Privacy Policy

Protection of personal data

Personal data are data collected by the Estonian Entrepreneurship University of Applied Sciences for the purpose of providing services, identifying persons and contacting persons for the purpose of providing services or solving issues.
The Estonian Entrepreneurship University of Applied Sciences does not process sensitive personal data as defined in Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) (“GDPR” or “EU Regulation 2016/679”). 
The Estonian Entrepreneurship University of Applied Sciences is committed to protecting the personal data and privacy of its customers and users. The online activities of the Estonian Entrepreneurship University of Applied Sciences are in compliance with all relevant activities and the relevant EU legislation and the laws of the Republic of Estonia, including REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. The Estonian Entrepreneurship University of Applied Sciences takes every precaution (including administrative, technical and physical measures) to protect the personal data collected. Only authorised persons have access to personal data for making alterations and processing the data.

Security

All personal data disclosed during visits to the website of the Estonian Entrepreneurship University of Applied Sciences and purchases made in the service environment are treated as confidential information.

Set out below is the Privacy Policy of the Estonian Entrepreneurship University of Applied Sciences, addressing the collection, processing, use, disclosure, transmission, editing, forgetting and deletion of personal data.

The principles set out in this Privacy Policy are not applicable where the data of legal entities is processed, and neither do they cover the processing of personal data on the website / service environments referred to by our website / service environments (external links).

A person representing a company (as the customer ordering a service) is not a natural person, but an authorised representative of a legal entity, the processing of whose personal data is not regulated by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

1. Which data are collected?

Upon visiting the website, non-personal technical data are collected about the visitor. Service environments also collect personal data for the provision of services and to identify individuals. The technical data are limited to the Internet protocol address (IP address) of the computer or computer network used, the computer’s web browser, the software version of the operating system and the time (time, date, year) of the visit. IP-addresses are not linked to the information that may help identify a person, except for service environments, in which it is an additional safety measure.

Data are collected on visits to and stays on the website in order to improve websites and service environments and make them more convenient for visitors.

In service environments (including the online shop), personal data are collected for the performance of contracts and on topics of interest to individuals (including shopping cart content, preferences, attitudes, behaviours, etc.) in order to improve, where possible, the delivery of expected information and thereby improve the customer experience when consuming services and carrying out direct marketing.

The data collected on natural persons include, where necessary, the personal identification code for authentication and the name, e-mail address, mobile phone, city and country of residence for communication purposes.

For the purpose of processing the data of legal entities, we collect the registration number, VAT number, name, country, address, e-mail addresses for contacting and invoicing, the names of the contact persons representing the company and their e-mail addresses and contact telephone numbers.

Consent to the collection of personal data relating to and necessary for the service is given by the customer at the time of ordering the service. By ordering a service, consent is deemed to be given by means of the corresponding time stamp.

1. How long are the collected data retained?

The non-personal technical data collected on websites and service environments are retained indefinitely.

Personal data related to personalised queries and/or transactions are retained for up to seven years after the last interaction with the service provider due to the obligation to prove transactions arising from the Accounting Act.

Interaction means, among others, responding to direct marketing by viewing or clicking on a link.

1. To whom can the collected data be sent?

The personal data processed by the Estonian Entrepreneurship University of Applied Sciences may be transmitted without the consent of the person only to an authority or person who has a justified need for this or a direct right arising from law (e.g. a court or body conducting pre-trial proceedings).

The personal data processed by customers within the scope of the services of the Estonian Entrepreneurship University of Applied Sciences are treated as confidential and the right to process, disclose or transmit these data falls solely within the scope of responsibility of the owner of the data (the customer).

When ordered by a customer of Estonian Entrepreneurship University of Applied Sciences, the latter provides technical support in the field of data processing, but this does not change the relationship of ownership and liability with respect to the data.

1. What are the rights of a person to the collected data?

The right to access, correct and terminate the processing of your data

Personal data shall not be disclosed by default, except for the cases when the relevant permission/confirmation has been obtained (participation in courses/seminars/conferences). All people have the right to familiarise themselves with their personal data in service environments.

Where correction is possible, depending on the service and the service environment, it can be done immediately.

If the personal data are not editable, accessible, disclosed on the website or in the service environments, a request should be submitted to us in an identifiable manner to provide or correct the data.

Where possible, the data will be provided or corrected within seven working days.

If you want to opt out from receiving direct marketing offers about all of the topics or just some of them, you can do that immediately by using the link in the footer of every marketing e-mail you receive. The change will take effect immediately.

If there is no legal basis (any longer) for processing or disclosure of personal data or enabling access to the data, you can request the termination of use or erasure of the data or the termination of disclosure of or access to the data. To this end, a request must be submitted in a manner enabling identification.

The request will be rejected if:

– this may damage the rights and freedoms of another person;

– this may obstruct the provision of the service or failure to provide the service;

– this may obstruct the work of law enforcement authorities;

– this is technically unnecessary and/or impossible;

– the applicant is not legally related to the data;

– the applicant cannot be identified.

Terms and conditions of and amendments to Privacy Policy

By using the website and/or service environments of the Estonian Entrepreneurship University of Applied Sciences, you confirm that you have read and agreed to this policy and these terms and conditions. We reserve the right, where necessary, to amend the general terms and conditions of the Privacy Policy by notifying all related persons.