INFORMATION ABOUT PROCESSING OF PERSONAL DATA

​

Effective from 01.03.2024

​

1. PURPOSE OF PROCESSING

​

Gidea Advisory OÜ (hereinafter We/we/law firm) processes personal data about you as a client, as a part of our client, and case management in connection with the business operations of our legal consultancy firm, when you visit our website, subscribe to our newsletter or attend our events.

 

The conditions of our processing of your personal data and your personal rights in this connection are further described below in accordance with the rules of the General Data Protection Regulation (the ‘GDPR’).

​

2. CONTACT INFORMATION

​

As part of the rules regarding business operations legal advisory company with a large extent of freedom of action within the framework of Estonian legal framework, Gidea Advisory is in many cases data controller of the processing of your personal data. This applies both in connection with advice, your visit to our website, when you subscribe to our newsletter, attend our events, etc.

 

If you have questions regarding this Policy or if you have any requests related to the processing of your personal data, you can contact us by e-mail at 

 

This Policy can be updated and changed. Gidea Advisory will inform website visitors about updates by placing a new version of the privacy policy on the website, along with the dates when modifications were introduced.

 

3. CATEGORIES OF PERSONAL DATA, PURPOSE AND GOVERNING LAW

 

As part of the administration of our client and case management, we are processing personal data about you. In all relationships with clients, we are processing information intending to establish a relationship with the client, client management, and performance of the business operations of a law firm.

 

We process your personal data on the following bases:

​

• based on your consent, which is expressed by your active actions, i.e. addressing us and provision of personal data, or by any other active actions;

• for pursuing our legitimate interests (e.g. to operate and administer the website, to inform our clients about services offered, etc.);

• to comply with the obligations imposed on us by legislation.

 

3.1. Client management

​

To administer, manage, and cultivate the relationship with our clients, we process personal data about you as a client or a potential client. As part of our client management, the following types of information are processed. The information is processed without regard to the field in which you are receiving advice from Gidea Advisory.

​

In accordance with the principles and requirements of personal data processing established in legal acts. Based on these principles, we can process the following client data:

• Personal data (first name, surname, represented company, job title);

• Contact details (e-mail address, residential address, telephone numbers);

• Other data you provide in the course of the conclusion and performance of the legal services agreement with us;

• Personal data that is required to be processed by the law firm to comply with applicable legal obligations;

• Other data we collect from legitimate sources in the provision of legal services.

• Regardless of how we collect data, this data will only be processed to the extent necessary to ensure the proper provision of legal services, the related purposes, as well as the fulfillment of legal obligations binding on us.

 

The legal basis for the processing is Article 6(1)(b) of the GDPR, according to which personal data can be processed if necessary for the performance of a contract, in this case, the task or the potential task. Furthermore, personal data can be processed if necessary for the purposes of Gidea Advisory’s legitimate interests, including the establishment and cultivation of a relationship with a client, see Article 6(1)(f) of the GDPR; just as there might be situations where we store your personal data even if we do not enter into a consultancy agreement.

 

3.2. Case management

​

In connection with case management, Gidea Advisory processes various categories of data. The type of data processed depends on the nature and context of the case. When collecting personal data Gidea Advisory stands for implementing ESG principles and legal framework.

 

Gidea Advisory processes your data also in cases when you contact us via the general office e-mail of Gidea Advisory, presenting a query, submit questions, or sending information by contacts indicated on our website or social networks.

Please observe at least the following minimum requirements for the protection of your personal information:

• do not indicate personal data (e.g. first name, surname, address, telephone number, e-mail, personal identification code, date of birth, bank account number, car license plate number, real estate data, health data, other special (sensitive) data, etc.) either in the subject line of a letter, request or query or in the names of the attached files;

• do not indicate either your or another person's personal identification code, health, and other special (sensitive) data, financial data, or other excessive or unnecessary data in the text of the letter, query, or request, in the text of the file (attachment) sent, and indicate any other personal data only to the extent necessary for the purposes for which the letter, request or query is sent.

Gidea Advisory processes your data in these cases to administer queries and complaints, to ensure the quality of the services we provide, protecting and defending its rights and legitimate interests. You provide your data to us based on your consent, which is expressed by your active steps, i.e. by contacting us (please read Gidea Advisory Cookie Policy)

​

The legal basis for the processing when processing is necessary for the performance of a contract (the task) and Gidea Advisory and the client’s legitimate interests in conducting legal proceedings, advising, and practicing law, see Article 6(1)(b) and (f) of the GDPR.

​

3.3. Marketing

​

Gidea Advisory processes personal data in connection with marketing activities, including the provision of courses, events, etc., as well as sending out newsletters. Processing is necessary to provide services to interested parties.

• In this context, ordinary personal data are processed, including name, contact information, and possible interests or preferences for topics, as well as language.

• Gidea Advisory may send out newsletters and other marketing material only if we have obtained your explicit consent. You can always withdraw your consent by contacting Gidea Advisory via the above contact information or following the instructions on our website or at the bottom of our newsletters.

The legal basis for processing personal data in connection with courses, events, sending out newsletters, etc. is Gidea Advisory's legitimate interest in marketing its business, see Article 6(1)(f) of the GDPR.

 

3.4. Business operations of Gidea Advisory

​

In connection with Gidea Advisory’s business operations as a law firm, we process personal data concerning our suppliers and business partners.

• In this connection, ordinary personal data are processed, including name, place of work, and contact information, as well as information about the relationship and correspondence.

The legal basis is Gidea Advisory’s legitimate interests in managing and practicing law, see Article 6(1)(f) of the GDPR. In some cases, the legal basis is Article 6(1)(b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is a party.

