the relevant service provider using the following contact details:<\/p><p>KREEDIX O\u00dc<br \/>T\u00e4he tn 129b, 50113 Tartu<br \/>info@kreedix.ee<\/p><p>For data-protection questions, contact may be made by email at: andmekaitse@ir.ee<\/p><p>Inforegister responds to data-subject requests within the deadlines set by law.<\/p><p>If the data subject considers that the processing of their personal data does not comply with law, the data subject has the right to contact the Data Protection Inspectorate or a court.<\/p><p>The data-protection supervisory authority in Estonia is: Data Protection Inspectorate<br \/>Email: info@aki.ee<br \/>Website: www.aki.ee<\/p><h3><span style=\"color: #00456a;\">22. Amendments to the privacy terms<\/span><\/h3><p>Inforegister may amend these privacy terms from time to time in order to keep them up to date, accurate and consistent with changes in services, legislation or data processing.<\/p><p>The current version of the privacy terms is published on the website of Inforegister or the related service.<\/p><p>Inforegister may notify users of material amendments through the website, by email or through another suitable channel.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Privacy Terms Terms for the processing of personal data in the Inforegister database and related services Effective from: 30.07.2021Last amended: 30.06.2026 1. General provisions and scope These privacy terms explain how Inforegister and related services process personal data. The privacy terms apply to the processing of personal data in web environments, databases, reports, API interfaces, [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"privaatsuspoliitika.php","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-682","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Privacy Policy - KREEDIX GRUPP | Nutikad IT-lahendused<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/group.kreedix.ee\/en\/privacy-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Policy - KREEDIX GRUPP | Nutikad IT-lahendused\" \/>\n<meta property=\"og:description\" content=\"Privacy Terms Terms for the processing of personal data in the Inforegister database and related services Effective from: 30.07.2021Last amended: 30.06.2026 1. General provisions and scope These privacy terms explain how Inforegister and related services process personal data. The privacy terms apply to the processing of personal data in web environments, databases, reports, API interfaces, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/group.kreedix.ee\/en\/privacy-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"KREEDIX GRUPP | Nutikad IT-lahendused\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-10T12:50:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"37 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/group.kreedix.ee\\\/en\\\/privacy-policy\\\/\",\"url\":\"https:\\\/\\\/group.kreedix.ee\\\/en\\\/privacy-policy\\\/\",\"name\":\"Privacy Policy - KREEDIX GRUPP | Nutikad IT-lahendused\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/group.kreedix.ee\\\/#website\"},\"datePublished\":\"2021-07-19T14:12:17+00:00\",\"dateModified\":\"2026-07-10T12:50:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/group.kreedix.ee\\\/en\\\/privacy-policy\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/group.kreedix.ee\\\/en\\\/privacy-policy\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/group.kreedix.ee\\\/en\\\/privacy-policy\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/group.kreedix.ee\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/group.kreedix.ee\\\/#website\",\"url\":\"https:\\\/\\\/group.kreedix.ee\\\/\",\"name\":\"KREEDIX GRUPP | Nutikad IT-lahendused\",\"description\":\"Meid k\u00fclastab \u00fches kuus ligikaudu 600 000 unikaalset kasutajat\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/group.kreedix.ee\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy Policy - KREEDIX GRUPP | Nutikad IT-lahendused","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/","og_locale":"en_US","og_type":"article","og_title":"Privacy Policy - KREEDIX GRUPP | Nutikad IT-lahendused","og_description":"Privacy Terms Terms for the processing of personal data in the Inforegister database and related services Effective from: 30.07.2021Last amended: 30.06.2026 1. General provisions and scope These privacy terms explain how Inforegister and related services process personal data. The privacy terms apply to the processing of personal data in web environments, databases, reports, API interfaces, [&hellip;]","og_url":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/","og_site_name":"KREEDIX GRUPP | Nutikad IT-lahendused","article_modified_time":"2026-07-10T12:50:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"37 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/","url":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/","name":"Privacy Policy - KREEDIX GRUPP | Nutikad IT-lahendused","isPartOf":{"@id":"https:\/\/group.kreedix.ee\/#website"},"datePublished":"2021-07-19T14:12:17+00:00","dateModified":"2026-07-10T12:50:10+00:00","breadcrumb":{"@id":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/group.kreedix.ee\/en\/privacy-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/group.kreedix.ee\/en\/privacy-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/group.kreedix.ee\/en\/"},{"@type":"ListItem","position":2,"name":"Privacy Policy"}]},{"@type":"WebSite","@id":"https:\/\/group.kreedix.ee\/#website","url":"https:\/\/group.kreedix.ee\/","name":"KREEDIX GRUPP | Nutikad IT-lahendused","description":"Meid k\u00fclastab \u00fches kuus ligikaudu 600 000 unikaalset kasutajat","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/group.kreedix.ee\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/pages\/682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/comments?post=682"}],"version-history":[{"count":38,"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/pages\/682\/revisions"}],"predecessor-version":[{"id":1524,"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/pages\/682\/revisions\/1524"}],"wp:attachment":[{"href":"https:\/\/group.kreedix.ee\/en\/wp-json\/wp\/v2\/media?parent=682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}