This document (Policy) describes how Infographics Institute MTÜ (We) gather, use and disclose Personal Data (as defined below), and the steps we take to protect such Personal Data when offering our website toeta.me (Site) and providing services thereby (Services). This Policy applies solely to Personal Data collected by this Site.
Personal Data is understood as any information that identifies a natural person (Data Subject), either directly or indirectly, regardless of the form or format in which such data exist. You or User are understood as the natural person using this Site, which must coincide with or be authorised by the Data Subject, to whom the Personal Data refer. All other terms, if used capitalised, are to be understood as in the Terms/Agreement.
This Site is owned and operated by Infographics Institute MTÜ (Telliskivi 57, Tallinn 10143, Estonia, firstname.lastname@example.org) who is responsible for the processing of Your Personal Data (Data Controller). Because of that, the processing and the Policy are subject to Estonian laws.
HOW AND WHAT PERSONAL DATA WE COLLECT
We may collect the following Personal Data in the following ways:
- You may choose to provide us your Personal Data (e.g. Your name, user name, date of birth, contact information (e.g. e-mail address, phone number, address, country, state, province, ZIP/postal code), professional information (e.g. company, position, professional experience), pictures, video images, banking information (e.g. bank account number, securities account number)) upon registration, initiating and launching campaigns, making investments, posting comments, posting documents, signing up for alerts during the registration procedure, contacting us etc.;
- You may also choose to provide us Your Personal Data via third party services employed in this Site (the Personal Data listed above and/or other Personal Data that may be imported upon Your request from Facebook, Vimeo or LinkedIn etc.);
- We collect certain data by automated means, such as cookies and web beacons, when You visit our Site (e.g. IP address or domain names of the computers utilized to use this Site, browser type, operating system, referring URLs, URL addresses, information on actions taken on the Site, the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer, the country of origin, dates and times of Site visits, and the details about the path followed within the Site with special reference to the sequence of pages visited, and other parameters about the device operating system and/or Your IT environment).
Note that failure to provide and process certain Personal Data may make it impossible to use this Site and to provide our Services. Such Personal Data is usually marked with asterisk or otherwise.
Cookies are small pieces of data that are installed on Your computer from websites that You visit. The following types of cookies may be used:
- strictly necessary/essential cookies without which it is not possible to use the features of the website and provide the services;
- performance cookies that collect information about how You use a website and are used to improve how a website works;
- functionality cookies that allow the website to remember choices You make (e.g. user name, language) and provide enhanced, more personal features;
- behaviorally targeted advertising cookies that are used to deliver adverts most relevant to You and your interests. They are usually placed by advertising networks with the website operator’s permission. They remember that You have visited a website and this information is shared with other organizations (e.g. advertisers).
Most web browsers allow You to control cookies through the settings of the web browser. The Site supports “Do Not Track!” requests.
We use the following cookies:
|Service provider||Name of cookie||Type of cookie||Content||Expiration||Additional information|
|Toeta.me||SESS*||Session cookie||Used to store Your session and keep You logged in||23 days or until You log out manually|
|Google Analytics||_ut*||Analytics cookie||Used to distinguish visitors||2 years||Not used when “Do Not Track!” feature is enabled by visitor|
|Google Analytics||_ga*||Analytics cookie||Used to throttle request rate||10 minutit||Not used when “Do Not Track!” feature is enabled by visitor|
HOW WE USE YOUR PERSONAL DATA
We do not use Your Personal Data for any other purposes than detailed in the Terms/Agreement/Policy. We may use Your Personal Data e.g. for the following purposes:
- to perform under the Terms/Agreement (e.g. to provide our Services, to enable registration and authentication on the Site, to contact You, to provide assistance, to collect feedback, to provide and receive comments and replies thereto, to display content from external platforms, to interact with external social networks and platforms (e.g. AddThis, Facebook, Linkedin, Twitter);
- to exercise any rights and obligations ensuing from the law (e.g. accounting, resolving disputes and protecting our rights);
- to analyze, improve and personalize our Site and Services (e.g. provide customized content and information, to monitor and analyze the effectiveness of our Site and Services, Your behavior and third-party marketing activities (e.g. Google Analytics etc.), to monitor aggregate Site usage metrics, such as total number of visitors and pages viewed);
- to operate and maintain this Site (e.g. system logs, IP address).
For other purposes we process Your Personal Data only in accordance with legislation and notifying You beforehand or by asking Your consent.
