Privacy policy

The data protection terms and conditions were last updated 12 October 2023.

The data controller is the Estonian Association of Information Technology and Telecommunications (registry code: 80000876; hereinafter ITL). If you have any questions about the processing of personal data in ITL, write to the email address info@itl.ee.

Definitions

Data subject is a person whose personal data is processed by ITL.

Personal data is any information about an identified or identifiable natural person.

Processing of personal data means any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, ie almost all operations performed with personal data.

Cookies are small text files that are stored on the website visitor’s device and used for various purposes.

Data controller is a legal person (ITL) who alone and together with others determines the purposes and methods of processing personal data.

Data processor is a legal person (eg a company providing accounting services) who processes personal data on behalf of the controller.

Processing of personal data of our members’ employees

We process the personal data of employees of our member organisations:

for information exchange and communication within the organisation (eg email address, relationship with organisation);
to manage membership relationships (eg, name, email address, relationship with member organisation);
to organise and capture events (eg name, email address, picture);
to record and share online events with members (eg video recording, name);
to enter into contracts (eg name, email address, relationship with member organisation);
to participate in the work of external committees and boards (eg name, email address, relationship with member organisation);
to organise marketing and communication (eg name, photo, relationship with member organisation).

We mainly process the data of employees of our member organizations on the basis of consent, but in some cases we also process personal data for compliance with a legal obligation (eg transmitting data to a representative of a member organization) and on the basis of legitimate interest (eg managing membership relationships). We process the personal data of employees of our member organizations, including retaining and transmitting, only on a legal basis and in accordance with legal requirements.

Processing the personal data of job applicants

When recruiting, we process the applicants’ contact details and materials related to the application. The basis of the processing is the applicant’s consent. We retain the application materials for a year to resolve potential disputes on the basis of legitimate interest.

Processing the personal data of visitors of the websites we manage

Cookies are used on ITL websites to ensure an appropriate user experience and analyse website traffic statistics.

We use two types of cookies:

a strictly necessary cookie that is automatically downloaded to visitors’ devices and ensures the proper functioning of the website. For this strictly necessary cookie to work, we process the visitor’s IP address. The cookie is valid for a year.
Google Analytics cookies that are downloaded to the visitors’ devices only if they give their consent by clicking ‘I agree’ in the window that appears. You can read more about the Google Analytics cookie policy from Google’s privacy and terms page.

Transmission of the personal data

We transfer personal data only on a legal basis and in accordance with legal requirements. We transfer our employees’ and our member organisation employees’ personal data (eg name, email address, relationship with the member organisation) to authorised data controllers who engage in managing and hosting our websites (Apek Digital, Zone Media), accounting (Grow Finance OÜ), providing cloud services (Microsoft, Primend), offering necessary services to manage (Nopilot Technology OÜ) and train members. Also, in regard to externally funded projects we transfer our employees’ and our member organisation employees’ personal data (eg name, relationship with the member organisation, event participation information) to project funders (eg a public authority or an institution of the European Union). We also transfer our employees’ personal data to national registers and occupational health authorities to perform legal obligations, and to other companies (eg banks and telecommunications companies) to provide employees with necessary tools.

Facebook

Facebook will notify us if you have liked our page or have started following us. This is visible only to our employees who have access to our Facebook account and to the people who you have added as your friends on Facebook.
When visiting our Facebook page, it must be taken into account that Facebook processes the data of its users. Although the data is anonymous for us, Facebook uses personal data in compiling statistics.
If you wish, you can also read Facebook’s privacy policy and cookie policy.

LinkedIn

LinkedIn will notify us if you want to connect with us, have shared any of our posts or articles, or have reacted to any of our posts. This information is visible to everyone who has a LinkedIn account.
When visiting our LinkedIn page, it must be taken into account that LinkedIn processes the data of its users.
If you wish, you can also read LinkedIn’s privacy policy and cookie policy.

Twitter

Twitter will notify us if you have started following our account.
When visiting our Twitter page, it must be taken into account that Twitter processes the data of its users.
If you wish, you can also read Twitter’s privacy policy and cookie overview.

Rights of the data subject

the right to receive information about the processing of your personal data;
the right to request, where appropriate, the amendment of your data. If you notice an error in your data, report it immediately;
the right to request, where appropriate, the deletion of your data. Please note that we can delete data only from our systems and from the systems of the authorised data processor, only if the basis of the data processing is the consent of the data subject;
the right to restrict data processing. Processing cannot be restricted if we have a legal basis to process the data;
the right to submit complaints to a data protection supervision authority. The contacts of the Data Protection Inspectorate can be found on their website aki.ee.

To learn more about you rights, please contact us at info@itl.ee.

Contacts

Estonian Association of Information Technology and Telecommunications
Registry code: 80000876
Contact: Lõõtsa tn 2b, Tallinn
Contact: info@itl.ee

Table of Contents Definitions Processing of personal data of our members’ employees Processing the personal data of job applicants Processing the personal data of visitors of the websites we manage Transmission of the personal data Personal data of visitors of our social media pages Rights of the data subject Contacts