- 1. Introduction
- 2. Purposes and legal bases for processing
- 2.1. Concluding and fulfilling contracts for the provision of services
- 2.2. Marketing activities
- 2.3. Fulfilment of legal obligations
- 3. Data retention
- 4. Cookies
- 5. Data sources and right of access
- 6. Data subject rights
- 7. Questions & complaints
- 8. Updating the Privacy Policy
Privacy Policy and Data protection Privacy Policy
- 1. Introduction
- 2. Purposes and legal bases for processing
- 2.1. Concluding and fulfilling contracts for the provision of services
- 2.2. Marketing activities
- 2.3. Fulfilment of legal obligations
- 3. Data retention
- 4. Cookies
- 5. Data sources and right of access
- 6. Data subject rights
- 7. Questions & complaints
- 8. Updating the Privacy Policy
1. Introduction
This privacy policy (hereinafter “Privacy Policy”) gives you an overview of the purposes, legal bases and means under which LEI Register OÜ (hereinafter “LEIAdmin” or “we”) processes personal data. Additionally, the Privacy Policy explains which personal data we process, describes data retention periods as well as your rights as a data subject and how to exercise these rights.
In order to ensure a high level of protection of personal data as well as the fulfillment of all regulatory requirements, LEIAdmin follows the requirements set forth in the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”) and other applicable legislation throughout its operations.
The Controller of your personal data, as described in this Privacy Policy, is LEI Register OÜ.
Estonian commercial registry code: 14412769
Address: Uus tn 21-2, Tallinn 10111, Republic of Estonia
Should you have any questions related to the processing of personal data, please contact us via email at [email protected]
2. Purposes and legal bases for processing
LEIAdmin processes your personal data only to the minimum extent necessary to achieve the purposes described in this Chapter of the Privacy Policy. Any processing of personal data has a specific, limited purpose and legal basis, which is described in detail below.
2.1. Concluding and fulfilling contracts for the provision of services
The main operations of LEIAdmin encompass the activities of an official Registration Agent of LEI codes (Legal Entity Identifier), which is used worldwide to identify a legal entity. These operations include services provided to legal entities related to the registration, renewal, and transfer of an LEI code.
In order to provide these services, LEIAdmin processes the contact data of the representatives of the legal entities using our services (first and last name, telephone number, email address).
The legal basis for the processing of personal data described in this section is (depending on the stage of service provision or the preparation thereof) the obligation to fulfill the contract concluded between LEIAdmin and the client or the need to take measures prior to the conclusion of the respective contract (GDPR Article 6(1)(b)).
2.2. Marketing activities
LEIAdmin and/or our contractual partners may send newsletters and other notifications by post as well as by email to existing customers and potential customers (which are also legal entities) using contact information found in public sources (hereinafter “Newsletters”). The purpose of such data processing is to introduce the services of LEIAdmin to potential customers, to collect feedback on our services and service experience, and to improve our business processes and service portfolio based on this information.
You can opt out of Newsletters sent to your legal entity by pressing the “unsubscribe” button next to the respective Newsletter (for email Newsletters). It is also possible to opt out of Newsletters (both sent by post and email) by sending us a notification with a respective request using the contact details provided in Chapter 1 of the Privacy Policy.
The legal basis for sending Newsletters is, depending on the specific situation, the data subject’s consent (GDPR Article 6(1)(a)) or subsections 103¹ 2 and 3 of the Estonian Electronic Communications Act.
Please note that if the legal basis for processing personal data is consent, the withdrawal of the latter does not affect the legality of data processing based on prior, valid consent.
2.3. Fulfilment of legal obligations
Under certain circumstances, we must process personal data to fulfill our legal obligations. These include, for example, accounting obligations, responding to inquiries from government authorities, obligations arising from AML/CFT regulations, and informing supervisory authorities and individuals about (potential) violations.
In such situations, the legal basis for the processing of personal data is our legal obligation (GDPR Article 6(1)c)).
3. Data retention
We store your personal data only for the time necessary to fulfill the purposes stated in Chapter 2 of this Privacy Policy.
- Personal data processed for the conclusion and fulfillment of customer contracts
Such personal data is generally stored for the duration of the respective customer relationship and until the expiration date of potential legal claims. Personal data processed in the course of pre-contractual negotiations or consultations that have not ended with the conclusion of a contract (e.g., data processed during consultation and price inquiries) will be stored for 5 years from the end of the respective negotiations.
- Personal data processed for marketing activities
Such personal data will be stored until the necessity for processing ceases, but no longer than until the end of the customer relationship or the withdrawal of consent that was the legal basis for specific marketing activities (provided that the legal basis for processing was consent).
- Personal data processed for the fulfillment of legal obligations
In order to fulfill legal obligations and in other specific circumstances, we may retain personal data for a longer period than stated above, including:
(a) to comply with legal obligations that LEIAdmin is subject to;
(b) for accounting reasons;
(c) for reasons related to the realization of possible rights of claim.
