Privacy Policy

Principles of processing client data

Valid as of 01.01.2019

This document describes the principles for processing customer data of InCorpora OÜ

The principles apply if a Client uses, has used or has expressed an intention to use or is in other way related to any of the services provided by InCorpora OÜ The same principles apply to the relationship with the Client established before these principles entered into force.


INCORPORA – Customer Data responsible processor, legal entity (InCorpora OÜ).
CLIENT – any natural person or legal entity who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by InCorpora OÜ.
CLIENT DATA – any information known to InCorpora OÜ about the Client or its representatives.
PERSONAL DATA – any information directly or indirectly related to the Client as a natural person.
PROCESSING – any operation carried out with Client data (incl. collection, recording, storing, alteration, grant of access to, making enquiries, transfer to third parties, etc.).

  • This document describes the general principles how InCorpora OÜ Processes Client data. Specific details on the Processing of Client data might be also described in agreements, other service related documents.
  • InCorpora OÜensures, within framework of applicable law, the confidentiality of Client data and has implemented appropriate technical measures to safeguard Client. InCorpora OÜ also applies organisational measures from unauthorised access, unlawful Processing or disclosure, accidental loss or destruction.
  • InCorpora OÜ may also use other processors for Processing Client data. In such cases, InCorpora OÜ ensures that such data processors Process Client data under the instructions of InCorpora OÜ and in compliance with applicable law and apply adequate security measures.

InCorpora OÜ may collect data from the Client and from external sources, such as public and private registers or other third parties. Primary categories of Client data, which InCorpora OÜ collects and processes:

Identification dataname, identification code, date of birth, data regarding the identification document (passport, ID card).
Contact dataaddress, telephone number, email address, language of communication.
Family datain case of need, information about Client’s family and other related person’s.
Professional datadata about educational or professional career.
Data about the relationships with legal entitiessuch as data submitted by the Client or obtained from public registers or through third parties to represent this legal entity.
Data on origin of assets or wealthsuch as data regarding business activity and source of personal funds.
Data about trustworthinessdata that enables InCorpora OÜ to perform its due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the Client is a politically exposed person.
Data obtained and/or created while performing an obligation arising from law– such as data arising from enquiries made by investigative bodies, notaries, courts.
Data about the Client’s tax residency– data about the country of residence, tax identification number, citizenship.
Communication data– such as data which is collected through e-mails, messages and other communication mechanisms (social media). Data collected related to the Client’s visit at InCorpora’s website or communication though other channels (such as client portal).
Data related to the services– execution or non-performance of contracts, services purchased, enquiries, complaints, fees, etc.


InCorpora OÜ processes client data primarily to:

  • Manage customer relations and provide access to services provided by InCorpora OÜ. To conclude and execute an agreement (for example, an accounting agreement, services agreement, etc.) with the Client, keeping data updated and correct by verifying and enriching data through external and internal sources. The activities of InCorpora OÜ are based on the performance of the contract or in the implementation of pre-contractual measures upon the Client’s request or legal obligation.
  • Perform risk assesments. To carry out risk assesments in order to determine whether the Client meets InCorpora’s risk assessment criteria.
  • Fulfil legal obligations and verify identity. To comply with applicable law and international agreements, for example performance of due diligence “know your client” principle; discover and report potential money laundering and terrorist financing, be aware of whether the Client is a politically exposed person and is subject to financial sanctions imposed on the client.
  • Prevent misuse of services and ensure adequate provisions of services.
  • Prove, enforce and defend legal claims.
  • Send information about services and products (customer newsletter), to make company’s internal statistics

Client data may be shared with other recipients, such as:

  • Authorities (law enforcement authorities, tax authorities, customs, notary offices, financial intelligence units, etc.).
  • Financial institutions, credit institutions, intermediaries of financial services, professional service providers, from which InCorpora OÜ purchases services.
  • Auditors, legal and financial consultants, or any other processor authorized by InCorpora OÜ.
  • Third parties maintaining registers (such as commercial registers, securities registers, population registers or other registers holding or intermediating Client data).
  • Other persons related to provision of services of InCorpora OÜ such as postal services, etc.
  • The Client data is processed within European Union/European Economic Area, but in some cases transferred and processed to countries outside the European Union/European Economic Area.
  • Transfer and Processing of Client data outside the European Union can take place provided there is a legal ground, such as legal requirement, due diligence or Client’s consent and confirmation that appropriate safeguards are implemented. Upon request the Client can receive further details from InCorpora OÜ on Client data transfers to countries outside European Union/European Economic Area.

Client data will be processed no longer than necessary. The retention period may be based on applicable law (for example, laws relating to accounting, auditing, money laundering or foreclosure laws, other private law) or various agreements.

  • Request his/her personal data to be corrected if it is incorrect or incomplete.
  • Object to Processing of his/her Personal data, for example, newsletter, offers, participating in surveys.
  • Request the deletion of his/her Personal data. Such right does not apply if Personal data is being processed also based on other legal grounds such as legal obligation or agreement.
  • Submit complaints about the use of personal data to the relevant Inspectorate if the client finds that the processing of his/her personal data violates his/her rights.

InCorpora OÜ, Reg.No. 14625353; VAT: EE102124169; address: Metro Plaza, Viru Väljak 2, Tallinn 10111, Estonia; tel: +372 7900 100; e-mail:

InCorpora OÜ has the right to unilaterally amend the principles at any time, in compliance with the applicable law, by notifying the Client of any amendments via email, website, client portal or in another manner, not later than one month prior to the amendments entering into force.