 

3.5. Gidea Advisory’s website

​

When you visit our website https://www.gidea.ee/ , we collect and process information about you in connection with our use of cookies for marketing and statistical purposes, e.g. to optimize our website and target ads.

You can find an outline of the types of cookies used by Gidea Advisory and how to delete them, etc. in Gidea Advisory’s Cookie Policy.

• Ordinary personal data are processed in the form of your IP address in connection with Gidea Advisry’s use of cookies. In addition, we process the following information about you in an aggregate form (i.e. non-personally identifiable): demography, including gender and age, interests, geography, and information about your browser, device, and service provider.

The legal basis is Gidea Advisory’s legitimate interests in generating statistics and, by this process, analyzing the use of our website, e.g. to optimize it, see Article 6(1)(f) of the GDPR.

​

3.6. Social media

​

Gidea Advisory is active on several social media, including LinkedIn, Facebook, and Instagram. When you interact with Gidea Advisory on these media, you are making information available to Gidea Advisory and the social media, e.g. when you respond to our postings, comment on or share them, just like we process information that you ‘like’ Gidea Advisory or follow us on the social media. In addition, ordinary information is processed about you in the form of, for example, identification information, contact information, your profile photo, etc.

Furthermore, Gidea Advisory will in some cases share, for example, a piece of news in which your identification information (name) is included. In these cases, we always request your prior consent. You can always withdraw your consent by contacting Gidea Advisory via the above contact information. The purpose of the processing is branding and marketing of Gidea Advisory.

The legal basis for the processing is Gidea Advisory’s legitimate interests in marketing us as a law firm on social media and knowledge sharing in the form of sharing of articles, etc., see Article 6(1)(f) of the GDPR.

Information on social media is deleted when Gidea Advisory deletes a posting or when you delete your comment, share, reaction, or indication that you ‘like’ or follow Gidea Advisory.

​

4.  SOURCES OF PERSONAL DATA

​

In connection with client management, case management, and legal advice, Gidea Advisory primarily obtains information from the client but may also obtain information from publicly available sources, public authorities, and opponents.

Information for the prevention of money laundering and financing of terrorism is generally obtained from the client but may also be obtained from your employer (our client) and public registers.

We obtain information in connection with marketing from you as a data subject, and in connection with various events and courses, the information may be collected from the company where you are employed.

Please note that when you visit our website, you automatically submit information about your activities, usage, etc. on our website to Gidea Advisory and third parties.

In connection with the business operations of a law firm, information is likewise obtained from the data subject (supplier, business partner, etc.), or from the company where the person is employed.

​

5. DATA PROCESSORS. DATA RECIPIENTS

Please be advised that Gidea Advisory will use certain service providers (data processors) to process your personal data. Such data processors are a company providing data center services, companies providing services and performing analysis of web browsing or activities online, companies providing advertising, and marketing services, companies that create, provide, support, and develop software, companies providing information technology infrastructure services, communications services companies and other service providers to whom your personal data is disclosed only to the extent necessary for provision of their services. We use dedicated service providers for sending newsletters and other information.

We inform you that certain data on your visit to our website (IP address, cookies, technical information of the browser you use, other information on your browser activities and browsing the website), for statistics, analysis of the browsing on the website and related purposes, may be transmitted or made available to entities both in the European Economic Area and outside it (for example, when we use the Google Analytics service, such an entity is a United States company). Please note that in non-EEA countries personal data may be subject to less protection than in EEA countries, but we will carefully consider the conditions under which such data will be processed and stored after transfer to the above entities.

6. DATA RETENTION

Your personal data processed for direct marketing will be kept for 2 years from the last communication with you (if a separate consent was obtained) or the date of fulfillment or expiry of the agreement.

Please be advised that we will keep the personal data you presented for personnel selection purposes until the end of a specific selection unless we have received a separate consent to a longer term storage.

Your personal data, in pursuit of our legitimate interest in collecting evidence about requests received, the replies to them, as well as the services provided and the contact we had, is retained, depending on the type of data and circumstances, as long as it is in line with the purposes for which it was collected.

Longer storage of your personal data may take place when:
 

• it is necessary so that we can defend ourselves against claims, demands, or actions and exercise our rights;

• there is a reasonable suspicion of an unlawful act that is being investigated;

• your data is necessary for the proper resolution of a dispute, or a complaint;

• for backup copies and other similar purposes;

• under other statutory grounds.

Your personal data will be destroyed within a reasonable time after the specified deadline.

7. DATA SUBJECTS' RIGHTS

With respect to your personal data, you have the following rights:
 

• to get familiar with your personal data and how it is processed;

• to demand correcting incorrect, inaccurate, or incomplete data, erasing your personal data, or restricting the processing of your personal data when personal data is processed without complying with legal requirements or when there is another legal basis;

• to demand to transfer your personal data to another data controller or provide it directly to you in a convenient form (applicable to the personal data that you submitted and that is processed by automated means based on the agreement or consent);

• to object to the processing of your personal data if it is processed based on a legitimate interest unless there are legitimate reasons for such processing or to make, pursue, or defend legal claims;

• in cases where your personal data is processed on a separate consent basis, you have the right at any time to withdraw your consent to the processing of your personal data.

 

8. COMPLAINTS

​

As a data subject, you can lodge a complaint with Gidea Advisory as a data controller if you are not satisfied with the way that we process your personal data. Gidea Advisory recommends contacting us before submitting a formal complaint (info@gidea.ee) to find the right solution for a problem.

In cases where you consider that your personal data is being processed illegally or your rights in connection with data processing are violated, you have the right to contact the relevant data protection authority and file a complaint (contacts of individual state supervisory authorities are available here).