For example, we retain all original accounting documentation (e.g., invoices) for 7 years from the end of the financial year in which the relevant accounting entry was made. In order to enable the submission of claims or submission of objections to potential claims against us, we may retain personal data for 5 years or a maximum of 10 years (in case of intentional breach) in accordance with the limitation periods for claims and, in case of ongoing disputes, until their final resolution.
4. Cookies
In addition to the data processing described above, we use cookies on the website https://www.leiadmin.com (hereinafter “Website”) to provide you with a better, faster, and safer user experience. Cookies are small text files that are stored on your computer, smartphone, tablet, or other device you use to visit the Website. Cookies provide us with information about how the Website is used, allow us to compile statistics on Website visits, display marketing content that is potentially of interest to you, and ensure the functionality as well as a high standard of user experience of the Website.
The Website uses the following cookies:
Strictly necessary cookies
Cookie | Purpose | Retention period |
__GRECAPTCHA | This cookie is used for spam protection. | 6 months |
wfwaf-authcookie-* | This cookie is used by the Wordfence firewall to perform a capability check of the current user before loading WordPress. | 1 day |
woocommerce_cart_hash | This cookie helps generate unique cart information for each user and helps WooCommerce determine when cart contents/data change. | session |
woocommerce_items_in_cart | This cookie helps generate unique cart information for each user and helps WooCommerce determine when cart contents/data change. | session |
wordpress_logged_in_* | This cookie enables the interface to recognize you as a logged-in user and determine which account and preferences to use for various features. | session |
wordpress_sec_* | This cookie is used to store your authentication details. | 15 days |
wp_woocommerce_session_* | It contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. | 2 days |
sc_f | This cookie is set via the payment widget embedded on our website’s checkout page via an iframe. | session |
__cf_bm | This cookie distinguishes between humans and bots. This is beneficial for the website, as it allows it to make valid reports on its users’ use of the website. | 1 hour |
__cfruid | Cloudflare sets this cookie to identify trusted web traffic. | session |
leiregister_order_id | The application form ID is needed to match the payment to the correct form and to show the correct order data after payment. | 3 days |
PHPSESSID | This cookie is native to PHP applications. The cookie stores and identifies a user’s unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. | session |
l7_az | PayPal sets this cookie for the PayPal login function on the website. | 1 day |
ts | PayPal sets this cookie to enable secure transactions. | 1 year 1 month |
ts_c | Paypal sets this cookie to make safe payments. | 1 year 1 month |
tsrce | This cookie stores information about the visitor’s current session, such as the source of the traffic, the landing page, and the time of visit. | 1 day |
BIGipServer* | This cookie allows load balancing and ensures consistent user sessions and website performance. | 2 years |
TS01* | This cookie is for security and session management, ensuring secure transactions and consistent user experience. | session |
x-pp-s | Paypal sets this cookie to process payments on the site. | session |
LANG | Paypal sets this cookie to provide payment options and security. | 9 hours |
Functional cookies
Cookie | Purpose | Retention period |
test_cookie | This cookie is used by Google DoubleClick to check if cookies can be set. | 15 minutes |
wpEmojiSettingsSupports | This cookie helps determine if the user’s browser can display emojis properly. | session |
li_gc | LinkedIn sets this cookie to store visitors’ consent regarding using cookies for non-essential purposes. | 6 months |
lidc | LinkedIn sets this cookie to facilitate data center selection. | 1 day |
Statistics cookies
Cookie | Purpose | Retention period |
ajs_anonymous_id | This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before. | 1 year |
sbjs_current | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | session |
sbjs_current_add | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | session |
sbjs_first | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | session |
sbjs_first_add | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | session |
sbjs_migrations | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | session |
sbjs_session | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | 1 hour |
sbjs_udata | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie enhances the visitor experience on the website. | session |
AnalyticsSyncHistory | LinkedIn sets this cookie to store information about the time a sync took place with the lms_analytics cookie | 30 days |
ajs_user_id | Segment sets this cookie to help track visitor usage, events, and target marketing and to measure application performance and stability. | 1 year |
CLID | Microsoft Clarity sets this cookie to identify the first time Clarity sees this user on any site using Clarity. | 1 year |
MUID | Microsoft Clarity sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations. | 1 year 24 days |
MR | Microsoft Clarity sets this cookie to indicate whether to refresh MUID. | 7 days |
SM | Microsoft Clarity sets this cookie to synchronize the MUID across Microsoft domains. | sessions |
_clck | Microsoft Clarity sets this cookie to identify the first time Clarity sees this user on any site using Clarity. | 1 year |
_clsk | Microsoft Clarity sets this cookie to store and consolidate a user’s pageviews into a single session recording. | 1 day |
_ga | Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 2 years |
_ga_* | Google Analytics sets this cookie to store and count page views. | 2 years |
_gcl_au | Google Tag Manager sets this cookie for the “Conversion Linker” functionality. It stores information from ad clicks in a first-party cookie so conversions can be attributed outside the landing page. | 3 months |
Marketing cookies
Cookie | Purpose | Retention period |
UserMatchHistory | LinkedIn sets this cookie for id sync process. It stores the last sync time to avoid repeating the syncing process in a frequent manner | 30 days |
SRM_B | Microsoft Advertising sets this cookie for a unique ID for visitors. | 1 year 24 days |
li_sugr | LinkedIn sets this cookie to make a probabilistic match of a user’s identity. | 3 months |
IDE | This is used to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads, with the purpose of measuring the efficacy of an ad and presenting targeted ads to the user. | 13 months |
bscookie | LinkedIn sets this cookie to remember that a logged-in user is verified by two-factor authentication and has previously logged in. | 1 year |
bcookie | LinkedIn sets this cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform. | 1 year |
ar_debug | LinkedIn sets this cookie to Support Google attribution reporting API integration to mitigate signal loss | 1 year |
ANONCHK | Microsoft Clarity sets this cookie to indicate whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn’t use ANID, so this is always set to 0. | 10 minutes |
_lfa | Leadfeeder sets this cookie to store and track audience reach. | 1 year |
_fbp | Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. | 3 months |
Cookies used on the Website may change over time. By visiting the Website, you agree to use cookies that are strictly necessary for its functionalities. A separate consent for the use of strictly necessary cookies is not requested. We request your consent via the Website to use all other types of cookies.