The information obtained via external social networks and platforms is always subject to Your privacy settings for each social network and platform.
We only add your e-mail address to our newsletter mailing list upon you prior consent. You can always opt-out from receiving commercial or promotional e-mails under Your account settings or through a direct link for unsubscribing from newsletters (refer to the bottom of newsletters).
HOW WE DISCLOSE YOUR PERSONAL DATA
We disclose Your Personal Data to third parties without Your prior consent only if provided in this Policy or in Terms/Agreement or the law. We do not sell, rent or trade Your Personal Data. We may disclose Your Personal Data to the following third parties:
- service providers we use in order to provide You the Services and perform under the Agreement (e.g. third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies). (If not stated otherwise) we remain responsible for Your Personal Data and take all necessary measures to protect Your Personal Data as provided in this Policy. The up-to-date list of these parties may be requested from us at any time;
- an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets;
- supervisory authorities;
- our lawyers, auditors, accountants.
Note that You may have profiles that other clients and/or the public can see and browse. The public can see the information posted under the campaigns (e.g. the names, pictures and details of the members of the team published under campaigns, videos etc). In addition to the Personal Data provided (i.e. name, country, e-mail address, phone number, picture, profession), the profile visible for other clients may contain Your interactions with this Site (e.g. information about the campaigns You have initiated and launched, the results of the campaigns, the investments You have made, Your comments, documents posted, the campaigns You are following, Your visits of campaigns and profiles etc).
WHERE WE STORE YOUR PERSONAL DATA
Your Personal Data is processed at our operating offices and operating offices of our designated cooperation partners in Estonia or the European Union.
We note that in some cases we may transfer Your Personal Data to third countries. In case we transfer Your Personal Data to third countries, we follow data protection rules relevant for us and apply Personal Data security measures.
HOW LONG WE STORE YOUR PERSONAL DATA
We only store Your Personal Data as long as necessary for the purposes of the Personal Data collected and as long as required by law.
Should You wish to delete Your account or any of Your Personal Data on the Site, You should notify us. Your account and Your Personal Data will be deleted as soon as practically possible, usually within 3 working days. Note that it may take a bit longer with back-up data. If You have initiated and launched any campaigns or made any investments, it may not be possible to delete some of the Personal Data related to such campaigns or investments. Such Personal Data shall be kept until necessary, depending on the campaign and investment, but at least 10 years.
In accordance with the Estonian accounting and taxation laws, invoice-related information is retained for a period of 7 years as of the end of the financial year when such information was provided to us.
Information on any legal transactions between us may be retained for a period of 10 years as of their provision to us in accordance with the general limitation period set for civil claims in the Estonian General Part of the Civil Code Act.
HOW WE PROTECT YOUR PERSONAL DATA
We implement appropriate organizational, technical and physical safeguards to protect Your Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all unlawful forms of processing. We use firewalls, password protection and other access and authentication controls to avoid unauthorized access to Your Personal Data. The servers we use are located in a secure environment with limited access. Only employees who need it have access to Your Personal Data.
YOUR RIGHTS AND OBLIGATIONS
To the extent required by law, You have the right to:
- receive information about Your Personal Data we process;
- ask us to correct Your Personal Data that is incorrect;
- ask us to stop or restrict processing, disclosing or enabling access to, delete or close Your Personal Data the processing of which is not permitted on the basis of law;
- withdraw any consent You have given to us for Personal Data processing;
- ask Your Personal Data portability;
- object automated decisions with respect to You;
- turn to the Data Protection Inspectorate or the court to safeguard Your rights.
These actions can either be done automatically by You by changing the respective settings of Your account or, if not automatically possible, then by contacting us, except the latter on the list, for which You have to contact the Data Protection Inspectorate.
We note that in some cases we make (partially) automated decisions regarding You (e.g. during KYC/AML procedures). In case You would like to debate automated decisions, contact us by regular post or e-mail.
CHANGES TO THIS POLICY
The provisions set out in the Terms/Agreement regarding changes apply.
If You have any questions, comments, complaints or requests related to this Policy or the processing of Your Personal Data, You can contact us via: Telliskivi 57 (Palo Alto Club), Tallinn 10143, Estonia, email@example.com.
You can submit a complaint related to this Policy or the processing of Your Personal Data, to Estonian Data Protection Inspectorate (firstname.lastname@example.org, Tatari 39, Tallinn 10134, phone: +372 627 4135).