You can opt out of cookies at any time by changing the web browser settings of your device and deleting the saved cookies.
5. Data sources and right of access
We may receive personal data from Website visitors and from users of our services (for example, if a Website visitor submits a request for registration, renewal, or transfer of an LEI code through the Website). We may also obtain personal data about contact persons of potential customers (legal entities) from the business registry and other public sources.
Access to the personal data described in the Privacy Policy is only granted to our board members and employees in order to fulfill their specific professional obligations. For example, data related to LEI code registration requests are processed by customer service and operations specialists in order to fulfill their specific work duties.
In certain cases, service providers providing specific services to us (e.g., IT services, accounting services, Newsletter delivery services) may also have access to a limited scope of personal data.
We generally do not transfer personal data to countries outside the European Economic Area. However, if such transfers are unavoidably necessary to achieve the purposes described in Chapter 2 of the Privacy Policy, we will only transfer personal data to recipients outside the European Economic Area, whose country of residence ensures an adequate level of personal data protection (the European Commission has published a decision on the adequacy of protection in this regard) and/or the corresponding level of protection can be achieved through appropriate safeguards, e.g., by implementing standard data protection clauses and/or binding corporate rules.
6. Data subject rights
In relation to the processing of your personal data by LEIAdmin, you have the following rights as specified in the GDPR:
- The right of access
You have the right to request information about whether and which personal data, on which legal basis and manner we process about you. You also have the right to request a copy of the personal data processed about you.
- The right to rectification
You have the right to request that we correct any errors in your personal data (for example, if your personal data has changed). This right can be exercised if the personal data we process about you is incomplete, out of date, or otherwise incorrect.
- The right to be forgotten
You can request the deletion of your personal data if:
- the processed personal data is no longer required to achieve the purposes of the processing;
- you withdraw the consent for the processing of personal data (provided that the legal basis for processing was consent).
- The right to restrict the processing of personal data
You have the right to request that we restrict the processing of your personal data in the following situations:
- You dispute the validity of your personal data;
- it becomes evident that there is a lack of legal basis for the processing of your personal data, but you do not request the deletion of personal data;
- you require personal data to prepare, present, or defend a legal claim.
- The right to object
You have the right to object to any automated decision-making by us and the processing of personal data related to direct marketing.
- The right to transfer personal data to another controller
If we process your personal data on the basis of consent or an obligation arising from a contractual relationship between us, you have the right to demand that we provide you with your personal data in a structured, commonly used format and in machine-readable form. If technically feasible, you also have the right to request that we transfer personal data to another data controller, as you indicated.
- The right to withdraw consent at any time
If the legal basis for the processing of your personal data is consent, you have the right to withdraw your consent at any time. Please note that withdrawal of consent does not affect the legality of prior data processing, that was based on valid consent.
To exercise the rights described above, please contact us at [email protected]. Please note that data subject rights are not absolute, and for each request, we must assess whether and to what extent applicable data protection legislation allows us to satisfy your request. We will respond to your request within one month of receipt. If it is not possible to respond to the request within one month, we may extend the response deadline by two more months, informing you of the extension of the deadline and the reason for it within one month of receipt of the request.
7. Questions & complaints
Should you have any questions or complaints related to the processing of personal data, please do not hesitate to contact us at [email protected]. We will respond to you within one month of receiving the question or complaint.If you do not agree with the answer you received, you have the right to file a complaint with the Data Protection Inspectorate (address: Tatari 39, Tallinn 10134; email: [email protected]; telephone: +372 627 4135) as well as with the respective data protection authority in your country.
Information about other data protection authorities in the European Union is available here.
8. Updating the Privacy Policy
We constantly strive to ensure that both the data processing activities we carry out as well as the related documentation are kept simple, clear, and transparent and meet all the requirements set forth in the legislation and the best data protection practices. Accordingly, we regularly update, specify, and improve this Privacy Policy.
You can always find an up-to-date version of this Privacy Policy on our Website.
Last updated: 01/05/2024